An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. Date published : 2018-11-29 https://github.com/erikd/libsndfile/issues/429 https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. Date published : 2018-11-29 https://github.com/erikd/libsndfile/issues/429 https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other...
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to...
i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings. Date published : 2018-11-29 https://www.mimaz.org/pocs/i4xss.mp4
In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address...
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. Date published : 2018-11-29 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWRCGXLPJHM4OFD66BINH2FIMYHRCRKF/ https://bugzilla.redhat.com/show_bug.cgi?id=1649420
An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution. Date published : 2018-11-29 https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/...
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the...
IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for ‘become’ passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the...
Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. Date published : 2018-11-29 http://www.securityfocus.com/bid/105964 https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Date published : 2018-11-29 http://www.securityfocus.com/bid/105905 https://helpx.adobe.com/security/products/photoshop/apsb18-43.html
Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure. Date published : 2018-11-29 http://www.securityfocus.com/bid/105907...