(regression of CVE-2013-7285)ĪdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.Ī flaw was found in Exim versions 4.87 to 4.91 (inclusive). SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.Īuthorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API. Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE. The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php.Īn issue was discovered in AdPlug 2.3.1. Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.Īzure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |