📄 DeskTime Time Tracking App 1.3.671 Missing Certificate / Remote Code Execution

DeskTime Time Tracking App version 1.3.671 has an issue where due to missing TLS certificate validation, attackers, who can inject themselves into the network path between the client and the DeskTime update servers, can return a malicious executable in response to an update request and achieve...

CVE-2025-10539

CVE-2025-10539 : DeskTime Time Tracking App contains improper TLS certificate validation before version 1.3.674. An attacker who can position themselves in the network path between the client and DeskTime update servers can respond to an update request with a malicious executable, resulting in us...

CVE-2020-10539

An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort function that, upon user login, checks the submitted password against the user password's MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user aka a...

CVE-2024-10539

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Uyumsoft Informatin Systems Uyumsoft ERP allows XSS Using Invalid Characters, Reflected XSS. This issue affects Uyumsoft ERP: before Erp4.2109.166p45...

CVE-2024-10539 Reflected XSS in Uyumsoft's ERP

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Uyumsoft Informatin Systems Uyumsoft ERP allows XSS Using Invalid Characters, Reflected XSS. This issue affects Uyumsoft ERP: before Erp4.2109.166p45...

SUSE CVE-2016-10539

negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...

SUSE CVE-2016-1000022

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage...

Mageia: Security Advisory (MGASA-2019-0045)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:0186-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-10539

creationtimestamp| type| source ---|---|--- 2021-02-05 16:35:23+00:00| seen| https://t.me/cibsecurity/23152...

CVE-2020-10539

The CVE-2020-10539 entry concerns Epikur before version 20.1.1. The login process uses checkPasswort() to validate the submitted password against the user’s MD5 hash in the database and also against a second, constant MD5 hash (the “Backdoor Password” 3p1kursupport). If the submitted password mat...

Fedora 30 : mingw-wavpack (2020-73274c9df4)

Security fixes for: CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 CVE-2018-19840 CVE-2018-19841 CVE-2019-11498 CVE-2019-1010315 CVE-2019-1010319 CVE-2019-1010317 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Fedora 31 : mingw-wavpack (2020-e55567b6be)

Security fixes for: CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 CVE-2018-19840 CVE-2018-19841 CVE-2019-11498 CVE-2019-1010315 CVE-2019-1010319 CVE-2019-1010317 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

CVE-2016-1000022

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

UBUNTU-CVE-2016-1000022

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

CVE-2016-1000022

CVE-2016-1000022 is a duplicate of CVE-2016-10539. Connected documents describe a Regular Expression Denial of Service in the Node.js modules negotiator (and related Minimatch patterns) triggered by crafted Accept-Language strings. Affected versions include negotiator up to 0.6.0; remediation is ...

Slackware 14.0 / 14.1 / 14.2 / current : wavpack (SSA:2019-353-01)

New wavpack packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2019-353-01. The text itself is copyright C Slackware...

CVE-2019-10539

Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag...

CVE-2019-10539

CVE-2019-10539 affects Qualcomm WLAN firmware in a wide range of Snapdragon chipsets (e.g., IPQ8074, MSM8xxx, QCA... and SD-series) where a missing length check when parsing the extended cap IE header length can trigger a buffer overflow. Reports describe this as a potential remote WLAN/firmware ...