CVE-2019-19411

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gai...

GNOME librsvg xml.rs file denial of service vulnerability

GNOME librsvg is an open source SVG graphics development library for the GNOME project. A security vulnerability exists in the xml.rs file in GNOME librsvg versions prior to 2.46.2. An attacker can exploit this vulnerability to cause a denial of service with a specially crafted SVG file...

VMware Tools Local Elevation of Privilege Vulnerability (CNVD-2020-13854)

VMware Tools is an enhancement tool that comes with VMware virtual machines, equivalent to the enhancements in VirtualBox Sun VirtualBox Guest Additions, and is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of...

CVE-2020-2719

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications component: Core. Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2020-2652

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite component: Preferences. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CR...

Design/Logic Flaw

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: Shopping Cart. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iStore...

CVE-2020-2650

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications component: Promotions. The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

CVE-2020-2534

Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware component: Security and Authentication. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2020-1605 Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets and arbitrarily execute commands on the target device.

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon JDHCPD process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This...

CVE-2019-19680

CVE-2019-19680 concerns a file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD). Unpatched PPS versions up to 8.9.22 and 8.14.2 are affected. The issue allows bypassing protection mechanisms related to extensions, MIME types, virus detection, and journal entries f...

UBUNTU-CVE-2020-1766

Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior...

CVE-2018-19833

The CVE-2018-19833 entry concerns the DDQ smart contract (ERC20) where the function that sets/owners can be invoked by anyone because there is no caller identity check. Connected CNVD records (e.g., CNVD-2020-03511 describing DDQ override vulnerability) reiterate that the DDQ implementation’s own...

GNU LibreDWG Post-Release Reuse Vulnerability

GNU LibreDWG is a GNU Project C library for working with DWG files. A post-release reuse vulnerability exists in the 'resolveobjectrefvector' function in the decode.c file in GNU LibreDWG version 0.92. The vulnerability stems from mismanagement of system resources e.g., memory, disk space, files,...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Summary IBM Watson Discovery for IBM Cloud Pak for Data ships with versions of FasterXML jackson-databind vulnerable to serialization gadgets. Vulnerability Details CVEID: CVE-2019-14540 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is...

CVE-2019-19602

A flaw was found in the Linux kernel. When compiled with GCC 9, a vector register corruption occurs on return from a signal handler where the top page of the signal stack had not yet been paged in which can allow a local attacker with special user privilege or root to leak kernel internal...

CVE-2019-19675

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked...

Authentication flaw

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked...

CVE-2019-19675

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked...

Linux kernel input validation error vulnerability (CNVD-2020-00265)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An input validation error vulnerability exists in Linux kernel version 5.2.14 and earlier. The vulnerability arises from a networked system or product that does not...

SAP Enable Now Information Disclosure Vulnerability

SAP Enable Now is a collaborative content creation, management and sharing platform from SAP. The platform is mainly used for online learning and training in SAP and non-SAP systems. An information disclosure vulnerability exists in SAP Enable Now. An attacker could use this vulnerability to obta...