Debian Linux Security Advisory 4643-1 - It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when strip=False and 'math' or 'svg' tags and one or more of the RCDATA tags were whitelisted.
fa8f325702803b534ade8e4bb05e7285c5a513fdb43b133a6fd6e756e4f8ee39
Debian Linux Security Advisory 4644-1 - A denial of service vulnerability (by triggering high CPU consumption) was found in Tor, a connection-based low-latency anonymous communication system.
84fb8a09b6586841538937d668832c5199d47fb8242b51999110cb3df3451d6e
Debian Linux Security Advisory 4645-1 - Several vulnerabilities have been discovered in the chromium web browser.
676b203db61a609b382f0d4e9fda48541b9a2242d686f4a3cf49e546b04a2d51
Debian Linux Security Advisory 4646-1 - Andre Bargull discovered an integer overflow in the International Components for Unicode (ICU) library which could result in denial of service and potentially the execution of arbitrary code.
1f7b4ca1efd04fe7858eabb3bec876beced539192d487b14f50cee2ed3179315
Debian Linux Security Advisory 4647-1 - It was reported that the BlueZ's HID and HOGP profile implementations don't specifically require bonding between the device and the host. Malicious devices can take advantage of this flaw to connect to a target host and impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source.
162dbfbf7a51afb140e41ea95ef8bda9cb2caf97846e78d132ef4a2915d79a3c
Debian Linux Security Advisory 4648-1 - Russ Allbery discovered a buffer overflow in the PAM module for MIT Kerberos, which could result in denial of service or potentially the execution of arbitrary code.
c5eae23da915c5e658fb96e20fa877eb3a12e3585e54b30300f65c17b3b80b42
Micro Focus Vibe version 4.0.6 suffers from a cross site scripting vulnerability.
b704ace34d0c7e6b2d7922015fd9228515f6cebf2302a5f752c27dee84dfa06d
Micro Focus Vibe version 4.0.6 suffers from an html injection vulnerability.
5f9ffbfad0ad714375f7ca82a8f6f5eb5dd45f8670aa28158fa82ea9bff0d765
IBM Cognos TM1 Server / Planning Analytics Server (TM1) suffers from a configuration overwrite vulnerability that can be leveraged to achieve code execution as SYSTEM via TM1 scripting. Extensive research is included in this advisory as well as the Metasploit module.
7adaef0a254ef114813a1fd3002f76240f5426ebf3ada7a99fac67252f614370
This Metasploit module exploits some DLINK Access Points that are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin.
a2f0e8cf76051e688f4ad0f0c6c2006837b156b7ef27c777a6a73c0c8435e559
codeBeamer versions 9.5 and below suffer from multiple persistent cross site scripting vulnerabilities.
ad369fec0c3f1233771579bb12bfb9e9b346a7907407bfb4a1a7b305585f8c55
rConfig version 3.9.4 searchField unauthenticated remote root code execution exploit.
286d169b9325c701681f3ca01b90d56974a51fe70471f6d1ba94a2d175b1f7a8
FreeCommander XE 2020 Build 810a 32-bit suffers from a pathname buffer overflow vulnerability.
60d82e33f0c7f4253ddc265c3479423769c54f1a48cc6ae26922cfd73df607d2
Apple Security Advisory 2020-03-25-2 - iCloud for Windows 7.18 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
96ab81fe377fcfec5e673df49ba97fc74d44e1974d38e9711f12e9456a8da14b
Apple Security Advisory 2020-03-25-1 - iCloud for Windows 10.9.3 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
acea9f0b0cce60f1793d0187de42beed290b55978ebb0659695bb8aa50a3f1b7
Hyperion is a runtime encrypter for 32-bit and 64-bit portable executables. It is a reference implementation and bases on the paper "Hyperion: Implementation of a PE-Crypter".
546bba6c21a8e53a0ebd1b8665fdb96452b6cab6ffbd9956b7c34f8bdab5e518
Webexcels Ecommerce CMS version 2.x suffers from cross site scripting and remote SQL injection vulnerabilities.
f1a0150ad98e19ccd148216e1b64e6e01d5ff4f6ed52d98077cbc41e152cfd9e
Red Hat Security Advisory 2020-0984-01 - The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. Issues addressed include a buffer overflow vulnerability.
2d8fd208426906e151532813be56a161b7cf7cc7cf2a850bd1eae7622538bb9d
Gentoo Linux Security Advisory 202003-61 - A vulnerability in Adobe Flash Player might allow remote attackers to execute arbitrary code. Versions less than 32.0.0.330 are affected.
3fc7bad8d96a7f49b4cf0ec3da7c69085affa7e32f8998c53679fc3ff3299df4
Gentoo Linux Security Advisory 202003-60 - Multiple vulnerabilities have been found in QtCore, the worst of which could result in the execution of arbitrary code. Versions less than 5.13.2-r2 are affected.
650572164c36484157791521eb3ea332bfef2a71601585cb4d9893c4409adfbc
Red Hat Security Advisory 2020-0983-01 - This release of Red Hat Fuse 7.6.0 serves as a replacement for Red Hat Fuse 7.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and information leakage vulnerabilities.
c2b2bece438c10e903155ade04dc8eb70bbee2e9169a4e812ce54e8f4eebf85a
ECK Hotel version 1.0 suffers from a cross site request forgery vulnerability.
73b0a2baf1aadb4634e5d536bc7971dd31bccd2af7ff063bb87cdec4581c95e4
Gentoo Linux Security Advisory 202003-59 - Multiple vulnerabilities have been found in libvpx, the worst of which could result in the execution of arbitrary code. Versions less than 1.8.1 are affected.
503ec47e35e8e03981d4671be2eb3497dab2a55f6fd08ee006835e3c3bcc3f2b
Red Hat Security Advisory 2020-0981-01 - The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. Issues addressed include a buffer overflow vulnerability.
ca35dc444d79793c1d0c0f18d0e9312c06b6ad4fddd368824ac4dbbd2d922d89
Everest version 5.50.2100 suffers from a denial of service vulnerability.
36a23f95e671ec254ef8be53b1fd8254508a51304b2e73a386a969ca04e36b72