Processwire CMS version 2.4.0 suffers from a local file inclusion vulnerability.
d638156394b1d9cb10b76acc41643fc8694591f2e067046515232d3f2805d643Joomla Publisher component version 3.0.19 suffers from a persistent cross site scripting vulnerability.
e9a9e431e0e577fc66304edff11367730b1270cafc2b252ea1602e7175791021Ubuntu Security Notice 4615-1 - It was discovered that Yerase's TNEF had null pointer dereferences, infinite loop, buffer overflow, out of bounds reads, directory traversal issues and other vulnerabilities. An attacker could use those issues to cause a crash and consequently a denial of service.
3869e12fce16eea951cb220b506c88845f76fe0188982ea1279b8ba3cb498fb0Joomla JomSocial component version 4.7.6 suffers from a persistent cross site scripting vulnerability.
46129dd825549cfb6a2b769da3a2262326962375131e551192982a355ed4020dUbuntu Security Notice 4613-1 - Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information.
9ed9f2545b7006abd797d12678e80ffe1c47a9586d26c798968308808a4eb004Ubuntu Security Notice 4616-1 - Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. Kevin Backhouse discovered that AccountsService incorrectly handled reading .pam_environment files. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. Various other issues were also addressed.
431f97790170c34bab7a8a14f759ad89ab8506bb8c733802cd4591abd348a6a1Ubuntu Security Notice 4614-1 - Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user.
2e5232209ab0587bb864494d01f2eb2cfca129aeacb9844120d80ce19f38b2cfUbuntu Security Notice 4605-2 - Vaisha Bernard discovered that blueman did not properly sanitize input on the d-bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service. While a previous security update fixed the issue, this update provides additional improvements by enabling PolicyKit authentication for privileged commands. Various other issues were also addressed.
a002dc8f38994b9b14e4c9d270098dbd18203170e58487b85174d6fd4cf21c4cGentoo Linux Security Advisory 202011-5 - A vulnerability in libssh could lead to a Denial of Service condition. Versions less than 0.9.5 are affected.
a477bebb9b5d8aec5e5d946b1d10be0ea4f43acf28cc5ef60b5d00554a13a928Gentoo Linux Security Advisory 202011-4 - Multiple vulnerabilities have been found in Fossil, the worst of which could result in the arbitrary execution of code. Versions less than 2.12.1 are affected.
75c7318751cd4487359c15c3b8423956cf538291c5a6f97c486764ac6e7f12faGentoo Linux Security Advisory 202011-3 - A vulnerability in kpmcore could result in privilege escalation. Versions less than 4.2.0 are affected.
67964d6e87167f8e5cb8ddefca80738ee356e926515acb695ee933af609f9c98Gentoo Linux Security Advisory 202011-2 - A heap-based buffer overflow in OpenDMARC might allow remote attackers to execute arbitrary code. Versions less than 1.3.3 are affected.
2959de287cc0da7bc11211121709d5c537d8f322b3aeb6aea3987a3752186261Gentoo Linux Security Advisory 202011-1 - A vulnerability in BlueZ might allow remote attackers to execute arbitrary code. Versions less than 5.55 are affected.
456feecce536f47f217dd110ba0e9be0c758bee7bf46966c7bf2f8cc0df96c6dGithub Actions supports a feature called workflow commands that is susceptible to widespread code injection vulnerabilities.
fad674c47b105cfc1035cbe0b4661f311b3d8159fc76033622fa185b205e5785Complaints Report Management System version 1.0 suffers from a remote SQL injection vulnerability that can allow for remote code execution.
b630401ff24cb158b114a6e6f89d0f81bf94403caa737efff5cf7ae81706f205
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed