Vega Cross-Site Scripting Vulnerability

Vega is a Javscript-based software from the Vega team that can be used to create interactive visual displays. The software can use JSON format to describe the data visualization and use HTML5 Canvas or SVG to generate interactive views. A cross-site scripting vulnerability exists in Vega versions...

PT-2020-5285 · Vmware · Vmware Workstation +3

Name of the Vulnerable Software and Affected Versions: VMware ESXi versions 7.0 prior to ESXi70U1c-17325551 VMware Workstation versions 16.x prior to 16.0 and 15.x prior to 15.5.7 VMware Fusion versions 12.x prior to 12.0 and 11.x prior to 11.5.7 VMware Cloud Foundation affected versions not...

PT-2020-13196 · WordPress · Mappress-Google-Maps-For-Wordpress

Name of the Vulnerable Software and Affected Versions: mappress-google-maps-for-wordpress plugin versions prior to 2.54.6 Description: The issue is related to incomplete capability checks for AJAX functions, specifically those involved in the creation, retrieval, and deletion of PHP template file...

CVE-2020-4312

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. IBM X-Force ID: 177089...

Design/Logic Flaw

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component...

cPanel cross-site scripting vulnerability (CNVD-2019-26210)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in cPanel versions prior to 66.0.2. The vulnerability stems from a lack of proper...

PT-2019-6328 · Zoneminder +3 · Zoneminder +3

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.32.3 Description: The issue is related to a stack-based buffer overflow in the zmLoadUser function, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. This is a...

Packabit project: building Nmap deb packages for Ubuntu

During the long New Year holidays 30 dec - 8 jan I started a new project: Vagrant-based Linux package builder called Packabit. I thought it might be nice to have scripts that will automatically build a Linux packages from sources and will NOT litter main system with unnecessary packages. Somethin...

GHSA-762F-C2WG-M8C8 Denial of Service in protobufjs

Versions of protobufjs before 5.0.3 and 6.8.6 are vulnerable to a regular expression denial of service when parsing crafted invalid .proto files. Recommendation Update to version 5.0.3, 6.8.6 or later...

PT-2018-17701 · Mcafee · Mcafee True Key

Name of the Vulnerable Software and Affected Versions: McAfee True Key versions prior to 4.20.110 Description: The issue concerns a DLL Side-Loading vulnerability that allows local users to gain privilege elevation. This is achieved by not verifying a particular DLL file signature, which can be...

Netsweeper Arbitrary File Upload Vulnerability

Netsweeper is a Web content filtering solution from Netsweeper Canada. An arbitrary file upload vulnerability exists in the webadmin/ajaxfilemanager/ajaxfilemanager.php file in Netsweeper versions prior to 3.1.10, 4.0.x versions prior to 4.0.9, and 4.1.x versions prior to 4.1.2. A remote attacker...

Mozilla Thunderbird < 38.4 Multiple Vulnerabilities

Binary data 9151.prm...

Hey, Apple User! Check If You are also Affected by the Sparkle Vulnerability

A pair of new security vulnerabilities has been discovered in the framework used by a wide variety of Mac apps leaves them open to Man-in-the-Middle MitM attacks. The framework in question is Sparkle that a large number of third-party OS X apps, including Camtasia, uTorrent, Duet Display and...

FFmpeg 'jpeg2000_read_main_headers' Function Denial of Service Vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video. A denial of service vulnerability exists in the jpeg2000readmainheaders function in the libavcodec/jpeg2000dec.c file in FFmpeg versions prior to 2.6.5, 2.7.x versions prior to 2.7.3, and 2.8.2 and prior 2.8.x...

Flash Player < 11.7.700.275 / 13.0.0.182 Multiple Vulnerabilities (APSB14-09)

Binary data 8806.prm...

PT-2015-1704 · Oracle +6 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 5.5.43 and earlier Oracle MySQL Server versions 5.6.24 and earlier Description: The issue is related to errors in the code of the Server : I S subcomponent of the MySQL database management system. It allows remote...

Flash Player < 14.0.0.125 (inferred) Multiple Vulnerabilities (APSB14-16)

Binary data 8303.prm...

VMware vCenter Server Multiple Vulnerabilities (VMSA-2012-0005)

The version of VMware vCenter Server installed on the remote host is 4.0 before Update 4a, 4.1 before Update 3, or 5.0 before Update 1. As such it is potentially affected by multiple vulnerabilities in the embedded Apache Tomcat server and the Oracle Sun Java Runtime Environment. C Tenable Networ...

Java enabled browsers are highly vulnerable

Oracle has released emergency patches multiple of times in recent months for Java for one after another set of vulnerabilities. About 100 million computers reported to be vulnerable to unauthorized access via different flaw in Java software. Department of Homeland Security's US-CERT already warne...

PT-2013-2171 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.7.9 Description: The issue arises from the xen iret function in arch/x86/xen/xen-asm 32.S, which does not properly handle an invalid value in the DS segment register on 32-bit Xen paravirt ops platforms. This...