USN-5452-1: NTFS-3G vulnerability
It was discovered that NTFS-3G was incorrectly validating NTFS metadata in its ntfsck tool by not performing boundary checks. A local attacker could possibly use...
CVE-2022-1203
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the...
CVE-2022-1275
The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the...
CVE-2022-1294
The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site...
CVE-2022-0376
The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in...
CVE-2022-0642
The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not...
CVE-2022-1009
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a...
USN-5431-1: GnuPG vulnerability
It was discovered that GnuPG was not properly processing keys with large amounts of signatures. An attacker could possibly use this issue to cause a...
DSA-5152 spip – security update
It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting attacks. Read More
DSA-5153 trafficserver – security update
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP request smuggling or MITM attacks. Read...