Dll Hijacking Vulnerability in Shoos Flash Wizard (Windows Client)

Shock Wave Flash Wizard is a SWF decompiler that not only captures, decompiles, views and extracts Shock Wave Flash movies .swf and .exe format files, but also converts SWF format files to FLA format files. A dll hijacking vulnerability exists in Shock Wave Flash Wizard Windows client. An attacke...

The vulnerability of the Java framework Apache Camel, related to the recovery of unreliable data structures in memory, allows an attacker to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.

The vulnerability of the Java framework Apache Camel is related to the restoration of unreliable data structures in memory. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information, execute arbitrary code, or cause service failure...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : libexif vulnerability (USN-4624-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4624-1 advisory. It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause unexpected behaviour...

Spoofing

A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user...

CVE-2020-25174 B. Braun OnlineSuite

A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user...

Code injection

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code...

CVE-2020-15708

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code...

webkitgtk: use-after-free via crafted web content

A use-after-free flaw exists in WebKitGTK. This flaw allows remote attackers to execute arbitrary code or cause a denial of service...

CVE-2020-27853

CVE-2020-27853 is a format-string vulnerability in Wire’s peerflow/sdp.c (sdp_media_set_lattr). It affects Wire AVS 5.3–6.x before 6.4 and Wire Secure Messenger apps on Android/iOS (before the listed versions). Remote attackers could cause a denial of service (crash) or execute arbitrary code; im...

Mozilla Firefox Memory Corruption Vulnerability (CNVD-2020-60333)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A memory corruption vulnerability exists in Mozilla Firefox's handling of WEB page content, which allows remote attackers to exploit the vulnerability by submitting a special WEB request that the user ...

Trend Micro Antivirus for Mac Error Message Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

PT-2020-20831 · Apple · Macos Catalina +4

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 tvOS versions prior to 13.4.8 watchOS versions prior to 6.2.8 Description: A buffer overflow issue was addressed with improved bounds checking...

CVE-2020-5792

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user...

Advantech WebAccess Arbitrary File Upload (CVE-2020-10621)

An arbitrary file upload vulnerability exists in Advantech WebAccess. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2019-19513

The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service...

Out-of-bounds

The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service...

CVE-2020-7327

Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client MVEDR prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing...

Privilege escalation

An escalation of privilege vulnerability in Nahimic APO Software Component Driver 1.4.2, 1.5.0, 1.5.1, 1.6.1 and 1.6.2 allows an attacker to execute code with SYSTEM privileges...

IBM Informix spatial Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of IBM Informix. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the spatial.bld module...

The vulnerability of the Google Chrome and Sailfish Browser rendering process allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the Google Chrome and Sailfish Browser rendering process is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure or execute arbitrary code by deleting the current embedded HTML obje...