Monthly Archive: January 2020

The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files. Date published : 2020-01-31 http://www.openwall.com/lists/oss-security/2011/11/04/2 http://www.openwall.com/lists/oss-security/2011/11/04/4

_is_safe in the File::Temp module for Perl does not properly handle symlinks. Date published : 2020-01-31 http://www.openwall.com/lists/oss-security/2011/11/04/2 http://www.openwall.com/lists/oss-security/2011/11/04/4

Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files. Date published : 2020-01-31 https://rt.cpan.org/Public/Bug/Display.html?id=68298 http://www.openwall.com/lists/oss-security/2011/11/04/2

ABRT might allow attackers to obtain sensitive information from crash reports. Date published : 2020-01-31 http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071027.html https://exchange.xforce.ibmcloud.com/vulnerabilities/71871

Evernote prior to 5.5.1 has insecure password change Date published : 2020-01-31 https://exchange.xforce.ibmcloud.com/vulnerabilities/89734 https://packetstormsecurity.com/files/author/8433/

LastPass prior to 2.5.1 allows secure wipe bypass. Date published : 2020-01-31 http://blog.c22.cc/2013/09/05/a-sneak-peak-into-android-secure-containers-2/ https://blog.c22.cc/advisories/cve-2013-51135114-lastpass-android-container-pin-and-auto-wipe-security-feature-bypass/

LastPass prior to 2.5.1 has an insecure PIN implementation. Date published : 2020-01-31 http://blog.c22.cc/2013/09/05/a-sneak-peak-into-android-secure-containers-2/ https://blog.c22.cc/advisories/cve-2013-51135114-lastpass-android-container-pin-and-auto-wipe-security-feature-bypass/

Evernote before 5.5.1 has insecure PIN storage Date published : 2020-01-31 https://blog.c22.cc/advisories/cve-2013-5112-evernote-android-insecure-storage-of-pin-data-bypass-of-pin-protection/ https://exchange.xforce.ibmcloud.com/vulnerabilities/89735

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2)...

Buffer overflow in Media Player Classic – Home Cinema (MPC-HC) before 1.7.0 allows remote attackers to execute arbitrary code via a crafted RealMedia .rm file Date published : 2020-01-31 http://mpc-hc.org/2013/09/29/1.7.0-released https://exchange.xforce.ibmcloud.com/vulnerabilities/87695

Stack-based buffer overflow in Media Player Classic – Home Cinema (MPC-HC) before 1.7.0.7858 allows remote attackers to execute arbitrary code via a crafted MPEG-2 Transport Stream (M2TS) file. Date published : 2020-01-31 http://mpc-hc.org/2013/09/29/1.7.0-released https://exchange.xforce.ibmcloud.com/vulnerabilities/87695

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. Date published : 2020-01-31 https://www.securityfocus.com/archive/1/526552 https://exchange.xforce.ibmcloud.com/vulnerabilities/84063

Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the...

Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value. Date published : 2020-01-31 http://aircrack-ng.blogspot.com/2014/10/aircrack-ng-12-release-candidate-1.html https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b