Mail.ru: Disk-o Cloud application (Windows) does not validate server certificate on a TLS connection

A debugging/staging functionality disabling TLS certificate check was accidentally enabled in production code for Disk-O 20.10.0133, fixed in version 20.11.0006. 21.04 version adds integrity check for update process...

PDW File Browser 1.3 - Remote Code Execution

Exploit Title: PDW File Browser 1.3 - Remote Code Execution Date: 24-10-2020 Exploit Author: David Bimmel Researchers: David Bimmel, Joost Vondeling, Ramòn Janssen Vendor Homepage: n/a Software Link: https://github.com/GuidoNeele/PDW-File-Browser Version: … ? Once you have uploaded your webshell...

hyperv-daemons bug fix and enhancement update

The hyperv-daemons packages provide a suite of daemons that are needed when a AlmaLinux guest is running on Microsoft Hyper-V. The following daemons are included: - hypervkvpd, the guest Hyper-V Key-Value Pair KVP daemon - hypervvssd, the implementation of Hyper-V VSS functionality - hypervfcopyd...

SQL Injection

pimcore is vulnerable to SQL injection. An attacker is able to inject and execute arbitrary SQL statements on the database via the data classification functionality in ClassificationstoreController, due to inadequate validation of relationIds parameter...

OSV-2020-2106 UNKNOWN READ in grk::SparseBuffer<6u, 6u>::read_or_write

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26702 Crash type: UNKNOWN READ Crash state: grk::SparseBuffer::readorwrite grk::SparseBuffer::read bool grk::decompresspartialtile...

Cross-Site Scripting (XSS)

ngx-bootstrap is vulnerable to cross-site scripting which allows an attacker to inject and execute arbitrary Javascript via the search and highlight functionality within the typeahead component...

openSUSE Security Update : MozillaFirefox (openSUSE-2020-1732)

This update for MozillaFirefox fixes the following issues : - Firefox Extended Support Release 78.4.0 ESR - Fixed: Various stability, functionality, and security fixes MFSA 2020-46 bsc1177872, bsc1176756 - CVE-2020-15969 Use-after-free in usersctp - CVE-2020-15683 Memory safety bugs fixed in...

openSUSE Security Update : MozillaFirefox (openSUSE-2020-1748)

This update for MozillaFirefox fixes the following issues : - Firefox Extended Support Release 78.4.0 ESR - Fixed: Various stability, functionality, and security fixes MFSA 2020-46 bsc1177872, bsc1176756 - CVE-2020-15969 Use-after-free in usersctp - CVE-2020-15683 Memory safety bugs fixed in...

Design/Logic Flaw

The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS...

CVE-2020-16140

The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS...

OPENSUSE-SU-2020:1748-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2020-46 bsc1177872, bsc1176756 CVE-2020-15969 Use-after-free in usersctp CVE-2020-15683 Memory safety bugs fixed in Firefox 82...

SUSE-SU-2020:14522-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2020-46 bsc1177872 CVE-2020-15969 Use-after-free in usersctp CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox...

OPENSUSE-SU-2020:1732-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2020-46 bsc1177872, bsc1176756 CVE-2020-15969 Use-after-free in usersctp CVE-2020-15683 Memory safety bugs fixed in Firefox 82...

SUSE-SU-2020:3022-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2020-46 bsc1177872, bsc1176756 CVE-2020-15969 Use-after-free in usersctp CVE-2020-15683 Memory safety bugs fixed in Firefox 82...

CVE-2020-27664

admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality...

CVE-2020-3549 Cisco Firepower Management Center Software and Firepower Threat Defense Software sftunnel Pass the Hash Vulnerability

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center FMC Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation...

CVE-2020-27601

BigBlueButton before 2.2.7: the setting lockSettingsProps.disablePrivateChat is not applied to chats that are already open. Root cause is in bigbluebutton-html5/imports/ui/components/chat/service.js. Impact is that private-chat restrictions may not be enforced for existing chats (low severity per...

Code injection

This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners advertisers can remotely execute arbitrary code on a user device...

A performance and functionality update is available for Windows 7 and for Windows Server 2008 R2

A performance and functionality update is available for Windows 7 and for Windows Server 2008 R2 Introduction This article describes an update for Windows 7 and for Windows Server 2008 R2. This update provides a set of performance and functionality improvements to graphics, XPS, and Media...

CVE-2020-14144

The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLEGITHOOKS line i...