An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and the last modified date.
02a55797ad317b26e2c3f852933ef7c93cfeefe8fa481fb85daa30044a0ac1f7Nimble Stream versions 3.0.2-2 up to 3.5.4.9 suffer from a directory traversal vulnerability.
d4e2eef4ec2a68327bca6670f26198fa08d3b398340ddedb3a57f6a605b92afeWordPress Import Export WordPress Users plugin version 1.3.1 suffers from a CSV injection vulnerability.
2eb7970101409491db20486c52214cd1254e4bdb419a711ba6b82115810d9f67An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.
55d5c601f24989f0cd87c1d30f3e4d2e24da10d2ffdf9b41b6aeffd9d3a3e8ccThe NTFS driver supports a new FS control code to set a mount point which the existing sandbox mitigation doesn't support allowing a sandboxed application to set an arbitrary mount point symbolic link.
5e9c5121a127979454b72fcbedbeaf8818d0f391241fc1114f924d8d9e628a56Endian Firewall version 3.3.0 suffers from a cross site scripting vulnerability.
2707fad940576fc1b73ddaa6c1a1cbe42e6bd28faf9c29e51d6347ce453b135bOpenPGP.js versions 4.2.0 suffer from invalid curve attack, message signature bypass, and information trust vulnerabilities.
0a9d2e92a3d6a166b6fe0aec192bf81aef0d99ec80673eae0c779bd7f3ebc97cDebian Linux Security Advisory 4505-1 - Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a high-performance web and reverse proxy server, which could result in denial of service.
38817d6cbe881d7e08349f61c5c128eb23f57ca935723613ecd58131d5bef764FreeBSD Security Advisory - The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. The races allow a program to read kernel memory within a 4GB window centered at midistat's data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory. On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic.
7c9c21bed5459872dd4210ae02562ae099d6c61dff5b90156a9765cf1beeb7c5Red Hat Security Advisory 2019-2553-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include CPU related, buffer overflow, and information leakage vulnerabilities.
7acc2576aa8fb450953d3b4fc4a43fe8b7b8a50f4b5d7ca1b06988e063eb8ef2Red Hat Security Advisory 2019-2552-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a code execution vulnerability.
7978628525ed891594b53609ad93cacbd70656c59bafcdbd6508eacb72dd1384Wikindx version 5.8.2 suffers from a remote SQL injection vulnerability.
8e911934fe7e9d37dfa1a574a5312d88f11f039a387f28b5138e16dd16acb956Snapforce CRM version 8.3.0 suffers from multiple cross site scripting vulnerabilities.
403447c47a23972c08fcd81b4ca4c307c382f8f88d26a94eda5723546375a418Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
0bf094f0919d158a578421d66bc2569c8c8181233ba162bb51722f98c802bccdKBPublisher version 6.0.2.1 suffers from multiple remote SQL injection vulnerabilities.
0cb59314e98c852707ac5044f0b1f1a109831b145d21d607881263502e2cf412Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability.
3838fc4275908e3ac8ebdd5bb1370b4c99bea63e3815ed1f4143cadf66d17b91Red Hat Security Advisory 2019-2543-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A data disclosure vulnerability was addressed.
9063569f44410a2662a05c5c4dd30028cfd2ab01773795f0bef4f5def527ebd5Red Hat Security Advisory 2019-2542-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A data disclosure vulnerability was addressed.
f0aa4f5a412a0ab5a6a30caa76f15ec522bcde483709bbc4ad5d10f60c9e324fRed Hat Security Advisory 2019-2545-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A data disclosure vulnerability was addressed.
0c5c7f77d496ab63201b172dc3f5e83a2f9b5a90ba101fba2442507825086739Red Hat Security Advisory 2019-2544-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A data disclosure vulnerability was addressed.
bfb6b8bc94666dc8650cacb9c867705858ca77edb6c057a9150dd4bb466f9b03Ubuntu Security Notice 4109-1 - It was discovered that OpenJPEG incorrectly handled certain PGX files. An attacker could possibly use this issue to cause a denial of service or possibly remote code execution. It was discovered that OpenJPEG incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. It was discovered that OpenJPEG incorrectly handled certain PNM files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
cecde3b6f463be0923c3b3bd99cb7bc13217dea489c5a6ba3923386be3989faeRed Hat Security Advisory 2019-2541-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
3464c1d8bfdc97a640e38d765f632fa6360eff8630f8a1cf93c2cfcfcd9e5d87This Metasploit module exploits Pulse Secure SSL VPN versions 8.1R15.1, 8.2, 8.3, and 9.0 which suffer from an arbitrary file disclosure vulnerability.
c4c06bbd40df833eb2f186640de391e2da4dc98aaffb460369cdb39d17627ab0Ubuntu Security Notice 4108-1 - It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
558ed7d6cf1a35e0f87b79a567abb864a6b049cfb05f233c31c2f57cdb6d3be4Red Hat Security Advisory 2019-2538-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a bypass vulnerability.
e3c770ed478538592f866023514682c00b16438d67cc36341fc00e9d79b798bb
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed