CVE-2020-3427

The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denia...

The vulnerability of the software for working with animations in Adobe Character Animator lies in errors during the path validation of dynamically loaded libraries, allowing attackers to execute arbitrary code.

The vulnerability of the software for working with animations in Adobe Character Animator is related to errors in checking the path of dynamically loaded libraries. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2020-1904

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages...

Directory traversal

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages...

Important: Red Hat Security Advisory: librepo security update

An update for librepo is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

librepo security update

1.11.0-3 - Validate paths read from repomd.xml RhBug:1866498...

OPENSUSE-SU-2020:1289-1 Security update for librepo

This update for librepo fixes the following issues: - Fixed path validation to prevent directory traversal attacks bsc1175475, CVE-2020-14352 This update was imported from the SUSE:SLE-15-SP2:Update update project...

Security update for librepo (important)

openSUSE Security Update: Security update for librepo Announcement ID: openSUSE-SU-2020:1289-1 Rating: important References: 1175475 Cross-References: CVE-2020-14352 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for librepo...

CVE-2020-15645

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2020-17387

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2020-15641

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl...

USN-4459-1 salt vulnerabilities

It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract sensitive information. CVE-2018-15750 It was discovered that Salt has a vulnerability that allows an user to bypass authentication. An attacker could use that to...

Marvell QConvergeConsole Remote Code Execution Vulnerability (CNVD-2020-46344)

Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A remote code execution vulnerability exists in the saveAsText method of the...

Marvell QConvergeConsole Remote Code Execution Vulnerability (CNVD-2020-46346)

Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A remote code execution vulnerability exists in the getFileFromURL method of the...

Marvell QConvergeConsole Remote Code Execution Vulnerability (CNVD-2020-46340)

Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A security vulnerability in the decryptFile method of the FlashValidatorServiceImpl class i...

CentOS Web Panel Code Issue Vulnerability

CentOS Web Panel CWP is a free web hosting control panel. A code issue vulnerability exists in the ajaxmodsecurity.php file in CentOS Web Panel cwp-e version 17.0.9.8.923, which stems from not properly validating user-supplied paths. An attacker could exploit the vulnerability to execute code...

CVE-2020-15623

This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...

SolarWinds Serv-U FTP Server Input Validation Error Vulnerability

SolarWinds Serv-U FTP Server is a set of U.S. SolarWinds FTP and MFT file transfer software. A security vulnerability exists in SolarWinds Serv-U FTP Server versions prior to 15.2.1 that stems from the server not validating parameter paths. No details of the vulnerability are provided at this tim...

CVE-2020-15543

SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path...

CVE-2020-15543

SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path...