CVE-2019-20500

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...

CVE-2020-10098

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email...

CVE-2020-10099

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Ticket functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens the ticket or has the ticket within the Toolbar...

CVE-2020-10098

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email...

Input validation

An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password functionality is implemented in a way that would enable an anonymous user to guess valid user emails. In the current implementation, the application responds differently depending on whether the input supplied was recognized a...

Cross site scripting

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email...

CVE-2020-10098

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email...

CVE-2020-10098

CVE-2020-10098 affects Zammad 3.0–3.2 via an XSS in the Email functionality. A low-privilege user can supply malicious code in an email, which will execute in the browser of any user who opens the Ticket containing the Article created from that Email. Exploitation details and remediation/fix are ...

CVE-2020-10099

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Ticket functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens the ticket or has the ticket within the Toolbar...

CVE-2020-8500

In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality...

Code injection

In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality...

CVE-2020-8500

In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality...

Microsoft Windows Kernel Privilege Escalation Exploit

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tracing...

CVE-2020-8793

OpenSMTPD before 6.6.4 allows local users to read arbitrary files e.g., on some Linux distributions because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c...

CVE-2020-8793

OpenSMTPD before 6.6.4 allows local users to read arbitrary files e.g., on some Linux distributions because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c...

Integer overflow

An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packe...

Path traversal

An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path...

Unbreakable Enterprise kernel security update

4.1.12-124.36.3 - Fix KABI error by keeping the struct field being removed by the below patch Ritika Srivastava Orabug: 30902926 - Revert 'PCI: Check pref compatible bit for mem64 resource of PCIe device' Ritika Srivastava Orabug: 30902926 4.1.12-124.36.2 - rds: Use bitmap to designate dropped...

CVE-2020-6977

A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE...

CVE-2020-9012

Technical details governing CVE-2020-9012 (affected products, versions, root cause, fix) are not publicly provided in the supplied Connected documents. Monitor for updates from official advisories.