:: Deepquest ::

http://amssplus.ses26.go.th notified by XnonGermx

An unauthenticated attacker with network access to the JBOSS EAP/AS versions 6.x and below Remoting Unified Invoker interface can send a serialized object to the interface to execute code on vulnerable hosts.

An unauthenticated attacker with network access to the JBOSS EAP/AS versions 6.x and below Remoting Unified Invoker interface can send a serialized object to the interface to execute code on vulnerable hosts.

In mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in replys, for example fragments of other messages, passphrases or keys.

Xen’s _get_page_type() contains an ABAC cmpxchg() race, where the code incorrectly assumes that if it reads a specific type_info value, and then later cmpxchg() succeeds, the type_info can’t have changed in between.

The code in cc::PaintImageReader::Read (cc::PaintImage*) does not properly check the incoming data when handling embedded image data, resulting in an out-of-bounds copy into the filter bitmap data.

Nginx version 1.20.0 suffers from a denial of service vulnerability.

Sashimi Evil OctoBot Tentacle is a python script that exploits a vulnerability that lies in the Tentacles upload functionality of the cryptocurrency trading bot OctoBot which is designed to be easy to use and customizable. Versions 0.4.0beta3 through 0.4.3 are affected.

WordPress Visual Slide Box Builder plugin version 3.2.9 suffers from a remote SQL injection vulnerability.

WordPress Visual Slide Box Builder plugin version 3.2.9 suffers from a remote SQL injection vulnerability.