SUSE-SU-2020:0684-1 Security update for salt

This update for salt fixes the following issues: - Avoid possible user escalation upgrading salt-master bsc1157465 CVE-2019-18897 - Fix unit tests failures in testbatchasync tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU...

PT-2020-6515 · D Link · D-Link Dap-2020

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 routers. Authentication is not required to exploit this issue. The specific fla...

VulnCheck KEV: CVE-2019-19781

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution...

CVE-2019-7482

Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier...

SonicWall SMA100 Pre-authentication stack buffer overflow

Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7482 Last updated: March 6, 2020, 4:42 a.m...

CVE-2019-16246

Intesync Solismed 3.3sp1 allows Local File Inclusion LFI, a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution...

CVE-2019-16246

Intesync Solismed 3.3sp1 allows Local File Inclusion LFI, a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution...

Design/Logic Flaw

Intesync Solismed 3.3sp1 allows Local File Inclusion LFI, a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution...

CVE-2019-16246

CVE-2019-16246 affects Intesync Solismed 3.3sp1 and is described in Red Hat as a Local File Inclusion (LFI) that leads to unauthenticated code execution. CNVD entries also document a Solismed file inclusion vulnerability. The connected sources confirm LFI as the vulnerability class and unauthenti...

CVE-2019-16246

Intesync Solismed 3.3sp1 allows Local File Inclusion LFI, a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution...

CVE-2019-14867

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function berscanf was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger...

CVE-2019-17415

A Structured Exception Handler SEH based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331...

CVE-2016-10824

CVE-2016-10824 affects cPanel prior to 55.9999.141. The vulnerability enables unauthenticated arbitrary code execution via DNS NS entry poisoning. Public details in the provided connected sources are limited to the affected version and impact; no root-cause specifics or remediation steps are desc...

CVE-2016-10858

cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning SEC-64...

CVE-2016-10855

cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd SEC-91...

Code injection

cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning SEC-64...

CVE-2019-13279

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote...

PT-2019-2570 · Abb · Abb Idal Ftp Server

Name of the Vulnerable Software and Affected Versions: ABB IDAL HTTP server version SAP500900R0101 Description: The issue is related to a buffer overflow vulnerability in the HTTP server of the ABB IDAL tool. This occurs when a long Host header is sent in a web request, allowing an unauthenticate...

jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF

This module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration file that contains an LDAP...