An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and the last modified date.
02a55797ad317b26e2c3f852933ef7c93cfeefe8fa481fb85daa30044a0ac1f7
Nimble Stream versions 3.0.2-2 up to 3.5.4.9 suffer from a directory traversal vulnerability.
d4e2eef4ec2a68327bca6670f26198fa08d3b398340ddedb3a57f6a605b92afe
WordPress Import Export WordPress Users plugin version 1.3.1 suffers from a CSV injection vulnerability.
2eb7970101409491db20486c52214cd1254e4bdb419a711ba6b82115810d9f67
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.
55d5c601f24989f0cd87c1d30f3e4d2e24da10d2ffdf9b41b6aeffd9d3a3e8cc
The NTFS driver supports a new FS control code to set a mount point which the existing sandbox mitigation doesn't support allowing a sandboxed application to set an arbitrary mount point symbolic link.
5e9c5121a127979454b72fcbedbeaf8818d0f391241fc1114f924d8d9e628a56
Endian Firewall version 3.3.0 suffers from a cross site scripting vulnerability.
2707fad940576fc1b73ddaa6c1a1cbe42e6bd28faf9c29e51d6347ce453b135b
OpenPGP.js versions 4.2.0 suffer from invalid curve attack, message signature bypass, and information trust vulnerabilities.
0a9d2e92a3d6a166b6fe0aec192bf81aef0d99ec80673eae0c779bd7f3ebc97c
Debian Linux Security Advisory 4505-1 - Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a high-performance web and reverse proxy server, which could result in denial of service.
38817d6cbe881d7e08349f61c5c128eb23f57ca935723613ecd58131d5bef764
FreeBSD Security Advisory - The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. The races allow a program to read kernel memory within a 4GB window centered at midistat's data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory. On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic.
7c9c21bed5459872dd4210ae02562ae099d6c61dff5b90156a9765cf1beeb7c5
Red Hat Security Advisory 2019-2553-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include CPU related, buffer overflow, and information leakage vulnerabilities.
7acc2576aa8fb450953d3b4fc4a43fe8b7b8a50f4b5d7ca1b06988e063eb8ef2
Red Hat Security Advisory 2019-2552-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a code execution vulnerability.
7978628525ed891594b53609ad93cacbd70656c59bafcdbd6508eacb72dd1384
Wikindx version 5.8.2 suffers from a remote SQL injection vulnerability.
8e911934fe7e9d37dfa1a574a5312d88f11f039a387f28b5138e16dd16acb956
Snapforce CRM version 8.3.0 suffers from multiple cross site scripting vulnerabilities.
403447c47a23972c08fcd81b4ca4c307c382f8f88d26a94eda5723546375a418
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
0bf094f0919d158a578421d66bc2569c8c8181233ba162bb51722f98c802bccd
KBPublisher version 6.0.2.1 suffers from multiple remote SQL injection vulnerabilities.
0cb59314e98c852707ac5044f0b1f1a109831b145d21d607881263502e2cf412
Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability.
3838fc4275908e3ac8ebdd5bb1370b4c99bea63e3815ed1f4143cadf66d17b91
Red Hat Security Advisory 2019-2543-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A data disclosure vulnerability was addressed.
9063569f44410a2662a05c5c4dd30028cfd2ab01773795f0bef4f5def527ebd5
Red Hat Security Advisory 2019-2542-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A data disclosure vulnerability was addressed.
f0aa4f5a412a0ab5a6a30caa76f15ec522bcde483709bbc4ad5d10f60c9e324f
Red Hat Security Advisory 2019-2545-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A data disclosure vulnerability was addressed.
0c5c7f77d496ab63201b172dc3f5e83a2f9b5a90ba101fba2442507825086739
Red Hat Security Advisory 2019-2544-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. A data disclosure vulnerability was addressed.
bfb6b8bc94666dc8650cacb9c867705858ca77edb6c057a9150dd4bb466f9b03
Ubuntu Security Notice 4109-1 - It was discovered that OpenJPEG incorrectly handled certain PGX files. An attacker could possibly use this issue to cause a denial of service or possibly remote code execution. It was discovered that OpenJPEG incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. It was discovered that OpenJPEG incorrectly handled certain PNM files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
cecde3b6f463be0923c3b3bd99cb7bc13217dea489c5a6ba3923386be3989fae
Red Hat Security Advisory 2019-2541-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
3464c1d8bfdc97a640e38d765f632fa6360eff8630f8a1cf93c2cfcfcd9e5d87
This Metasploit module exploits Pulse Secure SSL VPN versions 8.1R15.1, 8.2, 8.3, and 9.0 which suffer from an arbitrary file disclosure vulnerability.
c4c06bbd40df833eb2f186640de391e2da4dc98aaffb460369cdb39d17627ab0
Ubuntu Security Notice 4108-1 - It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
558ed7d6cf1a35e0f87b79a567abb864a6b049cfb05f233c31c2f57cdb6d3be4
Red Hat Security Advisory 2019-2538-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a bypass vulnerability.
e3c770ed478538592f866023514682c00b16438d67cc36341fc00e9d79b798bb