Debian Linux Security Advisory 5737-1 - If LibreOffice failed to validate a signed macro, it displayed a warning but still allowed execution of the script after printing a warning. Going forward in high macro security mode such macros are now disabled.
fbf253db6414dcb929182435af773e9e12a5474cb92ce8587a9837bc3f4a4a51Ubuntu Security Notice 6944-1 - Dov Murik discovered that curl incorrectly handled parsing ASN.1 Generalized Time fields. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents.
5f93afb3b824fe8ddb04cb4fa82fa74a7dfc010696ce877a226b6d2172775efbLinux DRM has drm_file_update_pid() call to get_pid() too late, which creates a race condition that can lead to use-after-free issue of a struct pid.
ea7aa640ea9bb86fe73ddf82c6205724499ae72e163dd9ad1ae1c987416c0d29Online Shopping Portal Project version 2.0 suffers from a remote SQL injection vulnerability.
e732827ff3dbea9466f6b986d572ab2330ab9823f6fa595996fa292a9acf1714Dolphin version 7.4.2 suffers from a remote blind SQL injection vulnerability.
8248fa7dd2014942fa684fcf3a8e321be37bb5444685be1d6befc1212eec50e8Ivanti ADC version 9.9 suffers from an authentication bypass vulnerability.
0ae1fab25861b80abe6cec837486cb13f326931260c2697ace240a741c9d04e1Genexus Protection Server version 9.7.2.10 suffers from an unquoted service path vulnerability.
0d3423b81fac0acbc8f3590a08c003578d0cf593893d18f3bf048590272aa035Devika version 1 suffers from a path traversal vulnerability.
a1faa88d45aec3e4e47f6aaf83509670b4fb84ce15462308d2e7daa8d66d754cDebian Linux Security Advisory 5736-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of Java sandbox restrictions.
957d1e7febf0e6ffc2970d2843195a0864cd1906e9b17bd7a94d8dc578a923fae107 version 2.3.3 suffers from a cross site scripting vulnerability.
65270fcfbc4496558285477bf858c62cce40aea1dfc36c2063fca646faa64fa5Codeprojects E-Commerce version 1.0 suffers from an ignored default credential vulnerability.
acf83fc048a5b78daef5b35427a28ee1b8cfe5ca1da8852c476dd0caa664a93cUbuntu Security Notice 6895-4 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.
5abbf5bf5626f5254f4e45c8a2e156eed0e1819bb69d45b4255f18556cc62da1Blog Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
b973485e27bf8b71a8b316ce0f45cca7bc4e94900efaf7f303038dd9d65cc778Best Courier Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
7bf8d850cb1870953a38d53d85bb8aadba11dd9744f23e9616abc56e07e0916aAppointment Scheduler version 4.0 suffers from an insecure direct object reference vulnerability.
abce18094602234c124f6e8d416edc3a0bca449a2873357a5bde30586f807aa6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed