An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. Date published : 2019-03-24 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 https://usn.ubuntu.com/4042-1/
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters. Date published : 2019-03-24 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. Date published : 2019-03-24 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41275 https://usn.ubuntu.com/4042-1/
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. Date published : 2019-03-24 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker. Date published : 2019-03-24 http://dev.cmsmadesimple.org/bug/view/12001 https://ctrsec.io/index.php/2019/03/24/cmsmadesimple-xss-filepicker/
GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring. Date published : 2019-03-24 https://ctrsec.io/index.php/2019/03/24/gforge-advanced-server-xss-commonsearch-php/
baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file. Date...
In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated. Date published : 2019-03-24 https://blog.csdn.net/yalecaltech/article/details/88594388
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a...
Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function. Date published : 2019-03-23 https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call. Date published : 2019-03-23 http://seclists.org/fulldisclosure/2020/Feb/26 http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application...
XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399. Date published : 2019-03-23 https://code610.blogspot.com/2019/03/crashing-xnview-248.html
XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem. Date published : 2019-03-23 https://code610.blogspot.com/2019/03/crashing-xnview-248.html