Monthly Archive: May 2018

NULL pointer deference in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by copac2xml. Date published : 2018-05-07...

The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. Date published : 2018-05-06...

Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Date published : 2018-05-06...

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages...

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input...

An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST[‘path’] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in...

GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a rn sequence in a continuation line. Date published : 2018-05-06 http://www.securityfocus.com/bid/104129 https://www.debian.org/security/2018/dsa-4195

The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles. Date published : 2018-05-05 https://github.com/datenstrom/yellow/issues/322

CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt. Date published : 2018-05-05 https://www.exploit-db.com/exploits/44589/ https://github.com/dukereborn/cmum/commit/c89158ec646c4e8e95587b650f6fd86b502ff8b5

Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql. Date published : 2018-05-05 https://gist.github.com/llandeilocymro/2438a0b5aba8b387c86d7e3181ecbe76

389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request. Date published : 2018-05-04 https://bugzilla.redhat.com/show_bug.cgi?id=675320 https://bugzilla.redhat.com/show_bug.cgi?id=676876

gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries. Date published : 2018-05-04 https://bugzilla.redhat.com/show_bug.cgi?id=884854

Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys. Date published : 2018-05-04 https://bugzilla.redhat.com/show_bug.cgi?id=980821 https://github.com/ansible/ansible/issues/857

Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access...