4373 matches found
CVE-2020-1735
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...
CVE-2020-1735
CVE-2020-1735 is a vulnerability in the Ansible Engine where the fetch module can be intercepted, enabling an attacker to inject a new path and choose a different destination path on the controller. The issue affects all 2.7.x, 2.8.x and 2.9.x branches. Connected advisories confirm multiple vendo...
PT-2020-6580
Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.x through 2.9.x Description A flaw was found in the Ansible Engine when the fetch module is used, allowing an attacker to intercept the module, inject a new path, and choose a new destination path on the controller...
Mozilla Firefox Information Disclosure Vulnerability (CNVD-2020-16693)
Mozilla Firefox Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. An information disclosure vulnerability exists in Mozilla Firefox versions prior to 74. The vulnerability can be exploited to read local files via a fetch request from a web extension with all-urls...
UBUNTU-CVE-2020-6809
When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox 74...
CVE-2020-6809
When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox 74...
The vulnerability of the __zzipFetchFetchDiskTrailer function in the ZZIPlib library allows a hacker to trigger a service failure.
The vulnerability of the zzipfetchdisktrailer function in the ZZIPlib compression library is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures by using a specially created zip file...
The vulnerability of the `__zzip_fetch_disk_trailer` function in the ZZIPlib compression library, which stems from insufficient validation of input data, allows attackers to trigger a service failure.
The vulnerability of the zzipfetchdisktrailer function in the ZZIPlib compression library is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures by using a specially created zip file...
CVE-2020-1735
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. Mitigation Currently, there is no mitigation for this issue except avoid using the affected fetch module...
Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2019-2431)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-19843
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wpstoolcache...
Design/Logic Flaw
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wpstoolcache...
CVE-2019-19843
CVE-2019-19843 affects Ruckus Wireless Unleashed firmware up to 200.7.10.102.64. The issue is an incorrect access control in the Web UI that allows remote credential fetch via an unauthenticated HTTP request exploiting a symlink involving /tmp and web/user/wps_tool_cache. Impact per sources inclu...
CVE-2019-19843
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wpstoolcache...
CVE-2020-7243
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. In some cases, authentication can be achieved with the comtech password for the comtech account...
CVE-2020-7243
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. In some cases, authentication can be achieved with the comtech password for the comtech account...
Remote code execution
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. In some cases, authentication can be achieved with the comtech password for the comtech account...
CVE-2020-7243
CVE-2020-7243 affects Comtech Stampede FX-1010 (version 7.4.3). A flaw in the Fetch URL page allows remote authenticated administrators to achieve remote code execution by submitting shell metacharacters in the URL field; in some cases authentication can be obtained with the comtech password. Mit...
PT-2020-19493
Name of the Vulnerable Software and Affected Versions Comtech Stampede FX-1010 version 7.4.3 Description The issue allows remote authenticated administrators to achieve remote code execution by navigating to the "Fetch URL" page and entering shell metacharacters in the URL field. In some cases,...
EulerOS 2.0 SP8 : oniguruma (EulerOS-SA-2020-1019)
According to the versions of the oniguruma package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.CVE-2019-16163 - An issue was discovered in...