CVE-2020-6104

An exploitable information disclosure vulnerability exists in the getdnodeofdata functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this...

Information disclosure

An exploitable information disclosure vulnerability exists in the getdnodeofdata functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this...

CVE-2020-6105

An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-6107

An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability...

Design/Logic Flaw

This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Do...

CVE-2020-7744 Information Exposure

This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Do...

CVE-2020-7744

CVE-2020-7744 affects all versions of the com.mintegral.msdk:alphab component in the Android Mintegral SDK. Connected sources describe a malicious module that monitors downloads from Google domains or Google apps and from APKs, then exfiltrates the captured data to Mintegral’s servers, continuing...

CVE-2020-24188

Cross-site scripting XSS vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter...

Windows Error Reporting Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to...

Windows Error Reporting Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to...

SQL Express Maximum Database Size Limitation for Veeam Backup & Replication

Veeam Backup & Replication 12 Feature Starting with Veeam Backup & Replication 12, all new deployments will use PostgreSQL as the default database engine to host the configuration database. PostgreSQL does not have the limitations discussed in this article. Existing deployments upgraded from Veea...

SUSE-SU-2020:2877-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2020-14364: Fixed an OOB access while processing USB packets bsc1175441,bsc1176494. - CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs bsc1174641. - CVE-2020-15863: Fixed a buffer overflow in the XGMAC...

Sql injection

Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for...

LodaRAT Update: Alive and Well

By Chris Neal. During our continuous monitoring of LodaRAT, Cisco Talos observed changes in the threat that add new functionality. Multiple new versions of LodaRAT have been spotted being used in the wild.These new versions of LodaRAT abandoned their previous obfuscation techniques.Direct...

Mail.ru: Brute Force due to Weak security credentials lead access to LICENSE SYSTEM Web Server on [l.ucs.ru]

Login functionality on l.ucs.ru was not sufficiently protected against bruteforce...

[SECURITY] Fedora 33 Update: gnupg2-2.2.23-1.fc33

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

ALPINE-CVE-2020-25595

An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't ...

CVE-2020-25595

An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't ...

UBUNTU-CVE-2020-25595

An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't ...