SUSE CVE-2013-2218

Double free vulnerability in the virConnectListAllInterfaces method in interface/interfacebackendnetcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service libvirtd crash via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 37 new security patches for Oracle MySQL. 8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network withouti requiring user credentials...

CVE-2022-2769

A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS. This issue affects some unknown processing of the file /dashboard/contact. The manipulation of the argument phone leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2017-20120

A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may ...

Johnson Controls Metasys ADS ADX OAS Servers

1. EXECUTIVE SUMMARY CVSS v3 8.7 ATTENTION: Low attack complexity/exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Metasys ADS/ADX/OAS Servers Vulnerabilities: Unverified Password Change, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

Cross site scripting

A remote cross-site scripting xss vulnerability was discovered in HPE OneView versions: Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView...

Cross-Site Request Forgery in CakePHP

CakePHP before 4.0.6 and 3.10.3 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...

Oracle Linux 7 : olcne (ELSA-2021-9399)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9399 advisory. - Address Istio CVE's CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824 - Address CVE-2021-28683,...

Mitsubishi Electric GOT (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: GOT Vulnerability: Improper Authentication 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-112-02 Mitsubishi Electric GOT that was published...

FreeBSD : MySQL -- Multiple vulnerabilities (56ba4513-a1be-11eb-9072-d4c9ef517024)

Oracle reports : This Critical Patch Update contains 49 new security patches for Oracle MySQL. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of...

Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules

Intel is warning of a rare critical-severity vulnerability affecting several of its motherboards, server systems and compute modules. The flaw could allow an unauthenticated, remote attacker to achieve escalated privileges. The recently patched flaw CVE-2020-8708 ranks 9.6 out of 10 on the CVSS...

: Parallels RAS OS Command Execution

1. Advisory Information Title : Parallels RAS OS Command Execution Advisory ID : CORE-2020-0011 Advisory URL:https://www.coresecurity.com/core-labs/advisories/parallels-ras-os-command-execution Date published : 2020-07-23 Date of last update : 2020-07-21 Vendors contacted : Parallels Release mode...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 40 new security patches for Oracle MySQL. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilitie...

Dolibarr 11.0.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Title: Dolibarr 11.0.3 Authenticated Cross Site Scripting Bug: XSS - Cross Site Scripting CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13094 Exploit-DB Author ID: 8763 Remotely Exploitable: Yes Dynamic Coding Language: PHP CVSS...

Microsoft Windows Task Scheduler Security Feature Bypass

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Windows Task Scheduler Vendor: Microsoft CSNC ID: CSNC-2010-001 CVE ID: CVE-2020-1113 Subject: Security Feature Bypass Risk: High Effect: Remotely exploitable Authors: Sylvain Heiniger Date: 14.05.2020...

FreeBSD : MySQL Client -- Multiple vulerabilities (622b5c47-855b-11ea-a5e2-d4c9ef517024)

Oracle reports : This Critical Patch Update contains 45 new security patches for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. C Tenable Network Security, Inc. The descriptive...

Apple Patches Two iOS Zero-Days Abused for Years

Update Researchers are reporting two Apple iOS zero-day security vulnerabilities affecting its Mail app on iPhones and iPads. Impacted are iOS 6 and iOS 13.4.1. Apple patched both vulnerabilities in iOS 13.4.5 beta, released last week. A final release of iOS 13.4.5 is expected soon. Both...

CVE-2020-9276

An issue was discovered on D-Link DSL-2640B B2 EU4.01B devices. The function docgi, which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is possible by combining this vulnerability with...

Information disclosure

A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08. before 16.08.0009, 16.09. before 16.09.0007 and 16.10. before 16.10.0003...

FreeBSD : MySQL -- Multiple vulerabilities (a6cf65ad-37d2-11ea-a1c7-b499baebfeaf)

Oracle reports : This Critical Patch Update contains 17 new security fixes for Oracle MySQL. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. C Tenable Network Security, Inc. The descriptive te...