UBUNTU-CVE-2020-26571

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in scpkcs15emugemsafeGPKinit...

Securing Space 4.0 – One Small Step or a Giant Leap? - Part 2

ARCHIVED STORY Securing Space 4.0 – One Small Step or a Giant Leap? Part 2 By Eoin Carroll · September 30, 2020 McAfee Advanced Threat Research ATR is collaborating with Cork Institute of Technology CIT and its Blackrock Castle Observatory BCO and the National Space Center in Cork, Ireland. In th...

MISP Link Jumping Vulnerability

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.132. The vulnerability stems...

File Containment Vulnerability in Destoon B2B Content Management System Backend (CNVD-2020-50908)

DESTOON® B2B Website Management System is an open source B2B e-commerce industry portal solution based on PHP+MySQL. A file inclusion vulnerability exists in the backend of the Destoon B2B content management system, which can be exploited by attackers to gain server administrative privileges...

Microsoft Joins Open Source Security Foundation

Microsoft has invested in the security of open-source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation OpenSSF, a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings...

Microsoft Joins Open Source Security Foundation

Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation OpenSSF, a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings...

MISP Cross-Site Request Forgery Vulnerability

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site request forgery vulnerability exists in MISP versions prior to 2.4.129. The...

Microsoft Tackles 123 Fixes for July Patch Tuesday

A critical DNS bug and a publicly known elevation-of-privilege flaw top Microsoft’s July Patch Tuesday list of 123 fixes. The DNS flaw is a remote code-execution bug and is touted as one of the most critical Windows vulnerabilities released this year, earning the highest-severity CVSS score of 10...

KLA11861 Multiple vulnerabilities in Microsoft Products (OSS)

Multiple vulnerabilities were found in Microsoft Products Open Source Software. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in Bond can be exploited remotely via...

Unspecified Vulnerability in iFAX Solutions HylaFAX+ and HylaFAX Enterprise (CNVD-2021-19773)

iFAX Solutions HylaFAX+ is an open source, enterprise-class send and receive fax system from iFAX Solutions, Inc. The system provides fax functionality for users on a local area network.HylaFAX Enterprise is the commercial version. A security vulnerability exists in iFAX Solutions HylaFAX+ 7.0.2...

Unspecified vulnerability in aaPanel

aaPanel is an open source hosting control panel. A security vulnerability exists in aaPanel 6.6.6 and earlier versions. A remote attacker can exploit this vulnerability by modifying the /system?action=ServiceAdmin request sent to the Sotfware Store settings menu to execute arbitrary commands...

Extreme CMS suffers from SQL injection vulnerability (CNVD-2020-44109)

Extreme CMS is an open source PHPCMS web content management system. Extreme CMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

gfoss-geographic-free-and-open-source-software-italian-mailing.3056002.n2.nabble.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1184654 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

SQL Injection Vulnerability in Health Collection and Reporting System of Shanxi Xianqi Technology Co.

The health collection and reporting system is developed by PHP+mysql and the code is completely open source for secondary development. Shanxi Xianqi Technology Co., Ltd. health collection and reporting system SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive...

SQL Injection Vulnerability in Health Collection Reporting System (CNVD-2020-30198)

The health collection and reporting system is developed by PHP+mysql and the code is completely open source for secondary development. Health collection and reporting system has a SQL injection vulnerability, attackers can exploit the vulnerability to obtain sensitive database information...

Command Execution Vulnerability in XYHCMS of Kunming Yuntao Technology Co.

XYHCMS is a completely open source CMS content management system. A command execution vulnerability exists in XYHCMS by Kunming Yuntao Technology Co. An attacker can exploit the vulnerability to gain control of the server...

LJCMS suffers from SQL injection vulnerability (CNVD-2020-26976)

LJCMS is a PHP+MYSQL based, free and open source enterprise website system. LJCMS has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...

Arbitrary File Download Vulnerability in WMCMS

WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS has an arbitrary file download vulnerability that can be exploited by attackers to download sensitive server files...

Open Upload Cross-Site Scripting Vulnerability

Open Upload is a PHP-based, extensible, open source application for file uploading and downloading. A cross-site scripting vulnerability exists in Open Upload 0.4.3 and prior versions. The vulnerability stems from the WEB application's lack of proper validation of client-side data. An attacker ca...

arrow:parquet-arrow-fuzz: Heap-buffer-overflow in virtual thunk to parquet::ByteStreamSplitDecoder<parquet::PhysicalType<

Project: https://github.com/apache/arrow.git Detailed Report: https://oss-fuzz.com/testcase?key=4890562181464064 Project: arrow Fuzzing Engine: afl Fuzz Target: parquet-arrow-fuzz Job Type: aflasanarrow Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x60f0000003df Crash...