Gentoo Linux Security Advisory 202012-14 - Multiple vulnerabilities have been found in cURL, the worst of which could result in information disclosure or data loss. Versions less than 7.74.0 are affected.
a431e20003dbb54cbc97fe5d2ae4cf8ccc1763c47896a24f006add5698abd333
WordPress WP-PostRatings plugin version 1.86 suffers from a cross site scripting vulnerability.
4793c8182487c97db6aa9340ab7faa718760a288daf10bad4294bc1b27209ea1
Gentoo Linux Security Advisory 202012-13 - A vulnerability in OpenSSL might allow remote attackers to cause a Denial of Service condition. Versions less than 1.1.1i are affected.
09e5b24d63f4ea0a050e578a37335da92e11ede695aad3cf7d56ff726f941130
Gentoo Linux Security Advisory 202012-12 - A vulnerability has been found in libass that could allow a remote attacker to execute arbitrary code. Versions less than 0.15.0 are affected.
ad9f983be7bd1a9082dba4f3869ff9278199762ad56a7b4c438b994f7dfccdf9
Gentoo Linux Security Advisory 202012-11 - A Denial of Service vulnerability was discovered in c-ares. Versions less than 1.17.1 are affected.
4a30337127d4354c36c62b697fdf507237101cac53e5b52c93f8b3667e595f6a
Gentoo Linux Security Advisory 202012-10 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.30.3 are affected.
d721871c2eb810583e54a283bedc9a56e02aeb022bd9927e9feccfcc2d032ae7
GitLab version 11.4.7 authenticated remote code execution exploit. Original discovery of this issue attributed to Mohin Paramasivam in December of 2020.
c9c6f0c8706abfa0c67bcf3a71b777f57f857eb79b6d8aa441fb831112e3fa13
Gentoo Linux Security Advisory 202012-9 - Multiple vulnerabilities have been found in Cherokee, the worst of which could result in a Denial of Service condition. Versions less than or equal to 1.2.104-r2 are affected.
404f953b4e4f65b067146dcf3fd8f42043a28bdd0a7637b0908b08709db8f932
CVE-2020-0986, which was exploited in the wild, was not fixed. The vulnerability still exists, just the exploitation method had to change. A low integrity process can send LPC messages to splwow64.exe (Medium integrity) and gain a write-what-where primitive in splwow64’s memory space. The attacker controls the destination, the contents that are copied, and the number of bytes copied through a memcpy call.
2deda0d9cacd17b84943f485aeea236f1b4dc0389dcdbb9cc34a1cf168d4a259
usrsctp suffers from a use-after-free write when handling a malicious COOKIE-ECHO.
f252bba03489bc8f9be449d6b5822e8198fada928b67bb244011cc520b0a698c
Asterisk Project Security Advisory - A crash can occur in Asterisk when a SIP 181 response is received that has a Diversion header, which contains a tel-uri.
a26dc337f57530d82d427354073f347e972800a041eeb38f8141eeefd479f86b
Sales and Inventory System for Grocery Store version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
98c5ae9b0429981b3325616f4e0234af3bd69a9c60236617202b83e68eaf16b5
Asterisk Project Security Advisory - A crash can occur in Asterisk when a SIP message is received that has a History-Info header, which contains a tel-uri. Note, the remote client must be authenticated, or Asterisk must be configured for anonymous calling in order for this problem to manifest.
48af91212546e76d006116dba7b12815d843a845495623b78255f9379d3b2484
Whitepaper called Object Prototype Pollution Attack.
0cf71dcc65c57e4d0d55c1d72779900dfcd3e0f7bb0d277277738f83613d8f75
Online Learning Management System version 1.0 suffers from multiple cross site scripting vulnerabilities.
4bf56aad0d98f96c15bdec5d6080b28d2e6740f6f43c13f099402268a28602b0
Online Learning Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
b4f2626eb55cf30dce5e24cada5945ab5668c14d92899b1bd07b9cabfaf6ed24
Class Scheduling System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
adbb192a182c5be01024e5377112931a76283874d7ee2370350f93a0aa3d9cd1
Baby Care System version 1.0 suffers from a remote SQL injection vulnerability.
ac259d2e4f434636c58f29410add7476b9d96d6ec914f3704b0d95819170f896
This Metasploit module exploits an unauthenticated command execution vulnerability in TerraMaster TOS version 4.2.06 leveraging include/makecvs.php.
1ca4ee63f6107490fe17d396df7f0153a5c29930a496321ceec2101872db5321
10-Strike Network Inventory Explorer Pro version 9.05 SEH buffer overflow exploit.
7f5c6380e6a4c035e00bf9a7b7a5fc538c47594ab972e81143955e9d46b6a75f
TerraMaster TOS version 4.2.06 unauthenticated remote code execution exploit.
786b3e02ded0b491ccd7dbfa6dd55166637cec7a46e2e67caf487375718fdc42
Multiple themes from the WordPress Epsilon Framework suffer from an unauthenticated function injection vulnerability that allows for server-side request forgery and denial of service attacks.
42d834d50e95bb3d58e3d0702beeb435b43360364f98da806946bb570f0d94a1
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
79123b654445a4abba486e09a431788545c708237382a3e765664c9f55b03b88
Red Hat Security Advisory 2020-5656-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.
fd9de184b8fb8360645a07825be57f5ccdb12ae5e54743cf9a51ff3832dcb2f5
Linux suffers from broken locking in TIOCSPGRP that can lead to a corrupted refcount.
3d16d56ff43c2ab3355f19116f22e1a94fc89347899d1d2c15556ab0e4b4191b