Ubuntu Security Notice 3866-3 - USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Various other issues were also addressed.
d69d2295984ccb007c24c8b395ba6bff41749e2b0e745bf4389a35e822f816ef
OpenSSL Security Advisory 20190226 - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data.
7b85f385cb07ba1c0a0620e5de69b40ca553365965e5ac92f646e4272b637156
The SVG nanosvg library suffers from a denial of service vulnerability due to a memory corruption bug.
7121b6e7ae15be24c467211cf5138837d1daec8f142753d900feb0b312c45854
DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in registrar-account.php.
fb3c13ee5af93f58179b2e96839a21d0698d43b4060a3967b40103aa4ebee593
DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in the custom SSL fields add.php.
05977e11b73c2833fdaaa501773507091579ef308f50b23ef32bf547ae473766
DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in the Owner name field of account-owner.php.
8c6b6d9c8b5f3e4f493937dfa8e671e080e63b3584701e1afadc6cba200d3bd8
DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in DisplayName.
cb91c00941125ee2f7193c04c0e240436467bcbf4a2b525960e7bf0a33a4ec57
DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in registrar-accounts.php.
5453682baf4f30abc0308fc88b1bc6db6d1e94273321de2a9f1434671de78292
DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in ssl-provider-name.
443161783c25f17c28f2be48b93c707ae727e8621f6a955693c68bfe15ff19be
DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in ssl-accounts.php.
f543434e1aa6b15eb87c0fde3885510f0c1215590995a0b0d40b982532fedb84
DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in category.php.
76e673fe1daced79a431afe37ce643bb15c42edfa5b1d651403002d181e6ab24
Simple Online Hotel Reservation System suffers from bypass and remote SQL injection vulnerabilities.
92532338eb50a34e5cd0249a6061d933aee559640ce2b33fd389d8c6ac0686a6
Researchers from Ruhr-University Bochum in Germany have broken digital signatures on PDFs and managed to create fake signatures on 21 of 22 viewer apps and five out of the seven online PDF digital signing services. This archive contains both whitepapers produced by the university.
88efe7b286cbc56d82c5c5093004db6c1d519f7e41fd7cd34e4b3af7a7a513a3
Linux suffers from out-of-bounds read and write vulnerabilities in the SNMP NAT module.
7bd49b3bb3d086c38ebc75bb8575f700166986bda831d3c8b3ef390d3ddb262f
Red Hat Security Advisory 2019-0401-01 - Red Hat Container Development Kit is a platform for developing containerized applications; a set of tools that enables developers to quickly and easily set up an environment for developing and testing containerized applications on the Red Hat Enterprise Linux platform. This update, Container Development Kit 3.7.0-1, includes an updated Red Hat Enterprise Linux ISO that contains fixes for the following security issues. Issues addressed include the execution of malicious containers.
759d2adf071aeaf6478fd33f86e690edde93f3c811abd79b79d7deb90e41debf
Zarr Software Warwickshire version 1.x suffers from an open redirection vulnerability.
1ddafd8503bbf4a9218d67c89569f09d4d8b1676092c6236837da8d8569011d6
WordPress NativeChurch Multi-Purpose theme version 5.0.x suffers from a file download vulnerability.
d7b8e0584e3077f857027d82e29f12ca17ab213b299ab5b09211c133da31b75a
Web Wiz Forums version 12.01 suffers from a database disclosure vulnerability.
c1cfef1bc1f489ec755e152876820f233dbd70e0e7c62604b80771a3c98b4e30
MyBB version 1.6.x with ChangUonDyU Chatbox plugin version 3.6.0 suffers from a cross site scripting vulnerability.
e2ce77d650449c20f41b7440b5a99492fb2b20cce30030c22feec260c9befa81
MeteoTemplate version 17.1 with the Nectarine windDirection plugin version 2.2 suffers from an open redirection vulnerability.
da0473f02e5091f9815bdb1e161a6f9e4e50d49548e30a66e488dfaa0e023c28
MeteoTemplate version 17.1 with the Nectarine stationExtremes plugin version 2.0 suffers from an open redirection vulnerability.
a90807734a38982f3bd99c1e39e6294d322466248dcbed0baa09da25ad4dda62
MeteoTemplate version 17.1 with the Nectarine Deviations plugin suffers from an open redirection vulnerability.
c6eccb5eba9ceecaf06cbac102ea663e9e9c47624c98970400b04dbd396d8dad
Joomla ChronoForms component version 6.0.17 suffers from a remote SQL injection vulnerability.
6151f25751a0fc50718857b199d47853f1037dc4538cb284e4be9ed1be5521e0
AsureForce Time version 12.0 suffers from an open redirection vulnerability.
630073fef517c8caf5522862490cf42b38ed524cf9504938d77d9b6afb5f1767
Going1up The Newspaper CMS 1998-2019 version 1.x suffers from an open redirection vulnerability.
36f7d88916e19f133fdd0f2d7b096918bf22165f104dbfaa12ba653f4545cfee