Monthly Archive: January 2020

Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. Date published : 2020-01-27 https://bugzilla.zimbra.com/show_bug.cgi?id=96105 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error...

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db. Date published :...

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx. Date published : 2020-01-27 http://packetstormsecurity.com/files/129465/SGI-Tempo-vx-Setuid-Privilege-Escalation.html https://labs.mwrinfosecurity.com/advisories/2014/12/02/sgi-suid-root-privilege-escalation/

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw. Date published :...

Synacor Zimbra Collaboration before 8.0.8 has XSS. Date published : 2020-01-27 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Proxmox VE prior to 3.2: ‘AccessControl.pm’ User Enumeration Vulnerability Date published : 2020-01-27 http://www.openwall.com/lists/oss-security/2014/06/17/16 http://www.securityfocus.com/bid/68028

Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP. Date published : 2020-01-27 http://www.openwall.com/lists/oss-security/2014/06/06/10 http://www.openwall.com/lists/oss-security/2014/06/11/2

CRLF injection vulnerability in ZendMail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF...

Zimbra Collaboration before 8.6.0 patch5 has XSS. Date published : 2020-01-27 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. Date published : 2020-01-27 http://www.debian.org/security/2015/dsa-3191 https://bugzilla.redhat.com/show_bug.cgi?id=1196323

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection...

Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and...

Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated...