(Pwn2Own) Xiaomi Mi9 Browser Untrusted Site Redirection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Xiaom...

Microsoft ChakraCore and Edge Remote Code Execution Vulnerability (CNVD-2020-20365)

Microsoft ChakraCore and Microsoft Edge are both products of Microsoft Corporation.ChakraCore is the core of an open-source Chakra JavaScript scripting engine used in the Edge browser, and is also available as a standalone JavaScript engine. Microsoft Edge is a web browser that comes with Windows...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2020-18392)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...

Microsoft Edge Memory Corruption Vulnerability (CNVD-2020-16694)

Edge is Microsoft's browser for Windows 10, characterized as fast and secure. A memory corruption vulnerability exists in Microsoft Edge. The vulnerability stems from Microsoft Edge failing to properly access objects in memory. An attacker can exploit the vulnerability to execute arbitrary code i...

Microsoft Word Remote Code Execution Vulnerabilities (KB4484231)

This host is missing an important security update according to Microsoft KB4484231. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability

Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from Microsoft Corporation.VBScript Engine is one of the VBScript scripting language engines. A remote code execution vulnerability exists in the way the VBScript Engine handles memory objects in Microsof...

Microsoft Internet Explorer Scripting Engine Remote Code Execution Vulnerability (CNVD-2020-19968)

Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from the American company Microsoft. A remote code execution vulnerability exists in the way the scripting engine handles memory objects in Microsoft IE 11. An attacker could exploit this vulnerability to...

Slackware 14.2 / current : mozilla-firefox (SSA:2020-070-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2020-070-01. The text itself is copyright C Slackware Linux,...

Microsoft Azure DevOps Server Cross-Site Scripting Vulnerability (CNVD-2020-19008)

Microsoft Azure DevOps Server is a suite of software development collaboration tools from Microsoft Corporation USA. The product includes features such as sharing code, work tracking, and software distribution. A cross-site scripting vulnerability exists in Azure DevOps Server that stems from the...

Microsoft Edge Memory Corruption Vulnerability

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

Microsoft Office SharePoint XSS Vulnerability

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

Slackware 14.0 / 14.1 / 14.2 / current : ppp (SSA:2020-064-01)

New ppp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2020-064-01. The text itself is copyright C Slackware Linux,...

Fedora 31 : opensmtpd (2020-283dc7f094)

Release 6.6.4p1 2020-02-24 --- - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the smtpq group. Release 6.6.3p1...

Cisco UCS Manager Software Operating System Command Injection Vulnerability

The Cisco UCS 6400 Series Fabric Interconnects is a 6400 series switching matrix device from Cisco USA. An operating system command injection vulnerability exists in the local management CLI in Cisco UCS Manager Software, which stems from the program's failure to perform sufficient input validati...

Red Lion Crimson Type Confusion (CVE-2019-10996; CVE-2019-10984)

A type confusion vulnerability exists in Red Lion Crimson. Successful exploitation of this vulnerability could result in the execution of arbitrary code in the context of the current user...

CVE-2018-13313

In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript...

Slackware 14.0 / 14.1 / 14.2 / current : proftpd (SSA:2020-051-01)

New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2020-051-01. The text itself is copyright C Slackware...

(Pwn2Own) Samsung Galaxy S10 Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

The vulnerability in the web interface of the Cisco Unified Communications Manager system allows a perpetrator to perform arbitrary actions in the context of the current user.

The vulnerability of the Cisco Unified Communications Manager’s administration web interface is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on behalf of the current user through a specially created link...

CVE-2020-8856

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...