Ubuntu Security Notice 5026-1 - It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
1df5275a8531c053a169685e8b2d82e6Ubuntu Security Notice 5027-1 - It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code.
e229b5ed152b516f5a258a11fdafd755ObjectPlanet Opinio version 7.13 suffers from a remote shell upload vulnerability.
428a660ba8fcf617d5de88b7920acbe4Ubuntu Security Notice 5025-2 - USN-5025-1 fixed a vulnerability in libsndfile. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
36961b1b148131d5ac49f6d33229fe09Oracle Fatwire version 6.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
3c10a991eb8badac274f6dcaed884e44Ubuntu Security Notice 5025-1 - It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code.
317f74ce8072ee0dc28309859d8ab843CloverDX version 5.9.0 cross site request forgery to remote code execution exploit.
6b9334fc24a1423e729c3cc9ba40c878Ubuntu Security Notice 5024-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
50a9963ba1903faeab04b47189a80b51Care2x Integrated Hospital Info System version 2.7 suffers from multiple remote SQL injection vulnerabilities.
2edf1e8741d37582e1ac3205362fd224Red Hat Security Advisory 2021-2438-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, denial of service, open redirection, resource exhaustion, and remote shell upload vulnerabilities.
dda5a75b5b7fd18f58795ba51eeb6a02TripSpark VEO Transportation suffers from a remote blind SQL injection vulnerability.
189e05e837b3360b20c7fe7a7553e8e5WordPress Social Warfare plugin version 3.5.2 remote code execution exploit. This fully automated exploit is a variation of the original discovery made by Luka Sikic and hash3liZer in May of 2019.
fb7aee67e4e3485ee6bbbc9c8e188cbcThis whitepaper discusses chain session upload progress to remote code execution when taking advantage of local file inclusion.
30b82ecd437ab784ec81665a82576757Zabbix versions 1.x through 5.x suffer from persistent cross site scripting and remote blind SQL injection vulnerabilities.
58a64992a12c020fdfb082f30b1cdfbaMicrosoft SharePoint Server 2019 remote code execution exploit.
d28db781523b61191a7e8e9b07815d64Ubuntu Security Notice 5021-1 - Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. Harry Sintonen discovered that curl incorrectly reused connections in the connection pool. This could result in curl reusing the wrong connections. Various other issues were also addressed.
c53bea031dddd5ede7e38a101eca93e4Gentoo Linux Security Advisory 202107-50 - A vulnerability in Singularity could result in remote code execution. Versions less than 3.7.4 are affected.
baaf657ee7eb0abd40c1d1eed06d6346Ubuntu Security Notice 4336-2 - USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
299412ebfe15130fcd2ba6fb07826c11Red Hat Security Advisory 2021-2786-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include an out of bounds read vulnerability.
956e6704bc672abed71a02163843b1c0News Portal Project version 3.1 suffers from multiple remote time-based SQL injection vulnerabilities.
66485a527d4c4c5e2088f05fc425cfc7Proof of concept code for a time-based blind remote SQL injection vulnerability in Online Shopping Portal version 3.1. This is a variant of the original discovery of SQL injection in this version by Umit Yalcin in July of 2020.
4f65a9a04d5b6e35d86e2c743c2dc565Vehicle Parking Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to gh1mau in July of 2020.
0bec78de274f574f3704caf7dc30e908Ubuntu Security Notice 5013-1 - It was discovered that systemd incorrectly handled certain mount paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. Mitchell Frank discovered that systemd incorrectly handled DHCP FORCERENEW packets. A remote attacker could possibly use this issue to reconfigure servers.
7874a80a96e6739b9bcfc28b5e49c853Ubuntu Security Notice 5012-1 - It was discovered that containerd incorrectly handled file permission changes. If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could change permissions on files on the host filesystem and possibly escalate privileges.
a90db0b396dec2e9bda631a3f6a4c6a4Gentoo Linux Security Advisory 202107-43 - Multiple vulnerabilities have been found in RPM, the worst of which could result in remote code execution. Versions less than 4.16.1.3 are affected.
c9c49ec4bae48a4b232b958fe64f4372
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed