Category Archives: Advisories

Advisories

DSA-5294 jhead – security update

Read Time:17 Second

Jhead, a tool for manipulating EXIF data embedded in JPEG images, allowed
attackers to execute arbitrary OS commands by placing them in a JPEG filename
and then using the regeneration -rgt50, -autorot or -ce option. In addition a
buffer overflow error in exif.c has been addressed which could lead to a denial
of service (application crash).

Read More

Advisories

CVE-2021-37533 (commons_net)

Read Time:27 Second

Prior to Apache Commons Net 3.9.0, Net’s FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.

Read More

Advisories

Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability

Read Time:16 Second

Posted by Egidio Romano on Dec 03

——————————————————————
Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability
——————————————————————

[-] Software Link:

https://www.drupal.org/project/h5p

[-] Affected Versions:

Version 2.0.0-alpha2 and prior versions.
Version 7.x-1.50 and prior versions.

[-] Vulnerability Description:

The vulnerability is located within the…

Read More