CVE-2020-14529

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering component: Investor Module. Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network...

SUSE-SU-2020:1819-1 Security update for unbound

This update for unbound fixes the following issues: - CVE-2020-12662: Fixed an issue where unbound could have been tricked into amplifying an incoming query into a large number of queries directed to a target bsc1171889. - CVE-2020-12663: Fixed an issue where malformed answers from upstream name...

SUSE-SU-2020:1772-1 Security update for unbound

This update for unbound fixes the following issues: - CVE-2020-12662: Fixed an issue where unbound could have been tricked into amplifying an incoming query into a large number of queries directed to a target bsc1171889. - CVE-2020-12663: Fixed an issue where malformed answers from upstream name...

SQL Injection Vulnerability in Learning Module ti*** Parameters of 120 Emergency Command Center Web Service System

120 Emergency Command Center Web Service System is a set of web application services for 120 Emergency Command Center, including internal training, learning and assessment functions. SQL injection vulnerability exists in the learning module ti parameter of the 120 Emergency Command Center Web...

Code Injection in courajs/node-svn

Description The svn module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var SVN = require'svn'; var svn = new SVN'./workingcopy'; svn.info"test; touch...

pam-krb5 buffer overflow vulnerability

pam-krb5 is a PAM module for Kerberos authentication. A buffer overflow vulnerability exists in pam-krb5 versions prior to 4.9, which stems from an incorrect boundary check. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system with the help of a special...

NVIDIA Virtual GPU Manager Denial of Service Vulnerability

NVIDIA Virtual GPU Manager is an NVIDIA virtual GPU management software from NVIDIA. A security vulnerability exists in the kernel module nvidia.ko in NVIDIA Virtual GPU Manager. An attacker could exploit this vulnerability to cause a denial of service...

CVE-2019-10790

taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found...

Lustre mdt module code issue vulnerability

Lustre is a parallel distributed file system typically used in large computer clusters and supercomputers, of which Lustre mdt is a module. A code issue vulnerability exists in the Lustre mdt module. The vulnerability stems from an improperly designed or implemented code development process for a...

Ansible: vulnerability in solaris_zone module via crafted solaris zone

A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...

CVE-2019-19714

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...

Multiple Remote Command Execution Vulnerabilities in USR-LTE-7S4 V2

Jinan Arata Networking Technology Co., Ltd. is a technology company that makes serial networking modules. Multiple remote command execution vulnerabilities exist in the 4G module USR-LTE-7S4 V2 in Jinan Youjin Networking Technology Co. This allows an attacker to remotely execute commands...

CVE-2019-11019

Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/allclaimdetail.php?claimid= URLs...

CVE-2019-12816

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name...

CVE-2019-12816

CVE-2019-12816 affects ZNC (before 1.7.4-rc1). Vulnerability in Modules.cpp allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name. Impacted component: ZNC IRC bouncer; condition requires authentication but not admin p...

SQL Injection Vulnerability in the art***.php and con***.php Modules of iCMS

iCMS is an efficient and simple content management system built with PHP and MySQL. The art.php and con.php modules of iCMS have a SQL injection vulnerability module, which can be exploited by attackers to obtain sensitive database information...

Context - Moderately critical - Cross site scripting - SA-CONTRIB-2019-028

This module enables you to manage contextual conditions and reactions for different portions of your site. The module doesn't sufficiently sanitize user output when displayed leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must hav...

m-server Vulnerable to Directory Traversal

Path Traversal vulnerability in module m-server 1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request...

GHSA-CXMJ-QJV6-VX9P mcstatic directory traversal vulnerability

A server directory traversal vulnerability was found on node module mcstatic =0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path...

string module denial of service vulnerability

The string module is a lightweight JavaScript library that provides additional String methods for Node.js. A security vulnerability exists in the string module. An attacker can exploit this vulnerability to cause a denial of service with the help of untrustworthy specially crafted input...