213 matches found
CVE-2020-26109
cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification SEC-557...
Google Android actory reset protection privilege checking vulnerability
Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A privilege checking vulnerability exists in Android-11 version factory reset protection. The vulnerability stems from a lack of privilege checking, which allows an attacker to bypass the FRP,...
Squid Environment Issues Vulnerabilities
Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. An environmental issue vulnerability exists in the http/ContentLengthInterpreter.cc file in Squid versions prior to 4....
UBUNTU-CVE-2020-10702
A flaw was found in QEMU in the implementation of the Pointer Authentication PAuth support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker...
Avira Operations Free Antivirus Code Injection Vulnerability
Avira Operations Free Antivirus is a suite of antivirus programs from Avira Operations. A security vulnerability exists in Avira Operations Free Antivirus versions prior to 15.0.2004.1825, which stems from a self-protection feature that does not prohibit write operations by external processes. Th...
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1359)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2019-1176)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2019-1016)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-19680
A file-extension filtering vulnerability in Proofpoint Enterprise Protection PPS / PoD, in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms related to extensions, MIME types, virus detection, and journal entries for transmitted...
UBUNTU-CVE-2019-19709
MediaWiki through 1.33.1 allows attackers to bypass the Titleblacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page...
cPanel Authorization Issues Vulnerability (CNVD-2019-29022)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions prior to cPanel 55.9999.141. An attacker can exploit the vulnerability to bypass the...
NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0035)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - The settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent...
EulerOS Virtualization 3.0.1.0 : libxslt (EulerOS-SA-2019-1606)
According to the versions of the libxslt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access...
EulerOS 2.0 SP3 : libxslt (EulerOS-SA-2019-1592)
According to the versions of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon...
EulerOS Virtualization 2.5.3 : python (EulerOS-SA-2019-1359)
According to the version of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection...
EulerOS 2.0 SP5 : libxslt (EulerOS-SA-2019-1318)
According to the versions of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon...
CVE-2019-11193
The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMDFILEMANAGER, CMDSHOWUSER, and CMDSHOWRESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel...
CVE-2019-1686
A vulnerability in the TCP flags inspection feature for access control lists ACLs on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect...
CVE-2019-11068
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded...
CVE-2019-11068
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded...