CVE-2020-6111

An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000...

SUSE-SU-2020:3591-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Update to version jdk8u275 icedtea 3.17.1 JDK-8214440, bsc1179441: Fix StartTLS functionality that was broken in openjdk272. bsc1179441 JDK-8223940: Private key not supported by chosen signature algorithm JDK-8236512: PKCS11 Connectio...

Stored XSS Vulnerability in Cognex Serial Server C2000-B2-SFE0101-BB1

The C2000-B2-SFE0101-BB1 Serial Server provides serial-to-network functionality, capable of converting an RS-232 serial port into a TCP/IP protocol network interface. A stored XSS vulnerability exists in the Connex Serial Server C2000-B2-SFE0101-BB1, which can be exploited by attackers to obtain...

CVE-2020-28922

An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges...

binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()

Hao Wang reports: There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption...

Automattic: [intensedebate.com] XSS Reflected POST-Based on update/tumblr2/{$id}

Summary: Hello, I have found an XSS Reflected POST-Based on https://www.intensedebate.com/update/tumblr2/$id. The parameter $POST'txtCode' is reflected and is not sanitized. To trigger the XSS an attacker need to create a site and invite the victim in their own site and give then full permissions...

CVE-2020-14208

SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting XSS in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML...

CVE-2020-28133

An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in salesinventory/login.php...

CVE-2020-8272

Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8...

CVE-2020-8272

Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8...

CVE-2020-15481

CVE-2020-15481 affects PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel drivers DirectIo32.sys and DirectIo64.sys expose IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the calling process’...

Citrix SD-WAN Center 10.2.x < 10.2.8 / 11.1.x < 11.1.2b / 11.2.x < 11.2.2 Multiple Vulnerabilities (CTX285061)

The remote Citrix SD-WAN Center is version 10.2.x prior to 10.2.8, 11.1.x prior to 11.1.2b, 11.2.x prior to 11.2.2. It is, therefore, affected by multiple vulnerabilities: - An unauthenticated remote code execution with root privileges. CVE-2020-8271 - A authentication bypass resulting in exposur...

Service Update 0.22 for Microsoft Dynamics 365 9.0

Service Update 0.22 for Microsoft Dynamics 365 9.0 INTRODUCTION Service Update 9.0.22 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.22. MORE INFORMATION Update package| Version number ---|---...

Microsoft Dynamics 365 (on-premises) Update 2.24

Microsoft Dynamics 365 on-premises Update 2.24 Introduction Service Update 2.24 for Microsoft Dynamics CRM on-premises 8.2 is now available. This article describes the hotfixes and updates that are included in Service Update 2.24. More information Update package| Version number ---|--- Microsoft...

[SECURITY] Fedora 32 Update: libtpms-0.7.4-0.20201031git2452a24dab.fc32

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

[SECURITY] Fedora 31 Update: libtpms-0.7.4-0.20201031git2452a24dab.fc31

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

CDFMonitor

NOTE : CDFMonitor is now deprecated, to capture trace as service use - https://support.citrix.com/article/CTX677255/citrix-cdfcontrol-as-service Please note: You can download the required file from the Citrix downloads website by visiting the following...

PT-2023-3316 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to insufficient limitations on the start page preference in Moodle, allowing a remote attacker to set this preference for another user. This enables the attacker to gain...

CVE-2020-25398

CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality...

CVE-2020-25398

CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality...