| Source |
Titre |
Date |
|
2020-10-24 18:01:21
|
Vigil@nce - QEMU: memory corruption via USB Emulator, analyzed on 24/08/2020
|
|
|
2020-10-24 18:01:15
|
[security-announce] openSUSE-SU-2020:1719-1: Security update for hunspell
|
|
|
2020-10-24 18:00:16
|
springfieldsbest - SQL Injection vulnerability
|
|
|
2020-10-24 12:02:20
|
Vigil@nce - VMware ESXi, VMware vCenter Server: denial of service via Authentication Services, analyzed on 24/08/2020
|
|
|
2020-10-24 12:02:20
|
Vigil@nce - Squid cache: information disclosure via HTTP Request Smuggling, analyzed on 24/08/2020
|
|
|
2020-10-24 12:02:20
|
Vigil@nce - Squid cache: overload via Cache Digest Response, analyzed on 24/08/2020
|
|
|
2020-10-24 12:02:20
|
Vigil@nce - Squid cache: information disclosure via HTTP Request Splitting, analyzed on 24/08/2020
|
|
|
2020-10-24 12:02:20
|
Vigil@nce - Node.js next: open redirect, analyzed on 09/10/2020
|
|
|
2020-10-24 12:02:20
|
Vigil@nce - Chrony: privilege escalation via PID File, analyzed on 24/08/2020
|
|
|
2020-10-24 12:02:20
|
Vigil@nce - Icinga Web2: directory traversal, analyzed on 24/08/2020
|
|
|
2020-10-24 12:02:14
|
[security-announce] openSUSE-SU-2020:1718-1: important: Security update for chromium
|
|
|
2020-10-24 12:01:18
|
INLISLite v3.1 - Cross Site Scripting
|
|
|
2020-10-24 06:02:23
|
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL].
|
|
|
2020-10-24 06:02:23
|
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4.
|
|
|
2020-10-24 06:02:23
|
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
|
|
|
2020-10-24 06:02:23
|
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.
|
|
|
2020-10-24 06:02:23
|
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.
|
|
|
2020-10-24 06:02:23
|
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
|
|
|
2020-10-24 06:01:20
|
[security-announce] openSUSE-SU-2020:1717-1: Security update for hunspell
|
|
|
2020-10-24 00:02:22
|
Mozilla developers reported memory safety bugs present in Firefox 81.
|
|
|
2020-10-24 00:02:22
|
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3.
|
|
|
2020-10-24 00:02:22
|
When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in.
|
|
|
2020-10-24 00:02:22
|
When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash.
|
|
|
2020-10-24 00:02:22
|
If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler.
|
|
|
2020-10-24 00:02:22
|
An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10.
|
|
|
2020-10-24 00:02:22
|
An arbitrary code execution vulnerability exists in Micro Focus Operation Bridge Manager 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions.
|
|
|
2020-10-24 00:02:22
|
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
|
|
|
2020-10-24 00:02:22
|
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks.
|
|
|
2020-10-24 00:02:22
|
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
|
|
|
2020-10-24 00:02:21
|
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid.
|
|
|
2020-10-24 00:02:21
|
Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users.
|
|
|
2020-10-24 00:02:21
|
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.
|
|
|
2020-10-24 00:02:21
|
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.
|
|
|
2020-10-24 00:02:21
|
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.
|
|
|
2020-10-24 00:02:21
|
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.
|
|
|
2020-10-24 00:02:21
|
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.
|
|
|
2020-10-24 00:02:21
|
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.
|
|
|
2020-10-24 00:02:21
|
An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure.
|
|
|
2020-10-24 00:02:21
|
A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.
|
|
|
2020-10-24 00:02:20
|
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.
|
|
|
2020-10-24 00:02:20
|
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.
|
|
|
2020-10-24 00:02:20
|
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.
|
|
|
2020-10-24 00:02:20
|
Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call.
|
|
|
2020-10-24 00:02:20
|
Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out).
|
|
|
2020-10-24 00:02:20
|
Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation.
|
|
|
2020-10-24 00:02:20
|
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages.
|
|
|
2020-10-24 00:02:20
|
Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation.
|
|
|
2020-10-24 00:02:20
|
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.
|
|
|
2020-10-24 00:02:20
|
A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service.
|
|
|
2020-10-24 00:02:19
|
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.
|
|
|
2020-10-24 00:02:19
|
VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability.
|
|
|
2020-10-24 00:02:19
|
VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability.
|
|
|
2020-10-24 00:02:19
|
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system.
|
|
|
2020-10-24 00:02:19
|
** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd.
|
|
|
2020-10-24 00:02:19
|
CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation.
|
|
|
2020-10-24 00:02:19
|
CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation.
|
|
|
2020-10-24 00:02:19
|
FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism.
|
|
|
2020-10-24 00:02:19
|
OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.
|
|
|
2020-10-24 00:02:19
|
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).
|
|
|
2020-10-24 00:02:07
|
B. Braun SpaceCom, Battery Pack SP with Wi-Fi & Data module compactplus: Multiple vulnerabilities
|
|
|
2020-10-24 00:02:07
|
B. Braun OnlineSuite: Multiple vulnerabilities
|
|
|
2020-10-24 00:02:07
|
Cisco Adaptive Security Appliance Software: Denial of service - Remote/unauthenticated
|
|
|
2020-10-24 00:02:07
|
linux kernel: Multiple vulnerabilities
|
|
|
2020-10-24 00:02:07
|
gnutls: Denial of service - Remote/unauthenticated
|
|
|
2020-10-24 00:02:07
|
pip: Multiple vulnerabilities
|
|
|
2020-10-24 00:02:07
|
Netty: Multiple vulnerabilities
|
|
|
2020-10-24 00:02:07
|
LibEtPan: Multiple vulnerabilities
|
|
|
2020-10-24 00:02:07
|
mod_auth_mellon: Multiple vulnerabilities
|
|
|
2020-10-24 00:02:07
|
rh-maven35-jackson-databind: Reduced security - Remote/unauthenticated
|
|
|
2020-10-24 00:02:07
|
Red Hat Advanced Cluster Management for Kubernetes: Access confidential data - Remote with user interaction
|
|
|
2020-10-24 00:02:07
|
OpenShift Container Platform 3.11.306 jenkins plugins: Multiple vulnerabilities
|
|
|
2020-10-24 00:01:16
|
CERTFR-2020-AVI-677 : Multiples vulnérabilités dans les produits IBM (23 octobre 2020)
|
|
|
2020-10-24 00:01:16
|
CERTFR-2020-AVI-676 : Multiples vulnérabilités dans Chrome OS (23 octobre 2020)
|
|
|
2020-10-24 00:01:16
|
CERTFR-2020-AVI-675 : Multiples vulnérabilités dans les produits VMware (23 octobre 2020)
|
|
|
2020-10-24 00:01:16
|
CERTFR-2020-AVI-674 : Vulnérabilité dans Cisco Adaptive Security Appliance (23 octobre 2020)
|
|
|
2020-10-24 00:01:16
|
CERTFR-2020-AVI-673 : Vulnérabilité dans SonicWall Capture Security Center (23 octobre 2020)
|
|
|
2020-10-24 00:01:16
|
CERTFR-2020-AVI-672 : Multiples vulnérabilités dans le noyau Linux de Suse (23 octobre 2020)
|
|
|
2020-10-24 00:01:16
|
CERTFR-2020-AVI-671 : Multiples vulnérabilités dans les produits Cisco (22 octobre 2020)
|
|
|
2020-10-24 00:01:16
|
CERTFR-2020-AVI-670 : Multiples vulnérabilités dans Mozilla Thunderbird (22 octobre 2020)
|
|
|
2020-10-24 00:01:16
|
CERTFR-2020-AVI-669 : Vulnérabilité dans Juniper Junos OS (22 octobre 2020)
|
|
|
2020-10-24 00:01:16
|
CERTFR-2020-AVI-668 : Multiples vulnérabilités dans le noyau Linux de SUSE (22 octobre 2020)
|
|
|
2020-10-24 00:01:16
|
Vigil@nce - PHP: multiple vulnerabilities, analyzed on 23/01/2020
|
|
|
2020-10-24 00:01:10
|
[security-announce] openSUSE-SU-2020:1705-1: critical: Security update for chromium
|
|
|
2020-10-24 00:01:10
|
[security-announce] openSUSE-SU-2020:1707-1: moderate: Recommended update for mailman
|
|
|
2020-10-24 00:01:10
|
[security-announce] openSUSE-SU-2020:1715-1: critical: Security update for chromium
|
|
|
2020-10-24 00:01:10
|
[security-announce] openSUSE-SU-2020:1713-1: important: Security update for opera
|
|
|
2020-10-24 00:00:47
|
Ubuntu Security Notice USN-4599-1
|
|
|
2020-10-24 00:00:47
|
Gentoo Linux Security Advisory 202010-07
|
|
|
2020-10-24 00:00:47
|
Ubuntu Security Notice USN-4601-1
|
|
|
2020-10-24 00:00:47
|
Red Hat Security Advisory 2020-4317-01
|
|
|
2020-10-24 00:00:47
|
Red Hat Security Advisory 2020-4316-01
|
|
|
2020-10-24 00:00:47
|
Ubuntu Security Notice USN-4600-1
|
|
|
2020-10-24 00:00:47
|
Red Hat Security Advisory 2020-4315-01
|
|
|
2020-10-24 00:00:47
|
Red Hat Security Advisory 2020-4310-01
|
|
|
2020-10-24 00:00:47
|
Red Hat Security Advisory 2020-4312-01
|
|
|
2020-10-24 00:00:47
|
Red Hat Security Advisory 2020-4311-01
|
|
|
2020-10-24 00:00:47
|
Red Hat Security Advisory 2020-4307-01
|
|
|
2020-10-24 00:00:47
|
Ubuntu Security Notice USN-4598-1
|
|
|
2020-10-24 00:00:47
|
Ubuntu Security Notice USN-4597-1
|
|
|
2020-10-24 00:00:47
|
Red Hat Security Advisory 2020-4304-01
|
|
|
2020-10-24 00:00:47
|
Red Hat Security Advisory 2020-4305-01
|
|
|
2020-10-24 00:00:47
|
Red Hat Security Advisory 2020-4306-01
|
|
|
2020-10-24 00:00:47
|
Red Hat Security Advisory 2020-4223-01
|
|
|
2020-10-24 00:00:47
|
Ubuntu Security Notice USN-4588-1
|
|
|
2020-10-24 00:00:47
|
Ubuntu Security Notice USN-4586-1
|
|
|
2020-10-24 00:00:47
|
Ubuntu Security Notice USN-4587-1
|
|
|
2020-10-24 00:00:23
|
TextPattern CMS 4.8.3 Remote Code Execution (Authenticated)
|
|
|
2020-10-24 00:00:23
|
Online Library Management System 1.0 Arbitrary File Upload
|
|
|
2020-10-24 00:00:23
|
ENG - SQL Injection vulnerability
|
|
|
2020-10-24 00:00:23
|
HUMOR - SQL Injection vulnerability
|
|
|
2020-10-24 00:00:23
|
Online Discussion Forum Site 1.0 XSS in Messaging System
|
|
|
2020-10-24 00:00:23
|
WordPress Colorbox Lightbox 1.1.1 Cross Site Scripting
|
|
|
2020-10-24 00:00:23
|
WordPress HS Brand Logo Slider 2.1 Shell Upload
|
|
|
2020-10-24 00:00:23
|
BOWTIEOVERDRIVES - SQL Injection vulnerability
|
|
|
2020-10-24 00:00:23
|
BigBlueButton 2.2.25 File Disclosure / Server-Side Request Forgery
|
|
|
2020-10-24 00:00:23
|
Libtaxii 1.1.117 / OpenTaxi 0.2.0 Server-Side Request Forgery
|
|
|
2020-10-24 00:00:23
|
GOautodial 4.0 Shell Upload
|
|
|
2020-10-24 00:00:23
|
TESTPHP - SQL Injection vulnerability
|
|
|
2020-10-24 00:00:23
|
School Faculty Scheduling System 1.0 SQL Injection
|
|
|
2020-10-24 00:00:23
|
Powered by Shambhala.Travel - SQL Injection vulnerability
|
|