Synaccess netBooter NP-02x and NP-08x version 6.8 suffer from an authentication bypass vulnerability due to a missing control check when calling the webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create an admin user account and bypass authentication giving her the power to turn off a power supply to a resource.
2016e1b7fad384a5d33b446ff9f1776a9a363ae3b420b71f0e2afb27ee2b41be
Microsoft Edge suffers from a Chakra OP_Memset type confusion vulnerability.
611fa33be1a70a1567073da40901233c4521faaaa46eb3028856e6977091b785
XMPlay version 3.8.3 suffers from a denial of service vulnerability.
3ffac9df0ab37e2c98ba976454f55a8dbcee2e6b3b7fbe637c4ce298c84b7abc
HTML Video Player version 1.2.5 suffers from a buffer overflow vulnerability.
a0223bf0bde5176ba019ee18385b4a94aa3611aefb671a21c88c171b6d837e79
Intel Rapid Storage Technology User Interface and Driver version 15.9.0.1015 suffers from a dll hijacking vulnerability.
6e7d0ae7e36d2519f2a95dd01eee53eeefd5b81452a1fdfc32e7ec88cc304a15
Budabot versions 0.6 through 4.0 suffer from a denial of service vulnerability.
a8620cfd1ed239f5a681eebba7f54e300e332b8a58ce2704698bd1ea6a629401
Easy Outlook Express Recovery version 2.0 suffers from a denial of service vulnerability.
82cb3c42702d61ce3a30a798b37e6224448fb4750089b14e6c59554868298e79
Ubuntu Security Notice 3824-1 - It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. Artem Smotrakov discovered that the HTTP client redirection handler implementation in OpenJDK did not clear potentially sensitive information in HTTP headers when following redirections to different hosts. An attacker could use this to expose sensitive information. Various other issues were also addressed.
6c5ea49388e7e87aca6197cfe70cc7c9a28214d75613f18a1201e869b8704850
Mumsoft Easy Software version 2.0 suffers from a denial of service vulnerability.
2e6d3fa3ab3980ef650c389842587c04d50e541be8b89b6d86e5946e4b8c0473
DomainMOD versions 4.09.03 through 4.11.01 suffer from a cross site scripting vulnerability.
4ac91c382335e4c719ecad12b7fb1d13f9831451a63236bd492da8666dd9934e
Helpdezk version 1.1.1 suffers from a remote shell upload vulnerability.
4d7c2b7a7f9e0b66c40c6a479ca4b064ccdc419315c37b7f8039d533b556f8f8
Warranty Tracking System version 11.06.3 suffers from a remote SQL injection vulnerability.
6b9d0c36e2b44c903b7a8825cda38efc3260a46b672d47f89e379535595683f1
It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). Various other issues were also addressed.
fbe29704c99306a1bca47b078a9a33c2572ec3b421ae2b3cfb6ccde48d2a5412
The Everus.org Android application version 1.0.9 has a fundamental design flaw where the client can send a random phone number during the second factor flow with an arbitrary existing user id and the server send the attacker the one time password for the other user.
e46c0f54b8cf03d1272fe5737ef712ce4a51f293453a2cc14d9e32c21776b79e
Linux has a broken uid/gid mapping for nested user namespaces with greater than 5 ranges.
53da54afe1913539df473ff36059802468d06980a436040ba7120c6c26f62627
Asterisk Project Security Advisory - There is a buffer overflow vulnerability in dns_srv and dns_naptr functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attacker's request causes Asterisk to segfault and crash.
a56d17dfbfb2b6944825ab3cff3e105b1980de74f095cb346ae3206c73979820
PHP-Proxy version 5.1.0 suffers from a local file inclusion vulnerability.
f0ca6a202ddae17ea444fc29f7b815c94b62a46e46f24bebfd908a606e8ffb31
Ubuntu Security Notice 3823-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
31f8e6ed4e51034194ee99c3c3f4111fc4a66b43bb164b2be0acf59e4a893bb3
WordPress Ninja Forms version 3.3.17 suffers from a cross site scripting vulnerability.
963b1ae48c444869a69d47c024decc1fdd5ed66b0d4e4abf605e48d411637012
WordPress Custom Frontend Login Registration Form plugin version 1.01 suffers from multiple cross site scripting vulnerabilities.
2f11147bfad36e5d36f6e32c8fdda833f458c752b0028154d051337b801da16d
PHP Mass Mail version 1.0 suffers from a remote shell upload vulnerability.
e3c4e7188b06f9a56c41a0be715cb793b8eb4f0847415459397ac142b833df82
Red Hat Security Advisory 2018-3618-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 31.0.0.148. Issues addressed include an information leakage vulnerability.
d36e316a44fa5a6267ccf0029b1c696b1b8493f082483c7337d9fd14006b1bc0
Ubuntu Security Notice 3822-2 - USN-3822-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service. Various other issues were also addressed.
12f251d1b02cc09b2a7869afca47e925382c2467ba8f6d0eadc536cd46f72f36
2-Plan Team version 1.0.4 suffers from a remote shell upload vulnerability.
442fb96dd10d19f767e144b83668e57b11f58fc9ca341b451618d9fc470da457
Simple E-Document version 1.31 suffers from a remote SQL injection vulnerability.
6efe357134c7d6b607240bdbab0ecbc630c4ab7ffa79c8428e6d32c02a237504