Ubuntu Security Notice 3883-1 - It was discovered that LibreOffice incorrectly handled certain document files. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. It was discovered that LibreOffice incorrectly handled embedded SMB connections in document files. If a user were tricked in to opening a specially crafted document, a remote attacker could possibly exploit this to obtain sensitive information. Various other issues were also addressed.
3590319206e9f994fc6427d7de0f5ff90c527befe59e8cf74e9ea0c9042ca778
Ubuntu Security Notice 3882-1 - Wenxiang Qian discovered that curl incorrectly handled certain NTLM authentication messages. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. Various other issues were also addressed.
8730f1a95efb3ad9f330fd2c5e6d04c57d0239a933014e5309ef2e03007ce512
Smoothwall Express version 3.1-SP4-polar-x86_64-update9 suffers from a cross site scripting vulnerability.
c5b15d19a2f8686b7ac757fc9a606f57aae44781a679d8b37cda7e2bcb21ca4b
FreeBSD Security Advisory - FreeBSD 12.0 attempts to handle the case where the receiving process does not provide a sufficiently large buffer for an incoming control message containing rights. In particular, to avoid leaking the corresponding descriptors into the receiving process' descriptor table, the kernel handles the truncation case by closing descriptors referenced by the discarded message. The code which performs this operation failed to release a reference obtained on the file corresponding to a received right. This bug can be used to cause the reference counter to wrap around and free the file structure. A local user can exploit the bug to gain root privileges or escape from a jail.
855f095edd8dddc5d144dfb14428d131335a8466a40afb0a5c40cf8aee8b1767
FreeBSD Security Advisory - The callee-save registers are used by kernel and for some of them (%r8, %r10, and for non-PTI configurations, %r9) the content is not sanitized before return from syscalls, potentially leaking sensitive information. Typically an address of some kernel data structure used in the syscall implementation, is exposed.
236a816eea4311588ca36396d798417774e37912f40da745164d7609d6d42425
Debian Linux Security Advisory 4385-1 - halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else in the system. Only installations using.
6833491f703287eb135623eab6b3f3e0926f3acd5a1bb2dc72afa6c93a8a9b33
River Past Audio Converter version 7.7.16 buffer overflow SEH exploit.
3719a0414392319cb88b60d4f36ea298ed46b68d879c1d4839d716282a54bd01
osCommerce version 2.3.4.1 suffers from multiple remote SQL injection vulnerabilities.
7f8db9f4e59304f4d92aaa0b162605bd0f19e024b7b035707a7068233624f758
WordPress YOP Poll plugin version 6.0.2 suffers from a cross site scripting vulnerability.
6ce5b54aff4a8eac3fb2bd30e96e747b3ca49fdaeb6c68b860c1055e4e5cbac1
Ubuntu Security Notice 3881-2 - USN-3881-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Various other issues were also addressed.
1d145a7d6061f246f48a848680c45f7979b1476512372f57248c8bafef25526b
WordPress WP Live Chat plugin version 8.0.18 suffers from a cross site scripting vulnerability.
3c65dace4c32d5bb126aa011b151f596a00ebdef9522b9a5d705ba4cc01d15a9
WordPress wpGoogleMaps plugin version 7.10.41 suffers from a cross site scripting vulnerability.
f839348b93ef6d68bb7fa55e3bc44b4563269eef679bb15b156c9865df902894
Incorrect convexity assumptions in Skia can lead to multiple buffer overflow vulnerabilities.
3a576a2a2e1e3f21c3c1af4f1257d137b7f010a80f1df3c8ddb7ca7a404aec6d
WordPress Social Networks Auto-Poster plugin version 4.2.7 suffers from a cross site scripting vulnerability.
131fb95529c8c295332376c3c639587c0c1bdb88d79767257773c33c5517a8b3
OpenMRS Platform versions prior to 2.24.0 suffers from an insecure object deserialization vulnerability.
9bf1c1fe0961989653634a152fe1a2263d4a1488abc16bf63c5f68b95b248603
WordPress KingComposer plugin version 2.7.6 suffers from a cross site scripting vulnerability.
70463eecc91264546a0667f547952464557785a98fd5161513136df55b04811a
WordPress Give plugin version 2.3.0 suffers from a cross site scripting vulnerability.
ce3e8a04fae75df5ec50fe510a670381280f4159ff3a19cae2f7fb1e69c1d11d
Zyxel VMG3312-B10B DSL-491HNU-B1 V2 suffers from a cross site request forgery vulnerability.
7e3f03a26f7f5517b57b3f61a2a52176b323d51206b8e0458c08ca72520f6a92
WordPress Font Organizer plugin version 2.1.1 suffers from a cross site scripting vulnerability.
9d04b6f05bfa2febbf6a55a21c100165d435279f2ee32ef5182b3528a606e6ef
River Past Audio Converter version 7.7.16 denial of service proof of concept exploit.
53850925202915ffedf3ddfced1e2f2e75428d4cb7c1ed526e961d86c36179b0
WordPress Contact Form Email plugin version 1.2.65 suffers from cross site request forgery and cross site scripting vulnerabilities.
64c84aa453d6ebfbed2c8ac62d02d372dae688e4612e07e2beebf57ebe30e1ad
Device Monitoring Studio version 8.10.00.8925 denial of service proof of concept exploit.
5c277f3328ce1e7a1812b46620dc796a0eab49bcd849fe88b89607082d0e8377
WordPress Blog2Social plugin version 5.0.2 suffers from a cross site scripting vulnerability.
1164c4f3459b90f4f361cf7c366150917d4e8842d712ac45c41850a2392947ab
Linux/x86 random insertion encoder and decoder shellcode generator.
1c874cdca741bb9b1f5cb83bff6c4ba8db8cdc97becf03410749a4943debc7e3