FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayVulnerabilities

[local] Trend Micro OfficeScan Client 10.0 - ACL Service LPE

Trend Micro OfficeScan Client 10.0 - ACL Service LPE

[webapps] WBiz Desk 1.2 - SQL Injection

WBiz Desk 1.2 - SQL Injection

[remote] Screen SFT DAB 600/C - Authentication Bypass Erase Account

Screen SFT DAB 600/C - Authentication Bypass Erase Account

[local] MobileTrans 4.0.11 - Weak Service Privilege Escalation

MobileTrans 4.0.11 - Weak Service Privilege Escalation

[local] Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking

Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking

[remote] Screen SFT DAB 600/C - Authentication Bypass Reset Board Config

Screen SFT DAB 600/C - Authentication Bypass Reset Board Config

[webapps] Stackposts Social Marketing Tool v1.0 - SQL Injection

Stackposts Social Marketing Tool v1.0 - SQL Injection

[webapps] GetSimple CMS v3.3.16 - Remote Code Execution (RCE)

GetSimple CMS v3.3.16 - Remote Code Execution (RCE)

[webapps] Quicklancer v1.0 - SQL Injection

Quicklancer v1.0 - SQL Injection

[webapps] Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)

Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)

ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)

[webapps] CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)

CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)

[webapps] Smart School v1.0 - SQL Injection

Smart School v1.0 - SQL Injection

[webapps] LeadPro CRM v1.0 - SQL Injection

LeadPro CRM v1.0 - SQL Injection

[local] Yank Note v3.52.1 (Electron) - Arbitrary Code Execution

Yank Note v3.52.1 (Electron) - Arbitrary Code Execution

[remote] Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)

Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)

[local] Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution

Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution

[remote] Screen SFT DAB 600/C - Authentication Bypass Admin Password Change

Screen SFT DAB 600/C - Authentication Bypass Admin Password Change

[webapps] Affiliate Me Version 5.0.1 - SQL Injection

Affiliate Me Version 5.0.1 - SQL Injection

[remote] Screen SFT DAB 600/C - Authentication Bypass Password Change

Screen SFT DAB 600/C - Authentication Bypass Password Change

[webapps] eScan Management Console 14.0.1400.2281 - Cross Site Scripting

eScan Management Console 14.0.1400.2281 - Cross Site Scripting

[webapps] PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)

PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)

[webapps] eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)

eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)

[webapps] PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)

PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)

[webapps] Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)

Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)

[webapps] thrsrossi Millhouse-Project 1.414 - Remote Code Execution

thrsrossi Millhouse-Project 1.414 - Remote Code Execution

[webapps] SitemagicCMS 4.4.3 - Remote Code Execution (RCE)

SitemagicCMS 4.4.3 - Remote Code Execution (RCE)

[webapps] Prestashop 8.0.4 - CSV injection

Prestashop 8.0.4 - CSV injection

[webapps] Best POS Management System v1.0 - Unauthenticated Remote Code Execution

Best POS Management System v1.0 - Unauthenticated Remote Code Execution

[remote] Screen SFT DAB 600/C - Authentication Bypass Account Creation

Screen SFT DAB 600/C - Authentication Bypass Account Creation

[webapps] FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)

FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)

Ubuntu Security Notice USN-5725-2

Ubuntu Security Notice 5725-2 - USN-5725-1 fixed a vulnerability in Go. This update provides the corresponding update for Ubuntu 16.04 LTS. Diederik Loerakker, Jonny Rhea, RaΓΊl Kripalani, and Preston Van Loon discovered that Go incorrectly handled certain inputs. An attacker could possibly use this issue to cause Go applications to hang or crash, resulting in a denial of service.

Ubuntu Security Notice USN-6073-9

Ubuntu Security Notice 6073-9 - USN-6073-4 fixed a vulnerability in os-brick. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

Ubuntu Security Notice USN-6073-6

Ubuntu Security Notice 6073-6 - USN-6073-1 fixed a vulnerability in Cinder. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

Ubuntu Security Notice USN-6073-7

Ubuntu Security Notice 6073-7 - USN-6073-2 fixed a vulnerability in Glance_store. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that Glance_store incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

Ubuntu Security Notice USN-6073-8

Ubuntu Security Notice 6073-8 - USN-6073-3 fixed a vulnerability in Nova. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

Ubuntu Security Notice USN-6099-1

Ubuntu Security Notice 6099-1 - It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS.

Debian Security Advisory 5409-1

Debian Linux Security Advisory 5409-1 - Two security issues have been discovered in libssh, a tiny C SSH library.

Ubuntu Security Notice USN-6094-1

Ubuntu Security Notice 6094-1 - Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service. Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information.

Ubuntu Security Notice USN-6096-1

Ubuntu Security Notice 6096-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6095-1

Ubuntu Security Notice 6095-1 - Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information. Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information.

[remote] Optoma 1080PSTX Firmware C02 - Authentication Bypass

Optoma 1080PSTX Firmware C02 - Authentication Bypass

[webapps] TinyWebGallery v2.5 - Remote Code Execution (RCE)

TinyWebGallery v2.5 - Remote Code Execution (RCE)

[webapps] WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup

WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup

[webapps] Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title

Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title

[webapps] Apache Superset 2.0.0 - Authentication Bypass

Apache Superset 2.0.0 - Authentication Bypass

[webapps] PnPSCADA v2.x - Unauthenticated PostgreSQL Injection

PnPSCADA v2.x - Unauthenticated PostgreSQL Injection

[webapps] e107 v2.3.2 - Reflected XSS

e107 v2.3.2 - Reflected XSS

Ubuntu Security Notice USN-6093-1

Ubuntu Security Notice 6093-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5900-2

Ubuntu Security Notice 5900-2 - USN-5900-1 fixed vulnerabilities in tar. This update fixes it to Ubuntu 23.04. It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or cause a crash.

Red Hat Security Advisory 2023-3245-01

Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3247-01

Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3246-01

Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3243-01

Red Hat Security Advisory 2023-3243-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3248-01

Red Hat Security Advisory 2023-3248-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Gentoo Linux Security Advisory 202305-28

Gentoo Linux Security Advisory 202305-28 - Multiple vulnerabilities have been found in snakeyaml, the worst of which could result in denial of service. Versions greater than or equal to 1.33 are affected.

Gentoo Linux Security Advisory 202305-27

Gentoo Linux Security Advisory 202305-27 - A vulnerability has been discovered in Tinyproxy which could be used to achieve memory disclosure. Versions greater than or equal to 1.8.3-r3 are affected.

Gentoo Linux Security Advisory 202305-25

Gentoo Linux Security Advisory 202305-25 - Multiple vulnerabilities have been discovered in ModSecurity Core Rule Set, the worst of which could result in bypassing the WAF. Versions greater than or equal to 3.3.4 are affected.

Gentoo Linux Security Advisory 202305-24

Gentoo Linux Security Advisory 202305-24 - Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. Versions greater than or equal to 1.25.2 are affected.

Gentoo Linux Security Advisory 202305-26

Gentoo Linux Security Advisory 202305-26 - Multiple vulnerabilities have been discovered in LibreCAD, the worst of which could result in denial of service. Versions greater than or equal to 2.1.3-r7 are affected.
❌