Monthly Archive: July 2019

invenio-app before 1.1.1 allows host header injection. Date published : 2019-07-29 https://github.com/inveniosoftware/invenio-app/security/advisories/GHSA-94mf-xfg5-r247

invenio-communities before 1.0.0a20 allows XSS. Date published : 2019-07-29 https://github.com/inveniosoftware/invenio-communities/security/advisories/GHSA-mfv8-q39f-mgfg

Tridactyl before 1.16.0 allows fake key events. Date published : 2019-07-29 https://github.com/tridactyl/tridactyl/security/advisories/GHSA-7qr7-93pf-hr8f

invenio-records before 1.2.2 allows XSS. Date published : 2019-07-29 https://github.com/inveniosoftware/invenio-records/security/advisories/GHSA-vxh3-mvv7-265j

Pterodactyl before 0.7.14 with 2FA allows credential sniffing. Date published : 2019-07-29 https://github.com/pterodactyl/panel/security/advisories/GHSA-vcm9-hx3q-qwj8

yard before 0.9.20 allows path traversal. Date published : 2019-07-29 https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr

An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a heap-based buffer over-read in libpng via a crafted flif file. Date published : 2019-07-28 https://github.com/FLIF-hub/FLIF/issues/541

In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c. Date published : 2019-07-28 https://bugzilla.libav.org/show_bug.cgi?id=1165 https://lists.debian.org/debian-lts-announce/2019/09/msg00000.html

An issue was discovered in Libav 12.3. There is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag. Date published : 2019-07-28 https://bugzilla.libav.org/show_bug.cgi?id=1163

In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service. Date published : 2019-07-28 https://github.com/Exiv2/exiv2/issues/954

Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file. Date published : 2019-07-28 https://github.com/Exiv2/exiv2/issues/953

Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp. Date published : 2019-07-28 https://github.com/Exiv2/exiv2/issues/952

An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter. Date...

A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet. Date published :...