LimeSurvey versions 3.17.13 and below suffer from reflective and persistent cross site scripting vulnerabilities.
573baf1603249a448f854d8c59cc5938e7334c20fe44126259027c9914a5cfd5Ubuntu Security Notice 4129-2 - USN-4129-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
ca808233f949031ec0e7406b7ce055219f22a1d9510b3f889b00c3afa809eafbUbuntu Security Notice 4132-2 - USN-4132-1 fixed a vulnerability in Expat. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.
fbf826848766fbaf6449cfc545a84245112caf7d7af0ab789fe8de9e2663cc08Ubuntu Security Notice 4132-1 - It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.
5ae3d88ee962e285840c5782f010c4b59205cbcb83198b238a4a581d3a31fa04Red Hat Security Advisory 2019-2766-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains updated container images for multus-cni, operator-lifecycle-manager, and operator-registry in Red Hat OpenShift Container Platform 4.1.15. Each of these container images includes gRPC, which has been updated with the fixes for unbounded memory growth issues.
28beccc442a59539035c257dfef710a8afe7ed630b705656774aed0f1e5791f3Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
773bd57df2aeae1694a0b7fbfb34283ba24799cfd6299eed696630fc9ebeecbfThis is a generic arbitrary file overwrite technique, which typically results in remote command execution. This targets a simple yet widespread vulnerability that has been seen affecting a variety of popular products including HP, Amazon, Apache, Cisco, etc. The idea is that often archive extraction libraries have no mitigations against directory traversal attacks. If an application uses it, there is a risk when opening an archive that is maliciously modified, and results in the embedded payload to be written to an arbitrary location (such as a web root), and results in remote code execution.
8f0ccbdfa41b81ddec1fba4936ed5ca28502dd6600b5ac754d4fe23b7ec5988dRed Hat Security Advisory 2019-2756-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.255. Issues addressed include a code execution vulnerability.
24fb48adc8986069cc7280ed8bc4147fac4efc086dd46e3af9b271adfdb50da1Red Hat Security Advisory 2019-2746-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
d98d71f0e6f8a7c11eaeb24675ee7f294833caa8ee363c3c52bb13f5b782bc94Red Hat Security Advisory 2019-2745-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
174cbd24fc1d2e93e73177950504374ebd0ed511c1661841094a7c2ba620ac1dRed Hat Security Advisory 2019-2743-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include a code execution vulnerability.
9861f6776353801b0f0be0a7e9ac3f21f608c13cc8b9a9d6d1f8ccbc3c0425efSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
c1838cd8baf52d6067003bb7b88722a3ba6e50d555c4c77d80b9d986eb702103Slackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.
fe19426b23027a70690a4af7eb2f175ccf43a3c6e29a2239b5251501fe492c0aSlackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
e664a293d86045c1062920c6af0cef870299e2bc60d2a2bf7b469b9cc6f4affaOpencart version 2.3.0.2 pre-authentication remote command execution exploit.
241c2df2c06d04ed1d46433e033708608f5d3557b99ec80f4c641aa0910f2a98
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed