Monthly Archive: May 2020

Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter. Date published : 2020-05-09 https://github.com/BrunoBulle/GNUTeca_3.8-SQL_Inj/blob/master/README.md

Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal. Date published : 2020-05-09 https://github.com/BrunoBulle/Miolo_2.0/blob/master/README.md

Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. Date published : 2020-05-09 https://github.com/BrunoBulle/GNUTeca3.8/blob/master/README.md

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. Date published : 2020-05-09 https://github.com/json-c/json-c/pull/592 https://security.netapp.com/advisory/ntap-20210521-0001/

modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. Date published : 2020-05-09 https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63

fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password. Date published...

Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option. Date published : 2020-05-09 https://blog.zulip.org/2020/05/06/zulip-desktop-5-2-0-security-release/

** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a...

The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified...

A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management...

A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a...

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access...

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access...

Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access...