Ubuntu Security Notice 6200-1 - It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
4624c32fa88c1256496ddb16ef8578660e852b2894774605d467f2dca0b95882Debian Linux Security Advisory 5446-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly handle permission validation for pipe devices, which could result in the execution of arbitrary commands if malformed document files are processed.
9d5b0000e02f7ecf102958a7f33f69739326f3cb8de448506ada14b9cc59ba95Ubuntu Security Notice 6199-1 - It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information.
f900e85ecda5d4b00c19b39d7bf754425099337a6a82556ace53811d967446d9Ubuntu Security Notice 6198-1 - It was discovered that GNU Screen was not properly checking user identifiers before sending certain signals to target processes. If GNU Screen was installed as setuid or setgid, a local attacker could possibly use this issue to cause a denial of service on a target application.
94557e4c5e166f2100589b7d82c59e27794bdef4dab4affe45bb7a269566ae21Citrix Gateway and Cloud MFA suffers from an insufficient session validation vulnerability.
6aa0e0152240884fa1d676a43396adfc4092dd7078df0dc77fd19b8dbddd2eb9Qualcomm Adreno/KGSL suffers from an issue where code in user-writable mapping is executed in non-protected mode.
795d9bc48251143119585b455550c6ef9db1db6cead5a6bfba90baa195ff4c43Ubuntu Security Notice 6197-1 - It was discovered that OpenLDAP was not properly performing bounds checks when executing functions related to LDAP URLs. An attacker could possibly use this issue to cause a denial of service.
6b877260af7434fe6c5bef2dea1811e054961d48c8fc6824f971b54be856ecdbWordPress WP AutoComplete Search plugin versions 1.0.4 and below suffer from a remote SQL injection vulnerability.
b3184bcc98720f70933dff85f8bc1fb069a559a62b25c7a7bb2f9cef90f04463D-Link DAP-1325 suffers from an insecure direct object reference vulnerability.
4548841ea03f3266179288f0cf24c3beb3d9e505ee2916e0c7ae0044d092874bPOS Codekop version 2.0 suffers from a remote shell upload vulnerability.
5aa6755a5b65a13638c64fca7152e27a5e9265f28f9a56f9146dc230387f94afAppleZeed CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
b10dc7fe6d4f1a88b74eac3ee061dec5b828171e6513804abc4b45080828e37bArlisistem version 3.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
3c01ce8957dbd81d3f42a76189309ee0a712c754c4c79ad005afe222d26c83e3ArticleSetup Script CMS version 1.02 suffers from a cross site request forgery vulnerability.
81a94c8ac47ab696c3c9dc187d2cd857d00d66d82cbc371eed6630cff1133fbfApnaTrademark CMS version 2.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c5d3eb4f5e4586c02a310cf8e835b4076c15661503b5edf536dc4c5f66ec2fccApPHP MicroCMS version 1.0.1 re-embeds arbitrary content from the client into web pages.
90a491317ac9d98ff53982fb318f3833c99e02bd4a350ef460b3ef8fc41801beAllhandsmarketing LMS version 2.0 appears to leave default credentials installed after installation.
0a7fac5bafe3427ff8eb1fc34e70edd00e6c7158cc594c2c05032b3247e8c68dAllhandsmarketing CMS version 3.01 suffers from a remote SQL injection vulnerability.
a8808a32c37d453f04b04130b28e0217fc95dbea5b67e2ca11fd868d4e0d40feCar Rental Script version 1.8 suffers from a cross site scripting vulnerability.
8f7b22898dc1f052e732a313265bdb7049c691e2c912f5c1a05a8742c3eb7082Ubuntu Security Notice 6196-1 - It was discovered that ReportLab incorrectly handled certain PDF files. An attacker could possibly use this issue to execute arbitrary code.
e026b45fd846a7589b5526ab0bbeefa3a7df519227c30e6d5c5fba41e6ae5cf4Ubuntu Security Notice 6195-1 - It was discovered that Vim contained an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim did not properly manage memory when freeing allocated memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim contained a heap-based buffer overflow vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
29f833f24c2a89c590d47753e52856b7a359502c3934e218ac002ee4ec4f7dddAllhandsmarketing LMS version 2.0 suffers from a cross site request forgery vulnerability.
15c4bd37f519f3ffdb2de431ebb56e2c3e805be9de967a734c44922073c1d9f6Adveris CMS version 3.0 suffers from a cross site scripting vulnerability.
f4e69d15add89915deaf239446b331cc9106cc57ee69bf29f992d6be03d4d471Advanced HRM version 1.6 allows for the reseting of the administrative password.
a4c93b1a74bac9fbda8b0966c5103bd24cf474cf052b29b5dbecf1008f00967fADMINA BULGARIA Ltd version 1.0 appears to leave default credentials installed after installation.
a4458b10fa49097064d3c4a75d4d346fde8108f8f2e6c3de78d532840632ea7eActive Super Shop version 1.5.1 suffers from an html injection vulnerability.
941a4dae5e50b0763b89ebe38bff7616dc8d063ab582b38e4439551746993fbd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed