A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.

A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.

An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.

A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=.

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=.

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=.

Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=.

Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc.

Advancecomp v2.3 was discovered to contain a segmentation fault.

Advancecomp v2.3 was discovered to contain a segmentation fault.

Advancecomp v2.3 was discovered to contain a heap buffer overflow.

Advancecomp v2.3 was discovered to contain a heap buffer overflow.

Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.

Advancecomp v2.3 contains a segmentation fault.

Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field