CVE-2020-5919

In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding...

Code injection

In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding...

CVE-2020-5919

CVE-2020-5919 affects BIG-IP BIG-IP APM in 15.1.0-15.1.0.4 where rendering certain session variables in Modern customization can cause the Traffic Management Microkernel (TMM) to stop responding, potentially generating a core and disrupting traffic. The vulnerability is mitigated by upgrading to ...

CVE-2020-5919

In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding...

F5 Networks BIG-IP : BIG-IP APM vulnerability (K94563369)

Rendering of certain session variables by BIG-IP APM UI-based agents in anaccess profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding.CVE-2020-5919 Impact TMM may generate a core file and restart, causing traffic disruption or a failove...

Open-Xchange: A specifically designed sieve script can cause a DoS in lib-sieve during sieve script compilation via NULL pointer dereference

Reproduction realcrash.sieve is the attached script 1. Build dovecot and pigeonhole 2. Run sievec realcrash.sieve Requirements include and variables extensions should be required. One of the global commands global/export/import without any arguments should be followed by the same command with val...

CVE-2020-14936

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmpoiddecodeoid may overwrite memory areas beyond the provided...

The Bluetooth subsystem in QEMU mishandles negative values for length variables leading to memory corruption.

...

CVE-2020-0604

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

CVE-2020-0604

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Remote code execution

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Visual Studio Code Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Canonical Ubuntu Point-to-Point Protocol Daemon Arbitrary File Read Information Disclosure Vulnerability

This vulnerability allows local attackers to read arbitrary files on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

PT-2020-3658 · Microsoft · Visual Studio Code

Name of the Vulnerable Software and Affected Versions: Visual Studio Code affected versions not specified Description: A remote code execution issue exists when Visual Studio Code processes environment variables after opening a project. An attacker who successfully exploits this could run arbitra...

Security Update for Microsoft Visual Studio Code Maven Extension (August 2020)

An input-validation flaw exists in Visual Studio Code Maven Extension related to processing environment variables after opening a project that allows remote code execution. An attacker can convince a user to clone a specified repository and to open it in Visual Studio Code leading to code...

kernel: lockdown: bypass through ACPI write via efivar_ssdt

A flaw was found in how the ACPI table loading through the EFI variable and the related efivarssdt boot option was handled when the Linux kernel was locked down. This flaw allows a root privileged local user to circumvent the kernel lockdown restrictions. The highest threat from this vulnerabilit...

Ruby on Rails local names command execution

Added: 07/29/2020 CVE: CVE-2020-8163 Background Ruby on Rails is a web application framework written in Ruby. Problem Rails applications that allow users to control the names of local variable are affected by a vulnerability that could allow a remote attacker to execute arbitrary commands...

Ruby on Rails local names command execution

Added: 07/29/2020 CVE: CVE-2020-8163 Background Ruby on Rails is a web application framework written in Ruby. Problem Rails applications that allow users to control the names of local variable are affected by a vulnerability that could allow a remote attacker to execute arbitrary commands...

USN-4442-1: Sympa vulnerabilities

Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. CVE-2018-1000550 It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this...

USN-4442-1 sympa vulnerabilities

Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. CVE-2018-1000550 It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this...