UBUNTU-CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

CVE-2022-21650 Stored XSS via html file upload in convos

Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after...

Wi-Fi STATION SH-52A vulnerable to cross-site scripting

Overview Wi-Fi STATION SH-52A provided by NTT DOCOMO, INC. contains a cross-site scripting vulnerability CWE-79. Takayuki Sasaki of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

PT-2021-17899 · Pillow +9 · Pillow +9

Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 8.2.0 Description: An issue was discovered in Pillow where the BlpImagePlugin did not properly check that reads, after jumping to file offsets, returned data for BLP data. This could lead to a denial of service DoS...

PT-2020-6829 · Unknown · C-Bus Toolkit

Name of the Vulnerable Software and Affected Versions: C-Bus Toolkit versions 1.15.9 and prior Description: A vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. This issue is related to incorrect permission assignment for critical resources, whi...

PT-2020-20037 · Nextcloud +1 · Nextcloud Desktop Client +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client version 2.6.4 Description: The issue concerns a cleartext storage of sensitive information, which exposed details about used proxies and their authentication credentials. Recommendations: For Nextcloud Desktop Client...

PT-2019-6027 · Adobe +1 · Flash Player +1

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 32.0.0.156 and earlier Description: The issue is related to an out-of-bounds read in memory, which could allow a remote attacker to disclose protected information. This is a result of a vulnerability in the softwar...

PT-2018-1820 · Apache +5 · Apache Httpd +6

Name of the Vulnerable Software and Affected Versions: Apache httpd versions 2.2.0 through 2.4.29 Description: The issue is related to the generation of an HTTP Digest authentication challenge, where the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed...

Cimg Heap Buffer Out-of-Bounds Read Vulnerability

CImg is an open source C++ tool library for image processing . A heap buffer out-of-bounds read vulnerability exists in CImg version 220. The vendor has released a security advisory and related patch information to fix this vulnerability, and users are advised to download and use it...

Logstash 5.0.1 released with a security patch

Hi all, we would like to announce that Logstash 5.0.1 has been released with an important security patch. Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. We advise our users using Logstash and...

PT-2016-1753 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions prior to 18.0.0.343 Adobe Flash Player versions 19.x through 21.x prior to 21.0.0.213 on Windows and OS X Adobe Flash Player versions prior to 11.2.202.616 on Linux Description: The issue allows attackers to execut...

AirDroid for Android vulnerable in handling of implicit intents

Overview AirDroid for Android provided by SAND STUDIO contains a vulnerability in the handling of implicit intents. Gaku Mochizuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Information in AirDroid may ...

Master User, versions before 2.1.4

Versions before 2.1.4 suffered from an issue with insecure default settings, the issue affects Joomla 3.4 sites only, but users are advised by the developer to update anyway. Resolution: Update to version 2.1.4 Update notice URL:...

Tiki Wiki CMS Groupware vulnerable to SQL injection

Overview Tiki Wiki CMS Groupware Tiki is a content management system CMS. Tiki contains a SQL injection vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary SQL...

PT-2010-1165

Name of the Vulnerable Software and Affected Versions Adobe Reader and Acrobat versions 8.x through 8.2.1 Adobe Reader and Acrobat versions 9.x through 9.3.1 Description The issue is related to an unspecified vulnerability in Adobe Reader and Acrobat, allowing attackers to cause a denial of servi...

PT-2008-1556 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.2.x before 2.2.7-dev Description: The issue is related to an unspecified vulnerability in mod proxy balancer for Apache HTTP Server when running on Windows. It allows remote attackers to trigger memory corruption...

PT-2006-2922 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.8.x through 0.10.14 Description: The issue allows remote attackers to cause a denial of service, resulting in a crash due to a null dereference. This can be achieved via the Sniffer capture or the SMB PIPE dissector...

[SA12708] Mozilla Firefox Download Directory File Deletion Vulnerability

TITLE: Mozilla Firefox Download Directory File Deletion Vulnerability SECUNIA ADVISORY ID: SA12708 VERIFY ADVISORY: http://secunia.com/advisories/12708/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: Mozilla Firefox 0.x http://secunia.com/product/3256/...

RHEL 3 : redhat-config-nfs (RHSA-2004:434)

An updated redhat-config-nfs package that fixes bugs and potential security issues is now available for Red Hat Enterprise Linux 3. The redhat-config-nfs package includes a graphical user interface for creating, modifying, and deleting nfs shares. John Buswell discovered a flaw in redhat-config-n...

[ GLSA 200404-15 ] XChat 2.0.x SOCKS5 Vulnerability

Gentoo Linux Security Advisory GLSA 200404-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...