openSUSE: Security Advisory for wdiff (openSUSE-SU-2022:10031-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

savannahchildrensmuseum.org Cross Site Scripting vulnerability OBB-3740048

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

savannahinshorefishing.com Cross Site Scripting vulnerability OBB-3391526

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

savannahequipment.com.au Cross Site Scripting vulnerability OBB-2837433

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

savannah.dental Cross Site Scripting vulnerability OBB-2799318

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

savannahgardenhotel.us Cross Site Scripting vulnerability OBB-2324079

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

savannah.gnu.org XSS vulnerability

Open Bug Bounty ID: OBB-636261 Description| Value ---|--- Affected Website:| savannah.gnu.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-0494

GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the respnew function in http.c via a \r\n sequence in a continuation line...

A week in security (February 12 – February 18)

Last week on Malwarebytes Labs, we looked at a huge Android cryptomining campaign, malicious apps on Google Play, and some Apple scams doing the rounds. We also explored the world of healthcare security, and dived into the land of scammy Valentine's Day tricks and cheats. Other news Thought the...

CVE-2016-10324

In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osipclrncpy function defined in osipparser2/osipport.c...

m.savannah.com XSS vulnerability

Open Bug Bounty ID: OBB-111852 Description| Value ---|--- Affected Website:| m.savannah.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2014-9674

The MacReadPOSTResource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service integer overflow and heap-based buffer overflow or possibly have unspecified other...

CVE-2014-9672

Array index error in the parsefond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service out-of-bounds read or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file...

openSUSE Security Update : freetype2 (openSUSE-SU-2013:0165-1)

BNC795826, CVE-2012-5668.patch bdf Fix Savannah bug 37905. - src/bdf/bdflib.c bdfparsestart: Reset propssize' to zero in case of allocation error; this value gets used in a loop in - BNC795826, CVE-2012-5669.patch bdf Fix Savannah bug 37906. - src/bdf/bdflib.c bdfparseglyphs: Use correct array...

Week in Security: Wikileaks Extravaganza, New Ransomware and Open-Source Attacks

It was difficult to go anywhere this week without hearing about the flurry of activity surrounding the Wikileaks data dump. A slew of denial-of-service attacks followed soon after, while new ransomware and attacks on open-source software filled out the rest of the week’s news. Read on for the wee...

ProFTPD Server Backdoored

The main server used to distribute the open-source ProFTPD software was compromised over the weekend through the use of a bug in the FTP software itself, and a backdoored version of the software was uploaded and distributed for several days as a result. Because of the compromise, the backdoored...

Savannah GNU Site Compromised

A site belonging to the Savannah GNU free software archive was attacked recently, leading to a compromise of encrypted passwords and enabling the attackers to access restricted project material. The compromise was the result of a SQL injection attack against the savannah.gnu.org site within the...

CVE-2010-2807

FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font file...

CVE-2009-4882

Cross-site scripting XSS vulnerability in zc/publisher/html.rb in ZoneCheck 2.0.4-13 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the ns parameter to zc.cgi...

SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability

SpamAssassin Milter Plugin is prone to a remote command- injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with root privileges. SpamAssassin Milter Plugin 0.3.1 is affected; other...