Debian Linux Security Advisory 5434-1 - A heap-based buffer overflow vulnerability was found in the HTTP chunk parsing code of minidlna, a lightweight DLNA/UPnP-AV server, which may result in denial of service or the execution of arbitrary code.
7f71f9245838fb544dc4679d61458c69044ed1975fd9c395139c5b8893ef09f2
Ubuntu Security Notice 6182-1 - It was discovered that pngcheck incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
36d4d487593b3247a8408868b62fd272f8b8ba69f8442f9e384a1610e227a0fa
PHP Online School version 1.0 suffers from a cross site scripting vulnerability.
f03972c1e09a9186ceda63b51379c7322f797984280b34e747cead9ca8483d0d
PHP Mail version 5.0 suffers from a cross site scripting vulnerability.
ab9cccf88065d059ab46972fbfac65d69ffa30754d5ac7563f151812c102ac6b
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
d4bf0dd35e7f595f34a440ebf4234df24faa2602c302b96c43274dbb317803b3
Ubuntu Security Notice 6181-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. This issue only affected Ubuntu 22.10. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service.
f634308d9f8170226b080952b6f1730c28beb18e02e1b9af7f1902121a0a253c
Ubuntu Security Notice 6180-1 - It was discovered that VLC could be made to read out of bounds when decoding image files. If a user were tricked into opening a crafted image file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that VLC could be made to write out of bounds when processing H.264 video files. If a user were tricked into opening a crafted H.264 video file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
c52af8630ae166c542bdfafe10cf863aa88d4e80d4e6850258db0ed837428cb6
Nokia ASIKA version 7.13.52 suffers from a hard-coded private key disclosure vulnerability.
ba290e4ad8f61e25e13991a6b32e0f12e28123576ee71b01dfcecb7262302d64
Red Hat Security Advisory 2023-3705-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
d9170a36430152a0d4ba9fe37a5440e6cdc18a63346a7327047c49cb6c7e80ff
WordPress Super Socializer plugin version 7.13.52 suffers from a cross site scripting vulnerability.
500b777953696c9fdb839937351514402c8d413e3650f3e88f7299c12594f542
Ubuntu Security Notice 6143-3 - USN-6143-1 fixed vulnerabilities and USN-6143-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.
e690f8d3c152b17d38443bd09682b13c330339ba11e481a3a6a3374c0990b471
Accent Microcomputers CMS version 2.4 suffers from a directory traversal vulnerability.
b97b79554d7e5c0c7a8d861646a222bb108524fbbcdddc5ba9bf4b8cca5eab8c
PHP Car Dealer version 3.0 suffers from a cross site scripting vulnerability.
5d7cda295322273a07765d0e26863912ad7bb4ef36801e228c39142c37806ef6
Debian Linux Security Advisory 5433-1 - Gregory James Duck reported that missing input validation in various functions provided by libx11, the X11 client-side library, may result in denial of service.
99cc65c1ad12a278a4a4e25bf0b90ba31d13ff5fd3f7e054cbc9ea208033a4a4
WordPress WP Sticky Social plugin version 1.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
479e92cf55475922a543143a9c1fe4f295337a3f7b58ea422c35e1964de638fd
Ubuntu Security Notice 5948-2 - USN-5948-1 fixed vulnerabilities in Werkzeug. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies.
ba83f0682203fee0c453506a48dc08ac74fabba29b013868628afba2887e223f
A Cart version 2.0 suffers from a database disclosure vulnerability.
f02d0af5684e95ea2a0babb2e693e32db722ba7f6a1d94ea916d95540c7adc2e
3CX Open Standards Software IP PBX Thailand version 2.0.3 suffers from a cross site scripting vulnerability.
54c4956a1f5cfc0d4ae4e2fc7a1375fbf20a46a97c6e71f33753fed6e0c8ac71
SPIP versions 4.2.1 and below suffer from an unauthenticated remote code execution vulnerability.
bc549f06980b67c5d5fb853b317d52b6bf509cd5c2baedf878192f640f78097d
Talroo Jobs Script version 1.0 suffers from a cross site scripting vulnerability.
e57e88ecbbb2f0aa0cc689b5631c6a21fe165b9af9b9597251c61b3f3b1f8fa5
Ubuntu Security Notice 6168-2 - USN-6168-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use this issue to cause libx11 to crash, resulting in a denial of service.
cfbed00d12ce5e17e808411a3087316dc771868a1016244059c6b0aef5d4d9c7
WordPress BookIt plugin versions 2.3.7 and below suffer from an authentication bypass vulnerability.
61dc50a9de429ab9f4cfeb4f8a3e4d9cf106deb606d16a976ab70609cc9d514f