EgavilanMedia My To Do List version 1.0 suffers from a persistent cross site scripting vulnerability.
17fe110ea5fbb0b1a887fad9ab4dee2c3062b2356a74f94bbfd0a48deb6e5f8c
OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
d207120c7e7fdd540142d04ca06d83fb3277c8f2fb794a74535d04b2aa0ec219
HPE Edgeline Infrastructure Manager suffers from multiple broken authorization flows that allow for administrative function access without authenticating and can allow for arbitrary password changes.
87121a708a5d58e0787d22fbc3bc5c2a8bf7f3c2c03fd87d6efdd1247efe1119
Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for the server to auth to it and provide the web access, so they are also one thing that can be captured via the arbitrary file read. Version 0.5.0 is affected.
be82376a69ccf9d5d95a794429f042870509dba311154ba5e350b1dd69148aec
SEOPanel version 4.6.0 suffers from multiple cross site scripting vulnerabilities.
e273b4ab14648d8de38ebb0305fab1d8255d78d56a50c4f75e08025f1327a487
Debian Linux Security Advisory 4797-2 - The update for webkit2gtk released as 4797-1 introduced a regression with the WebSockets functionality. Updated webkit2gtk packages are now available to correct this issue.
7a1517d65ba8e2f827f2bb170c1e010d905412ee47957cd11a5342fca52825b9
Debian Linux Security Advisory 4801-1 - A buffer overflow was discovered in Brotli, a generic-purpose lossless compression suite.
39c1a3c64fd38b6e1ef3c69ae1ac35abd72be122510a7de941c653244fb91774
Debian Linux Security Advisory 4802-1 - Chiaki Ishikawa discovered a stack overflow in SMTP server status handling which could potentially result in the execution of arbitrary code.
8d5444b9b43c99430450d6298b4adc1770bb19a59fcce6879c1c7a73f432c355
Debian Linux Security Advisory 4803-1 - Jan-Niklas Sohn discovered that the XKB extension of the Xorg X server performed incomplete input validation, which could result in privilege escalation.
f12b898e41b5d7e17f6c9d3352bf8cd7c5100bfd343609a4c34321e42e818563
Debian Linux Security Advisory 4804-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, privilege escalation or information leaks.
b2ab6cee53da1d96769ca16adfe9dfbf808ed31611a93a2497b295ea9aaa2731
Debian Linux Security Advisory 4805-1 - Two vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server.
33cb8cac8efefd8630541aa85e3167e1088094ad4d96382eca60976d082286c7
Debian Linux Security Advisory 4806-1 - It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the "CallStranger" UPnP vulnerability.
b7b80b0f3734909dfe21dcae6fd31eabfe56df3eb643835d5ebe4c724d7a784f
Debian Linux Security Advisory 4807-1 - David Benjamin discovered a flaw in the GENERAL_NAME_cmp() function which could cause a NULL dereference, resulting in denial of service.
301c7963e0154712e1745c9d2397ec887def5b0060c1cc740ed144f687109534
Debian Linux Security Advisory 4808-1 - It was discovered that missing input validation in the ar/tar implementations of APT, the high level package manager, could cause out-of-bounds reads or infinite loops, resulting in denial of service when processing malformed deb files.
72b22af4983e423e88a9104f100d1306c4503588d7516f149b0a6cbd98324d31
Debian Linux Security Advisory 4809-1 - Various memory and file descriptor leaks were discovered in the Python interface to the APT package management runtime library, which could result in denial of service.
6ddfd77c1455dd7dc47020d1fd9baf4fd93dfee14ce80069ebe7bb8ba2f5dd1b
Debian Linux Security Advisory 4809-2 - The update for python-apt released as DSA 4809-1 introduced a regression when passing a file descriptor to apt_inst.ArFile or apt_inst.DebFile causing a segmentation fault. Updated python-apt packages are now available to correct this issue.
5707a06f3825acb81d8ebbee8680d250b2274d281c25fa856c5a681bea7cd152
Debian Linux Security Advisory 4810-1 - Yaniv Nizry discovered that the clean module of lxml, Python bindings for libxml2 and libxslt could be bypassed.
9f5243a3261ccdcaa166ebeebb4f930ac0ca824f46f3d25ea35e733245afc09c
Debian Linux Security Advisory 4810-2 - The update for lxml released as 4810-1 introduced a regression when running under Python 2. Updated lxml packages are now available to correct this issue.
49c7b12d755a7995c6c7d6c6d871dfa35c4c97d839ec9df478b41aba3eb8e475
Debian Linux Security Advisory 4811-1 - It was discovered that the default blacklist of XStream, a Java library to serialise objects to XML and back again, was vulnerable to the execution of arbitrary shell commands by manipulating the processed input stream.
acffd9ece540f4f9dd8e304dae118a6e0bebb805b838cb208f08a33a7fc074a7
Debian Linux Security Advisory 4812-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.
37919a1fdf97980cfdebe6aa11ee31f4bf0b9ebf838344befc1d3a7c22df1c49
Debian Linux Security Advisory 4813-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or CSS sanitiser bypass.
7c049e9f2c3d5a2f9bfcba92b367e1a93fb8ae2453346e9edbe11ef5a1674714
Debian Linux Security Advisory 4814-1 - It was discovered that xerces-c, a validating XML parser library for C++, did not correctly scan DTDs. The use-after-free vulnerability resulting from this issue would allow a remote attacker to leverage a specially crafted XML file in order to crash the application or potentially execute arbitrary code. Please note that the patch fixing this issue comes at the expense of a newly introduced memory leak.
376080e2c1815c8640dadc1f13237e9f7f7e739ff15c62dbbc28fc3572c445b3
Debian Linux Security Advisory 4815-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information leak.
2f3172812c238f2f1fb029f212200ab8a63472748c4d507b24ac570b668ebaf9
Debian Linux Security Advisory 4816-1 - Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting or the disclosure of hidden users.
0ae12b07a03ac1cfb062cc46e5e0bd51e3833af59d079937f3c7ebc383862f99
Debian Linux Security Advisory 4817-1 - Two vulnerabilities were discovered in the PEAR Archive_Tar package for handling tar files in PHP, potentially allowing a remote attacker to execute arbitrary code or overwrite files.
55d35347b0095ee7302f943e512c864a3ce5dbf064f74322a52bab2f3e2a85eb