An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list’s archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be...
A flaw was found in dmg2img through 20170502. fill_mishblk() does not check the length of the read buffer, and copy 0xCC bytes from it. The length of the buffer is controlled by an attacker....
Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to escalate privileges on affected...
An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file. Date published : 2021-05-26 https://bugzilla.redhat.com/show_bug.cgi?id=1948696...
Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file. Date published : 2021-05-26...
A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences. Date published : 2021-05-26 https://bugzilla.redhat.com/show_bug.cgi?id=1948679 https://github.com/cacalabs/libcaca/issues/54
A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences. Date published : 2021-05-26 https://bugzilla.redhat.com/show_bug.cgi?id=1948675 https://github.com/cacalabs/libcaca/issues/53
A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value. Date published : 2021-05-26 https://bugzilla.redhat.com/show_bug.cgi?id=1947458
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. Date published : 2021-05-26 https://bugzilla.redhat.com/show_bug.cgi?id=1947441
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. Date published : 2021-05-26 https://bugzilla.redhat.com/show_bug.cgi?id=1947436
A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. Date published : 2021-05-26 https://bugzilla.redhat.com/show_bug.cgi?id=1947433
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. Date published : 2021-05-26 https://github.com/eclipse-ee4j/el-ri/issues/155 https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/
Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. The dep_description (Dependency Description) and dep_name (Dependency Name) parameters are vulnerable to stored XSS. A user has to log in and go to...
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo. Date published : 2021-05-26 https://developer.joomla.org/security-centre/854-20210503-core-csrf-in-data-download-endpoints.html