** DISPUTED ** mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The ‘Title’ and ‘Subtitle’ fields of the ‘Blog’ page are vulnerable. NOTE: The...
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure...
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block ‘/’ characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite. Date published : 2018-02-23...
Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by...
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836. Date...
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record. Date published : 2018-02-23 https://www.debian.org/security/2018/dsa-4129 https://security.gentoo.org/glsa/202007-44
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function. Date published : 2018-02-23 https://www.debian.org/security/2018/dsa-4129 https://security.gentoo.org/glsa/202007-44
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function. Date published : 2018-02-23 https://www.debian.org/security/2018/dsa-4129 https://security.gentoo.org/glsa/202007-44
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function. Date published : 2018-02-23 https://www.debian.org/security/2018/dsa-4129 https://security.gentoo.org/glsa/202007-44
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function. Date published : 2018-02-23 https://www.debian.org/security/2018/dsa-4129 https://security.gentoo.org/glsa/202007-44
zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php. Date published : 2018-02-23 https://github.com/kongxin520/zzcms/blob/master/zzcms_8.2_bug.md
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a...
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks. Date published : 2018-02-23 http://www.securityfocus.com/bid/103163...
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. Date published : 2018-02-23 http://www.securityfocus.com/bid/103159 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14443