A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220.

Read More

Robin Peraglie and Johannes Moritz discovered an argument injection bug in the
xfce4-mime-helper component of xfce4-settings, which can be exploited using the
xdg-open common tool. Since xdg-open is used by multiple standard applications
for opening links, this bug could be exploited by an attacker to run arbitrary
code on an user machine by providing a malicious PDF file with specifically
crafted links.

Read More

A buffer overflow was discovered in the VNC module of the VLC media
player, which could result in the execution of arbitrary code.

Read More

ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.

Read More

Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml.

Read More

The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE.

Read More

It was discovered that GNU binutils incorrectly handled certain COFF files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code.

Read More

Due to security concerns, the TrustCor certificate authority has been
marked as distrusted in Mozilla’s root store. This update removes the
TrustCor CA certificates from the ca-certificates package.

Read More

A Vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

USN-5760-1 fixed vulnerabilities in libxml2. This update provides the
corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to expose sensitive information
or cause a crash. (CVE-2022-40303)

It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2022-40304)

Read More