The Microsoft Windows WOF filter driver does not correctly handle the reparse point setting which allows for an arbitrary file to be cached signed leading to a bypass of UMCI.
f7187a580ed5ddc20b2b930a86832d7b24cd31f5db3e5cf9d99b3c13774e00ee
The Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess function allows a user to create arbitrary registry keys in the .DEFAULT users hive leading to elevation of privilege.
74dc9ea6b122383e9da88cbc95551409a14569942eda9298a95b7107c556d891
The Microsoft Windows Cloud Filter access check does not take into account restrictions such as Mandatory Labels allowing a user to bypass security checks.
ab13f889be67421c34dededae4d0f04228ed04132587c76532ade86b69862f9a
The Microsoft Windows Cloud Filter driver can be abused to create arbitrary files and directories leading to elevation of privilege.
9a3290c879be49aca14a16284ca357134f4661368bf483256ce8149957daef11
Ubuntu Security Notice 4666-1 - It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting attacks.
ca307b3cc7daa751ba08483ab5e7378fedd25111458b26668ab00e31deed2094
Ubuntu Security Notice 4665-1 - Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. Various other issues were also addressed.
f42cebdc9249a10007d5ed4497b419dfe126d209b753fc8f3f5fab08098f9e05
Tibco ObfuscationEngine version 5.11 uses a fixed key for decryption operations, making it pointless.
66a9bf20848c877ae45bd91ca0f25382c067fd4643bd9854dba825cb879670bc
Ubuntu Security Notice 4664-1 - Kevin Backhouse discovered that Aptdaemon incorrectly handled certain properties. A local attacker could use this issue to test for the presence of local files. Kevin Backhouse discovered that Aptdaemon incorrectly handled permission checks. A local attacker could possibly use this issue to cause a denial of service.
8fb25a4190ab9202f679adaca9e52aadb288fa34516bb30382c77935da9ea6a8
Task Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
73cc366f8b928915f63caf49118ce3855d1be06c3d5ac9aae4ce828535f32214
Task Management System version 1.0 suffers from a remote shell upload vulnerability.
8269463dc2bcbd5a12d4e0eb1384cb71bd0220bfe436281562d73633822bc167
Task Management System version 1.0 suffers from a remote SQL injection vulnerability.
9cbde0eed9c9ff2185f4ff9a1b40b984378ba5de3a8ea38f2f042a18c5ed5f39
Ubuntu Security Notice 4663-1 - Melvin Kool discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to hang, resulting in a denial of service.
f07e2a7fe1a40f36edcf1e4be14bb23b4328ddb93f5876cd4a3a978e7031d1df
SmarterMail build version 6985 suffers from a remote code execution vulnerability.
03a34ec5b65f814667108d5769e315ba381562b01bceb44b9f6931123cc94443
Employee Performance Evaluation System version 1.0 suffers from an insecure direct object reference vulnerability.
d7feffe6b7df4745ecce3ee15eecee5fc99d74a154cfa8859c6376490c477665
Ubuntu Security Notice 4662-1 - David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.
ad69a5c289631b5ea671af75ccefd8d00c743c1eb3e64a5f603b7886482c735e
Dup Scout Enterprise version 10.0.18 SEH remote buffer overflow exploit.
c4d6fee64413a3c7a642d337cf095b6abb35c0da47f5a6f92a8d2a8a946292dd
This is a brief whitepaper discussing best practices in mobile application security.
b1918abbd608009a0920e4a9bc031809a5b57b44c3c36e87343ee875c3173748