Monthly Archive: July 2018

A flaw was found in the Linux kernel’s ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a...

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate...

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A use-after-free can occur in _pbcM_sp_query in map.c. Date published : 2018-07-29 https://github.com/cloudwu/pbc/issues/125#issue-343980779

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_decode in context.c. Date published : 2018-07-29 https://github.com/cloudwu/pbc/issues/122#issuecomment-407367002

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy. Date published : 2018-07-29 https://github.com/cloudwu/pbc/issues/122#issuecomment-407368019

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_pack in pattern.c. Date published : 2018-07-29 https://github.com/cloudwu/pbc/issues/122#issuecomment-407367289

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c while making a query. Date published : 2018-07-29 https://github.com/cloudwu/pbc/issues/122#issuecomment-407363750

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_set_default in pattern.c. Date published : 2018-07-29 https://github.com/cloudwu/pbc/issues/122#issuecomment-407323971

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmessage_message in rmessage.c. Date published : 2018-07-29 https://github.com/cloudwu/pbc/issues/122#issuecomment-407309546

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A NULL pointer dereference can occur in pbc_wmessage_string in wmessage.c. Date published : 2018-07-29 https://github.com/cloudwu/pbc/issues/122#issuecomment-407303005

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A buffer over-read can occur in pbc_wmessage_string in wmessage.c for PTYPE_ENUM. Date published : 2018-07-29 https://github.com/cloudwu/pbc/issues/123#issue-343906084

drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). Date published :...

system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted add_do.php request, related to add_book.php. Date published : 2018-07-28 https://github.com/TonyKentClark/MyCodeAudit/blob/master/xycms%20%20v1.7

The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php. Date published : 2018-07-28 https://github.com/TonyKentClark/MyCodeAudit/blob/master/gxlcms1.1.4