DEBIAN-CVE-2020-26284

Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's os/exec for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system %PATH% on Windows. In Hugo before version 0.79.1, if a malicious file with the same name exe or bat is...

CVE-2020-35475

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right colum...

The vulnerability of the Adobe Bridge file manager, related to writing beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Bridge file manager is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the context of the current user...

The vulnerability of the cloud-based video editing, annotation, and format conversion application Adobe Prelude lies in the reading of data beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the cloud-based video editing, annotation, and format conversion application Adobe Prelude lies in the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the context of the current...

The vulnerability of the Magento Commerce software development and management platform lies in the incorrect limitation of the path to the restricted catalog. This allows attackers to execute arbitrary code.

The vulnerability of the Magento Commerce development and management software platform is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...

The vulnerability of the Adobe Bridge file manager, related to reading beyond the buffer in memory, allows an attacker to execute arbitrary code.

The vulnerability of the Adobe Bridge file manager is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the context of the current user...

HCL Notes 安全漏洞

HCL Notes is a local email client from HCL India. A stack buffer overflow vulnerability exists in the handling of input parameters in HCL Notes v9. An attacker can exploit this vulnerability to cause the program to crash or inject code into the system that will execute with the privileges of the...

CVE-2020-0477

In sendLinkConfigurationChangedBroadcast of ClientModeImpl.java, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of the current network configuration with no additional execution privileges needed. User interaction is n...

(0Day) Eaton EASYsoft E70 File Parsing Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Eaton EASYsoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of E70...

The vulnerability of the Magento Commerce software platform for developing and managing online stores stems from the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Magento Commerce development and management software platform relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...

The vulnerability of the Adobe Reader text viewer, related to errors in restricting the path to the restricted catalog, allows a perpetrator to gain access to protected information within the context of the current user.

The vulnerability of the Adobe Reader text viewer is related to errors that occur when restricting access to the path to the restricted catalog. Exploiting this vulnerability can allow a malicious actor to gain access to protected information in the context of the current user...

The vulnerability of the software platform for developing and managing online stores Magento Commerce, related to deficiencies in authentication mechanisms, allows a perpetrator to execute arbitrary code.

The vulnerability of the Magento Commerce development and management software platform is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to writing beyond the buffer in memory. This allows attackers to execute arbitrary code.

The vulnerability of PDF viewer applications such as Adobe Reader and Document Cloud, as well as Adobe Acrobat and Document Cloud’s PDF editing programs, lies in the issue of writing beyond the buffer limits in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitra...

The vulnerability of the Adobe Photoshop graphic editor lies in the ability to write beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Adobe Photoshop graphic editor is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of the current user...

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to the bypassing of security features, allowing attackers to escalate their privileges.

The vulnerability of PDF viewer applications such as Adobe Reader and Document Cloud, as well as Adobe Acrobat and Document Cloud’s PDF editing programs, relates to bypassing security features. Exploiting this vulnerability allows a malicious actor to enhance their privileges in the context of th...

Slackware 14.2 / current : p11-kit (SSA:2020-347-01)

New p11-kit packages are available for Slackware 14.2 and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2020-347-01. The text itself is copyright C Slackware Linux, Inc...

Microsoft Excel XLS File Parsing Integer Signedness Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS...

Microsoft Chakra LinearScan Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JIT compiler...

CVE-2020-24440

Adobe Prelude version 9.0.1 and earlier is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Apple macOS CoreText MorxLigatureSubtableBuilder TTF Parsing Out-of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the CoreText library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing o...