ModSecurity version 3.0.x suffers from a denial of service vulnerability due to the handling of regular expression matching. ModSecurity version 3.0.x is affected by a denial of service vulnerability due to the global matching of regular expressions. The combination of a non-anchored regular expression and the ModSecurity capture action can be exploited via a specially crafted payload.
df79f2392e827d107f0ec05ae4fe67b4b9956f6a18d720baf532bbded9256ab4Ubuntu Security Notice 4500-1 - It was discovered that bsdiff mishandled certain input. If a user were tricked into opening a malicious file, an attacker could cause bsdiff to crash or potentially execute arbitrary code.
ad79f2339f758eb6de120943827cf5912e41e6e5269955e5c50c38008853d145Ubuntu Security Notice 4498-1 - It was discovered that Loofah does not properly sanitize JavaScript in sanitized output. An attacker could possibly use this issue to perform XSS attacks.
88d4e83dbb53e89c4500d9d0e93cd5f4caff49dfd2b7395e75e7ae1611a739c6Ubuntu Security Notice 4499-1 - It was discovered that MilkyTracker did not properly handle certain input. If a user were tricked into opening a malicious file, an attacker could cause MilkyTracker to crash or potentially execute arbitrary code.
ce73b6a694072285fb74e4e0fb23e56ada9f32aac639e5e89ba32c1ada7fcc25Ubuntu Security Notice 4497-1 - It was discovered that OpenJPEG incorrectly handled certain image files. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or potentially execute arbitrary code. Various other issues were also addressed.
74e3c9ec57d378bfed6df67fdfda72eebec0620c3bf0135a0ad613d960d815e5Red Hat Security Advisory 2020-3757-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries.
38d88d4582fd8e4b4af72cbfff99013cc4f4e4f40fa1d110cb89951a4a135182Ubuntu Security Notice 4496-1 - It was discovered that Apache XML-RPC does not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code.
0d11bb361d9214af8b8e07592fe8af5981b3411a2ea5248352424c6214828223Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
a45ca00afe765e3baa839767c9dd6ac9a46dd01720a3a8ff4d86558c12359926ThinkAdmin version 6 suffers from an arbitrary file read vulnerability.
fe42cf04f2cdc9bb862216f8963016b2fe0628e81ef14d9bc2127976f892f768Tailor MS version 1.0 suffers from a cross site scripting vulnerability.
e5d3f596826a09594cd3da84dcda261dea5ea9721eb1dcd54f95e306795f8d75Red Hat Security Advisory 2020-3756-01 - The librepo library provides a C and Python API to download repository metadata. Issues addressed include a traversal vulnerability.
a0672f9c6434ac91b420476fae2e94c3bde749deb7e9eccd76c148d2fa5e4b8aRed Hat Security Advisory 2020-3755-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries.
8088018e49ab602ff0af5b3d632c13312fe2641a979d34c831b2c4024601772bUbuntu Security Notice 4495-1 - It was discovered that Apache Log4j does not properly deserialize untrusted data. An attacker could possibly use this issue to remotely execute arbitrary code.
d53f82097b8b22273ce0af7583c015d35c35509bef10c5df372286782ec1f909Ubuntu Security Notice 4494-1 - It was discovered that GUPnP incorrectly handled certain subscription requests. A remote attacker could possibly use this issue to exfiltrate data or use GUPnP to perform DDoS attacks.
d3875434bb5b4c21a1998c33ca3377de59ad32d63e34614ddb94c1795d6e9839Red Hat Security Advisory 2020-3749-01 - The librepo library provides a C and Python API to download repository metadata. Issues addressed include a traversal vulnerability.
f2a8493e6bfb74fbfb4e576afd201300cc783d8e0cc85a1e307d449e5d20c98d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed