Monthly Archive: May 2021

A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash. Date published...

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this...

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality,...

A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. Date published : 2021-05-13 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUIND56AOKEHHBE4OYV57M73LLOLJRLV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27EQ2JCVMKG3EYTBYO4642P773I2NYUV/

A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data. Date published : 2021-05-13 https://docu.ilias.de/goto_docu_pg_118817_35.html https://docu.ilias.de/goto_docu_pg_118823_35.html

An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload. Date published : 2021-05-13 https://docu.ilias.de/goto_docu_pg_118817_35.html https://docu.ilias.de/goto_docu_pg_122177_35.html

Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php. Date published : 2021-05-13 https://github.com/Ksharp12138/zzcms/issues/1

File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious...

A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest...

The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor....

TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The...

An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated...

A NULL pointer dereference vulnerability exists in eXcall_api.c in Antisip eXosip2 through 5.2.0 when handling certain 3xx redirect responses. Date published : 2021-05-12 http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=f2ed389fe84613512cc560127883e51e6cf8c054

An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post. Date published : 2021-05-12 https://github.com/smartstore/SmartStoreNET/commit/ae03d45e23734555a2aef0b0c3d33c21e076c20f