PT-2021-1856 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 10.3.6.0.0 through 12.1.3.0.0 Description: The issue is related to insufficient access control in the Web Services component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access v...

PT-2021-11867 · WordPress · Newsletters

Name of the Vulnerable Software and Affected Versions: Newsletter plugin versions prior to 6.8.2 for WordPress Description: A Reflected Authenticated Cross-Site Scripting XSS issue allows remote attackers to trick a victim into submitting a tnpc render AJAX request. This request can contain eithe...

CVE-2020-16916

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...

CVE-2020-1097

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit...

SUSE-SU-2020:1918-1 Security update for xrdp

This update for xrdp fixes the following issues: - Security fixes bsc1173580, CVE-2020-4044: + Add patches: xrdp-cve-2020-4044-fix-0.patch xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: xrdp-fate318398-change-expired-password.patch...

CVE-2019-20869

An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel...

libexif security update

0.6.21-6 - Add patch for CVE-2020-13112 - Resolves: 1840948...

Exploit for Double Free in Whatsapp

WhatsPayloadRCE This is a Automated Generate Payload for CVE-...

BlueZ Advisory

Summary: A potential security vulnerability in BlueZ may allow escalation of privilege and denial of service. BlueZ is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2020-0556 Description: Improper access control in subsystem for BlueZ befor...

Security update for nmap (important)

openSUSE Security Update: Security update for nmap Announcement ID: openSUSE-SU-2019:2198-1 Rating: important References: 1135350 1148742 Cross-References: CVE-2017-18594 CVE-2018-15173 Affected Products: openSUSE Leap 15.0 An update that fixes two vulnerabilities is now available. Description:...

Protect against BlueKeep

Worms are the cause of many cyber headaches. They can easily replicate themselves to spread malicious malware to other computers in your network. As the field responders providing Microsoft enterprise customers with onsite assistance to serious cybersecurity threats, our Detection and Response Te...

PT-2022-23251 · Gpac +1 · Gpac +1

Name of the Vulnerable Software and Affected Versions: GPAC versions prior to the version that includes commit fef6242 Description: A heap-buffer-overflow occurred in the gf isom dovi config get function of isomedia/avc ext.c at line 2490, as demonstrated by MP4Box. Recommendations: For versions...

PT-2018-3329

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 31.0.0.153 and earlier Adobe Flash Player versions 31.0.0.108 and earlier Description: The issue is related to a use-after-free vulnerability in Adobe Flash Player. Successful exploitation could lead to arbitrary...

PT-2017-3938

Name of the Vulnerable Software and Affected Versions Telerik UI for ASP.NET AJAX versions prior to R1 2017 Telerik UI for ASP.NET AJAX R2 versions prior to R2 2017 SP2 Description The issue is related to weak encryption in RadAsyncUpload, which allows remote attackers to perform arbitrary file...

PT-2016-1146 · Openssh +2 · Openssh +2

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 7.1p2 Description: The issue is related to the ssh packet read poll2 function in the packet.c file, which allows remote attackers to cause a denial of service due to an out-of-bounds read and application crash via...

desknet's NEO vulnerable to directory traversal

Overview desknet's NEO provided by NEOJAPAN Inc. contains a directory traversal CWE-22 vulnerability where it fails to verify html parameter in zhtml.cgi. Hiroyuki Yamashita of M Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

Ali safe says found Android WiFi vulnerability: hackers can remotely attack-vulnerability warning-the black bar safety net

! 1 ! Android WiFi vulnerability Android WiFi vulnerability Recently, Ali security research labs found that Android system is a major vulnerability, mainly affecting Android WiFi function components wpasupplicant。 Through this vulnerability, hackers can open the WiFi of Android phone to launch...

Wary of the Ghost vulnerability in the butterfly effect granted Server Permissions-bug warning-the black bar safety net

Recently everyone is concerned about the Ghost vulnerability, CNNVD-2 0 1 5 0 1-6 5 8, In addition to in clockdiff, and procmail, and exim and other applications on the discovered vulnerabilities, yesterday security personnel found to have spread to the common on the web application, such as the...

PT-2023-25556 · Monetdb +1 · Monetdb Server +1

Name of the Vulnerable Software and Affected Versions: MonetDB Server versions 11.45.17 through 11.46.0 Description: The issue in the list append component allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For versions 11.45.17 and 11.46.0, update to a...

Microsoft's announcement to fix the OLE remote code execution vulnerability-vulnerability warning-the black bar safety net

In last month's“patch Tuesday”in Microsoft's Update Patch for the OLE allow remote code execution were fixed. We had thought that the vulnerability has been fixed, but may in fact be more than we imagined more complicated. Microsoft today once again revolve around the vulnerability issued a safet...