Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-36193: Disallow symlinks to out-of-path filenames · pear/Archive_Tar@cde4605

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

CVE

Related news

CVE-2020-23879: NULL-pointer-dereference-ObjectStream-getObject · Issue #44 · flexpaper/pdf2json

pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject.

CVE-2021-43405: Require the fax_extension to be numeric. · fusionpbx/fusionpbx@2d2869c

An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).

CVE-2021-43406: Force the fax_page_size to only preset allowed values. · fusionpbx/fusionpbx@0377b21

An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).

CVE-2021-43404: Change the fax file name to md5 to avoid characters that present a se… · fusionpbx/fusionpbx@487afc3

An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.

CVE-2021-41492: Multiple SQL injections in Sourcecodester Simple Cashiering System (POS)

Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php.

WordPress Duplicator 1.3.26 Arbitrary File Read

WordPress Duplicator plugin version 1.3.26 suffers from an unauthenticated arbitrary file read vulnerability.

Alchemy CMS 6.0.0 Arbitrary File Upload

Alchemy CMS versions 2.x through 6.0.0 suffers from an arbitrary file upload vulnerability.

CVE-2021-35503: FileRun Blog

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.

CVE-2019-9060: CMS Made Simple™ Newsletter - News

An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1).

CVE-2021-37909: TWCERT/CC台灣電腦網路危機處理暨協調中心-全景 TSSServiSignAdapter Windows版 - Improper Input Validation

WriteRegistry function in TSSServiSign component does not filter and verify users’ input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbitrary code.

CVE-2021-41072: unsquashfs - unvalidated filepaths allow writing outside of destination · Issue #72 · plougher/squashfs-tools

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.

CVE-2020-19609: git.ghostscript.com Git - mupdf.git/commit

Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.

CVE-2021-30123: git.videolan.org Git - ffmpeg.git/commitdiff

FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.

CVE-2018-10289: 699271 – Infinite Loop in fz_skip_space (source/pdf/pdf-xref.c)

In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907