![mkvtoolnix 4.8.0 mkvtoolnix 4.8.0](http://nonameno.com/userfls/clauses/large/5987_mkvtoolnix-26.png)
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. There are no known workarounds for this issue.
MKVTOOLNIX 4.8.0 UPGRADE
Users are advised to upgrade as soon as possible. No user credentials are required to exploit this vulnerability. In affected versions there is a SQL injection vulnerability which is possible on login page. GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.
![mkvtoolnix 4.8.0 mkvtoolnix 4.8.0](http://www.filesoul.com/img1/img/screenshot/MKVToolNix-489_1.jpg)
A malicious user with the capability to create a document could force victim to execute uncontrolled code.
![mkvtoolnix 4.8.0 mkvtoolnix 4.8.0](https://ombre-pote.com/pcgx/SaiikrwXLZGGRB3R3f-0BQHaLG.jpg)
In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked documents. This issue has been addressed in version 10.0.2 and all affected users are advised to upgrade. The feature to get refused file is not authenticated. In affected versions all GLPI instances with the native inventory used may leak sensitive information. Users unable to upgrade should delete the `front/` file if they are not using the `deploy tasks` feature. This issue has been resolved in version 1.0.2.
![mkvtoolnix 4.8.0 mkvtoolnix 4.8.0](https://gizmod.ru/uploads/posts/2016-04/1461491363_000055.jpeg)
In affected versions a SQL injection can be made using package deployment tasks. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. This could lead to RCE vulnerability or denial of service.Īn issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. Net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c. was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c. was discovered to contain a double-free via the function dwg_read_file at dwg.c. OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c. Rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.ĭrivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. Rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.