Wekan versions 6.74 and below suffer from a persistent cross site scripting vulnerability.
5f6a618a585ca68e8d37984d4e6630f7467ca93dcc564f837032ebe7f0466fa4Serenity and StartSharp Software versions prior to 6.7.1 suffer from file upload to cross site scripting, user enumeration, and reusable password reset token vulnerabilities.
0c6c4576c7182cef60f1720011b706cffbe6a3ce7cde23ea97cdccf7a4dc0430Pydio Cells versions 4.1.2 and below suffer from a server-side request forgery vulnerability.
e80dc14f94f6e8fcaa9d6b4c38de47e89b02fbf48eec2911feee938e8da47d63Pydio Cells versions 4.1.2 and below implement the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross site scripting vulnerability.
5572c0a56c096d68de11c3dc1c9bcddd5b68526d9584952ea09e3ff2766d3365Pydio Cells versions 4.1.2 and below suffer from a privilege escalation vulnerability. It allows users, by default, to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.
57d48188f889ecfd68177fabe259377f99ef7204208ed63108568aa4b966a11aPapaya Medical Viewer version 1.0 suffers from a cross site scripting vulnerability.
8df38a330ac2343b3e782afbd1eada60580f208c1258a2a059d50abc00c3df54PrinterLogic build version 1.0.757 suffers from authentication bypass, cross site request forgery, cross site scripting, session fixation, insufficient checks, impersonation, remote SQL injection, and various other vulnerabilities.
1631d9ea880d645fa96e60ab35dadd9fa31ea602fc8d3ea5528a7418cc9cfc0bUbuntu Security Notice 6121-1 - It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this cause a denial of service or expose sensitive information. It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
70aba3d5f351642efd33d4a90d4c7a283322101c6801955823fd4124f653d158Ubuntu Security Notice 6120-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.
0beb4fd522279b672c4b92fcefa9d309a5387cdc5d645f3b2e6568d164bca679Ubuntu Security Notice 6119-1 - Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Anton Romanov discovered that OpenSSL incorrectly handled AES-XTS cipher decryption on 64-bit ARM platforms. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.
7cded9be002541579e3683f090be21d5081a26fc1ec436e4d8356d4f2b13eea5Ubuntu Security Notice 6111-1 - It was discovered that Flask incorrectly handled certain data responses. An attacker could possibly use this issue to expose sensitive information.
f3bfcd4da58e2bede4e74902fc1c0e5e1ecf3fb718cae4373a7ba38a8117ca3eWidevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagParseAndStoreData at 0x5cc8.
02afd4c9fc0c2a2befcb44011c977e343cf195cfbc24cf539aeda6c095755e1eWidevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagVerifyProvisioning at 0x5f90.
d438473704d7671721f288dc681bf4d91dc2e410798f33972f41920d4e94c857Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x7370.
8c5266b04d8d580797eed1dd688b474aeb0104e358a02453bbd39a55b2604206Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x730c.
dca852cb81f2ee8b777732a16db0deb480a8e210720e5527f1a4c75e793bd4e9Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_save_keys at 0x6a18.
00618858615635079c0c4a2ffcbd253c46d153cd5b7d1bc89147c9f06425280aWidevine Trustlet versions 5.x suffer from a drm_save_keys related buffer overflow.
480a5e354c015a3d414041a4f5313797e1c846023d6fc2195779351890c2f344Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_save_keys at 0x69b0.
c3fd847ee861707f2533419ee73e708fffbe40f6a8ae737596c1e1fe18e79052Ubuntu Security Notice 6115-1 - Max Chernoff discovered that LuaTeX did not properly disable shell escape. An attacker could possibly use this issue to execute arbitrary shell commands.
0dcdb7dba102cbaf12dc94678349cca8c6c28a3e57f65bdb436b58404469aca1Ubuntu Security Notice 6116-1 - It was discovered that hawk incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
af45de218e8096c29fc77f4a3e3f0fb10f1d977fc11f28dab974151edfe2454cUbuntu Security Notice 6114-1 - Yeting Li discovered that nth-check incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
90315d15a112db101c9738a23fd0aa077e1aebfd3aa40cb81f6a4f4deed285c0Ubuntu Security Notice 6113-1 - It was discovered that Jhead did not properly handle certain crafted images while processing the Exif markers. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service.
c993c68ee262aa79c6867dcc73d49e0e1b48473cb4ae745e18efc06b67e12858Gentoo Linux Security Advisory 202305-33 - Multiple vulnerabilities have been found in OpenImageIO, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.4.6.0 are affected.
3dd527d2b5e7ca984a2b0a358b5b181b237ddce19dac490dbe16bf6d387b633dGentoo Linux Security Advisory 202305-35 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 102.10.0:esr are affected.
80fb46eeb6bf6b4a190797c274bb247b815138162b8deea3f7a113e5d441ebc6Gentoo Linux Security Advisory 202305-32 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.40.1 are affected.
906ab1ece4af058a436e7f776c3157d7dbe079d880f2fc7014b44b4ea3fab838
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed