Input validation

Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector...

mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS

A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection, causing a denial of service of the MySQL Connectors...

Moderate: Red Hat Security Advisory: librsvg2 security update

An update for librsvg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

cloud-init: Use of random.choice when generating random password

A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the...

kernel: cached use of fpu_fpregs_owner_ctx in arch/x86/include/asm/fpu/internal.h can lead to DoS

A flaw was found in the Linux kernel. When compiled with GCC 9, a vector register corruption occurs on return from a signal handler where the top page of the signal stack had not yet been paged in which can allow a local attacker with special user privilege or root to leak kernel internal...

ALSA-2020:4709 Moderate: librsvg2 security update

The librsvg2 packages provide a Scalable Vector Graphics SVG library based on the libart library. Security Fixes: librsvg: Resource exhaustion via crafted SVG file with nested patterns CVE-2019-20446 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

Moderate: librsvg2 security update

The librsvg2 packages provide a Scalable Vector Graphics SVG library based on the libart library. Security Fixes: librsvg: Resource exhaustion via crafted SVG file with nested patterns CVE-2019-20446 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

CupCMS has a file inclusion vulnerability

CupCMS is a content management system that integrates video, stars, news, comics, community and more. CupCMS suffers from a file inclusion vulnerability. An attacker can exploit this vulnerability to gain server privileges...

Huawei Taurus-AL00B Resource Management Error Vulnerability (CNVD-2020-60319)

The Huawei Taurus-AL00B is a smartphone from the Chinese company Huawei Huawei. A resource management error vulnerability exists in certain Huawei phones. The vulnerability stems from use-after-free UAF, which can be exploited by an attacker to be able to extract power and affect services...

Foxit Studio Photo Remote Code Execution Vulnerability (CNVD-2020-59775)

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. A remote code execution vulnerability exists in the handling of CR2 files in Foxit Studio Photo 3.6.6.930 and earlier versions. The vulnerability stems from a lack of proper validation of user-supplied dat...

Foxit Studio Photo Remote Code Execution Vulnerability (CNVD-2020-59766)

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. A remote code execution vulnerability exists in the handling of NEF files in Foxit Studio Photo 3.6.6.930 and earlier versions. The vulnerability stems from a lack of proper validation of user-supplied dat...

Foxit Studio Photo Information Disclosure Vulnerability (CNVD-2020-59776)

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. An information disclosure vulnerability exists in the handling of CMP files in Foxit Studio Photo 3.6.6.930 and earlier versions. The vulnerability stems from a lack of proper validation of user-supplied...

Design/Logic Flaw

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

Design/Logic Flaw

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2020-14857

CVE-2020-14857 affects Oracle E-Business Suite Trade Management, specifically the User Interface component, with affected versions 12.1.1–12.1.3 and 12.2.3–12.2.10. The vulnerability is exploitable over HTTP by an unauthenticated attacker and, per sources, may allow access to critical data and un...

Adobe Illustrator 2020 Memory Corruption Vulnerability (CNVD-2020-57881)

Adobe Illustrator 2020 is a vector graphics editor. A memory corruption vulnerability exists in Adobe Illustrator 2020. An attacker can exploit this vulnerability to execute arbitrary code...

CVE-2020-24413

Adobe Illustrator version 24.1.2 and earlier is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit...

CVE-2020-24415

Adobe Illustrator version 24.1.2 and earlier is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit...

CentOS 7 : OpenEXR (RHSA-2020:4039)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4039 advisory. - An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refi...

Crossbeam Buffer Overflow Vulnerability

Crossbeam is a tool for individual developers applied to concurrent programming. A buffer overflow vulnerability exists in Crossbeam crossbeam-channel versions prior to 0.4.4, which stems from an inconsistency between the Vec::from iter allocated memory and the number of iterators. An attacker ca...