Ubuntu Security Notice 3866-3 - USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Various other issues were also addressed.
d69d2295984ccb007c24c8b395ba6bff41749e2b0e745bf4389a35e822f816efOpenSSL Security Advisory 20190226 - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data.
7b85f385cb07ba1c0a0620e5de69b40ca553365965e5ac92f646e4272b637156The SVG nanosvg library suffers from a denial of service vulnerability due to a memory corruption bug.
7121b6e7ae15be24c467211cf5138837d1daec8f142753d900feb0b312c45854DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in registrar-account.php.
fb3c13ee5af93f58179b2e96839a21d0698d43b4060a3967b40103aa4ebee593DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in the custom SSL fields add.php.
05977e11b73c2833fdaaa501773507091579ef308f50b23ef32bf547ae473766DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in the Owner name field of account-owner.php.
8c6b6d9c8b5f3e4f493937dfa8e671e080e63b3584701e1afadc6cba200d3bd8DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in DisplayName.
cb91c00941125ee2f7193c04c0e240436467bcbf4a2b525960e7bf0a33a4ec57DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in registrar-accounts.php.
5453682baf4f30abc0308fc88b1bc6db6d1e94273321de2a9f1434671de78292DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in ssl-provider-name.
443161783c25f17c28f2be48b93c707ae727e8621f6a955693c68bfe15ff19beDomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in ssl-accounts.php.
f543434e1aa6b15eb87c0fde3885510f0c1215590995a0b0d40b982532fedb84DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in category.php.
76e673fe1daced79a431afe37ce643bb15c42edfa5b1d651403002d181e6ab24Simple Online Hotel Reservation System suffers from bypass and remote SQL injection vulnerabilities.
92532338eb50a34e5cd0249a6061d933aee559640ce2b33fd389d8c6ac0686a6Researchers from Ruhr-University Bochum in Germany have broken digital signatures on PDFs and managed to create fake signatures on 21 of 22 viewer apps and five out of the seven online PDF digital signing services. This archive contains both whitepapers produced by the university.
88efe7b286cbc56d82c5c5093004db6c1d519f7e41fd7cd34e4b3af7a7a513a3Linux suffers from out-of-bounds read and write vulnerabilities in the SNMP NAT module.
7bd49b3bb3d086c38ebc75bb8575f700166986bda831d3c8b3ef390d3ddb262fRed Hat Security Advisory 2019-0401-01 - Red Hat Container Development Kit is a platform for developing containerized applications; a set of tools that enables developers to quickly and easily set up an environment for developing and testing containerized applications on the Red Hat Enterprise Linux platform. This update, Container Development Kit 3.7.0-1, includes an updated Red Hat Enterprise Linux ISO that contains fixes for the following security issues. Issues addressed include the execution of malicious containers.
759d2adf071aeaf6478fd33f86e690edde93f3c811abd79b79d7deb90e41debfZarr Software Warwickshire version 1.x suffers from an open redirection vulnerability.
1ddafd8503bbf4a9218d67c89569f09d4d8b1676092c6236837da8d8569011d6WordPress NativeChurch Multi-Purpose theme version 5.0.x suffers from a file download vulnerability.
d7b8e0584e3077f857027d82e29f12ca17ab213b299ab5b09211c133da31b75aWeb Wiz Forums version 12.01 suffers from a database disclosure vulnerability.
c1cfef1bc1f489ec755e152876820f233dbd70e0e7c62604b80771a3c98b4e30MyBB version 1.6.x with ChangUonDyU Chatbox plugin version 3.6.0 suffers from a cross site scripting vulnerability.
e2ce77d650449c20f41b7440b5a99492fb2b20cce30030c22feec260c9befa81MeteoTemplate version 17.1 with the Nectarine windDirection plugin version 2.2 suffers from an open redirection vulnerability.
da0473f02e5091f9815bdb1e161a6f9e4e50d49548e30a66e488dfaa0e023c28MeteoTemplate version 17.1 with the Nectarine stationExtremes plugin version 2.0 suffers from an open redirection vulnerability.
a90807734a38982f3bd99c1e39e6294d322466248dcbed0baa09da25ad4dda62MeteoTemplate version 17.1 with the Nectarine Deviations plugin suffers from an open redirection vulnerability.
c6eccb5eba9ceecaf06cbac102ea663e9e9c47624c98970400b04dbd396d8dadJoomla ChronoForms component version 6.0.17 suffers from a remote SQL injection vulnerability.
6151f25751a0fc50718857b199d47853f1037dc4538cb284e4be9ed1be5521e0AsureForce Time version 12.0 suffers from an open redirection vulnerability.
630073fef517c8caf5522862490cf42b38ed524cf9504938d77d9b6afb5f1767Going1up The Newspaper CMS 1998-2019 version 1.x suffers from an open redirection vulnerability.
36f7d88916e19f133fdd0f2d7b096918bf22165f104dbfaa12ba653f4545cfee
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed