MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper

Summary The logfilename parameter in the statado API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands including...

Mozilla Thunderbird ESR Multiple Vulnerabilities-01 (Mac OS X)

The host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdesrmultvuln01oct12macosx.nasl 6093 2017-05-10 09:03:18Z teissa $ Mozilla Thunderbird ESR Multiple Vulnerabilities-01 Mac OS X Authors: Arun Kallavi...

kdelibs: input validation failure in KSSL

The KDE SSL Wrapper KSSL API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name CN of a certificate via rich text...