Debian Linux Security Advisory 4643-1 - It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when strip=False and 'math' or 'svg' tags and one or more of the RCDATA tags were whitelisted.
fa8f325702803b534ade8e4bb05e7285c5a513fdb43b133a6fd6e756e4f8ee39Debian Linux Security Advisory 4644-1 - A denial of service vulnerability (by triggering high CPU consumption) was found in Tor, a connection-based low-latency anonymous communication system.
84fb8a09b6586841538937d668832c5199d47fb8242b51999110cb3df3451d6eDebian Linux Security Advisory 4645-1 - Several vulnerabilities have been discovered in the chromium web browser.
676b203db61a609b382f0d4e9fda48541b9a2242d686f4a3cf49e546b04a2d51Debian Linux Security Advisory 4646-1 - Andre Bargull discovered an integer overflow in the International Components for Unicode (ICU) library which could result in denial of service and potentially the execution of arbitrary code.
1f7b4ca1efd04fe7858eabb3bec876beced539192d487b14f50cee2ed3179315Debian Linux Security Advisory 4647-1 - It was reported that the BlueZ's HID and HOGP profile implementations don't specifically require bonding between the device and the host. Malicious devices can take advantage of this flaw to connect to a target host and impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source.
162dbfbf7a51afb140e41ea95ef8bda9cb2caf97846e78d132ef4a2915d79a3cDebian Linux Security Advisory 4648-1 - Russ Allbery discovered a buffer overflow in the PAM module for MIT Kerberos, which could result in denial of service or potentially the execution of arbitrary code.
c5eae23da915c5e658fb96e20fa877eb3a12e3585e54b30300f65c17b3b80b42Micro Focus Vibe version 4.0.6 suffers from a cross site scripting vulnerability.
b704ace34d0c7e6b2d7922015fd9228515f6cebf2302a5f752c27dee84dfa06dMicro Focus Vibe version 4.0.6 suffers from an html injection vulnerability.
5f9ffbfad0ad714375f7ca82a8f6f5eb5dd45f8670aa28158fa82ea9bff0d765IBM Cognos TM1 Server / Planning Analytics Server (TM1) suffers from a configuration overwrite vulnerability that can be leveraged to achieve code execution as SYSTEM via TM1 scripting. Extensive research is included in this advisory as well as the Metasploit module.
7adaef0a254ef114813a1fd3002f76240f5426ebf3ada7a99fac67252f614370This Metasploit module exploits some DLINK Access Points that are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin.
a2f0e8cf76051e688f4ad0f0c6c2006837b156b7ef27c777a6a73c0c8435e559codeBeamer versions 9.5 and below suffer from multiple persistent cross site scripting vulnerabilities.
ad369fec0c3f1233771579bb12bfb9e9b346a7907407bfb4a1a7b305585f8c55rConfig version 3.9.4 searchField unauthenticated remote root code execution exploit.
286d169b9325c701681f3ca01b90d56974a51fe70471f6d1ba94a2d175b1f7a8FreeCommander XE 2020 Build 810a 32-bit suffers from a pathname buffer overflow vulnerability.
60d82e33f0c7f4253ddc265c3479423769c54f1a48cc6ae26922cfd73df607d2Apple Security Advisory 2020-03-25-2 - iCloud for Windows 7.18 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
96ab81fe377fcfec5e673df49ba97fc74d44e1974d38e9711f12e9456a8da14bApple Security Advisory 2020-03-25-1 - iCloud for Windows 10.9.3 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
acea9f0b0cce60f1793d0187de42beed290b55978ebb0659695bb8aa50a3f1b7Hyperion is a runtime encrypter for 32-bit and 64-bit portable executables. It is a reference implementation and bases on the paper "Hyperion: Implementation of a PE-Crypter".
546bba6c21a8e53a0ebd1b8665fdb96452b6cab6ffbd9956b7c34f8bdab5e518Webexcels Ecommerce CMS version 2.x suffers from cross site scripting and remote SQL injection vulnerabilities.
f1a0150ad98e19ccd148216e1b64e6e01d5ff4f6ed52d98077cbc41e152cfd9eRed Hat Security Advisory 2020-0984-01 - The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. Issues addressed include a buffer overflow vulnerability.
2d8fd208426906e151532813be56a161b7cf7cc7cf2a850bd1eae7622538bb9dGentoo Linux Security Advisory 202003-61 - A vulnerability in Adobe Flash Player might allow remote attackers to execute arbitrary code. Versions less than 32.0.0.330 are affected.
3fc7bad8d96a7f49b4cf0ec3da7c69085affa7e32f8998c53679fc3ff3299df4Gentoo Linux Security Advisory 202003-60 - Multiple vulnerabilities have been found in QtCore, the worst of which could result in the execution of arbitrary code. Versions less than 5.13.2-r2 are affected.
650572164c36484157791521eb3ea332bfef2a71601585cb4d9893c4409adfbcRed Hat Security Advisory 2020-0983-01 - This release of Red Hat Fuse 7.6.0 serves as a replacement for Red Hat Fuse 7.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and information leakage vulnerabilities.
c2b2bece438c10e903155ade04dc8eb70bbee2e9169a4e812ce54e8f4eebf85aECK Hotel version 1.0 suffers from a cross site request forgery vulnerability.
73b0a2baf1aadb4634e5d536bc7971dd31bccd2af7ff063bb87cdec4581c95e4Gentoo Linux Security Advisory 202003-59 - Multiple vulnerabilities have been found in libvpx, the worst of which could result in the execution of arbitrary code. Versions less than 1.8.1 are affected.
503ec47e35e8e03981d4671be2eb3497dab2a55f6fd08ee006835e3c3bcc3f2bRed Hat Security Advisory 2020-0981-01 - The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. Issues addressed include a buffer overflow vulnerability.
ca35dc444d79793c1d0c0f18d0e9312c06b6ad4fddd368824ac4dbbd2d922d89Everest version 5.50.2100 suffers from a denial of service vulnerability.
36a23f95e671ec254ef8be53b1fd8254508a51304b2e73a386a969ca04e36b72
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed