The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by a double-free vulnerability in function jas_iccattrval_destroy() as well as a heap-based buffer overflow in function jp2_decode(). A specially crafted jp2 file, can be used to trigger the vulnerabilities. Versions 1.900.1 and below are affected.
798d515d2ffb136a29cd7ca51ecc0132ba783edfb641c23ed98f666d2bd80e5e
iBackup version 10.0.0.45 suffers from a privilege escalation vulnerability.
f8234c8002f8415d0148571642c6e9af39afe89f33becf443ddf13aeecbfa0a0
TennisConnect version 9.927 suffers from a cross site scripting vulnerability.
f244ce41ca3796d1fe50df063102d77a36ce63a9dccf714002f9f9bc5e5626eb
JCE-Tech version 4.0 suffers from a cross site scripting vulnerability.
441a179317009110053a59995e002c92691f62f5c3041ef3ea86ee2cfe8b31c8
Gentoo Linux Security Advisory 201412-31 - Multiple vulnerabilities in ZNC could lead to Denial of Service. Versions less than 1.2-r1 are affected.
8971bd93580bc9ceb67c0477013cd3878b15f6737d04b74064d4095aa93e40f1
NetIQ Access Manager version 4.0 SP1 suffers from cross site request forgery, external entity injection, information disclosure, and cross site scripting vulnerabilities.
320f0bd45b1d76c447e2f9652fd8ee7c2db0f94b4c3c1ff00b05f978a6cc03b0
G-Parted versions 0.14.1 and below suffer from a root privilege escalation command execution vulnerability.
22d59ee6ab3ecbc032151958235d46b8b87c383d2fc085ccae3a73125bc45eb5
VDG Security SENSE version 2.3.13 suffers from buffer overflow, authentication bypass, file disclosure, password disclosure, and information leakage vulnerabilities.
ac434a1ed45818872cf0689b9c03f2efbd4c708358bf3dc82697edeb0a4ddbf6
TWiki versions 6.0.0 and 6.0.1 suffer from a WebSearch cross site scripting vulnerability.
3c386fd31deb35c5c17c6e38e1c48abe7134a8dd4633f091bc6a6e15da5a5f72
TWiki version 6.0.1 suffers from a cross site scripting vulnerability in the QUERYSTRING and QUERYPARAMSTRING variables.
7d6060a6f3ac1cf0e347eac2b79617dbb2f7a92dda2f6ea4a24b643a009f569e
Facebook Studio suffered from a cross site scripting vulnerability.
6c44cbb682aafd6daec44b1de42940894bcdb8d43089d73242d17f4e0333676d
Red Hat Security Advisory 2014-2019-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the Apache CXF incorrectly extracted the host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. It was found that Apache WSS4J, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of spoofing attacks on web service endpoints secured by WSS4j that rely on SAML for authentication.
d1f902a13bdbffd75588118d8e7160b3d1dc012f90bc2a1f9ff99b3f85bb0030
Red Hat Security Advisory 2014-2020-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the Apache CXF incorrectly extracted the host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. It was found that Apache WSS4J, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of spoofing attacks on web service endpoints secured by WSS4j that rely on SAML for authentication.
218d58c7a0731c77c1a1782f4579ac364cf591192d81eef95803e5404f5120c4
Red Hat Security Advisory 2014-2023-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application.
1a729c8365de7fcb60f232832a81c20bc4f9497690301c4c5976e0a515d81582
Red Hat Security Advisory 2014-2021-01 - JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
1767faf218d3e38faf737754605d6b4836322c1d854a8e54c691d8615c5a31af
E-Journal CMS suffers from remote SQL injection and privilege escalation vulnerabilities.
9298e8ad7711b487909c7268ffc3a5b282329dc56644725e20346394219ff0b1