CVE-2020-26192

Dell EMC PowerScale OneFS versions 8.2.0–9.1.0 contain a local privilege-escalation vulnerability. A non-admin user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH could potentially read arbitrary data, tamper with system software, or cause a denial of service. Affected products/versions and pr...

CVE-2020-26192

Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISIPRIVLOGINCONSOLE or ISIPRIVLOGINSSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no...

Security Bulletin: Denial of Service vulnerability in IBM Spectrum Protect Plus (CVE-2020-5023)

Summary IBM Spectrum Protect Plus may be vulnerable to a denial of service attack when arbitrary data injection/parameter fuzzing is performed. Vulnerability Details CVEID: CVE-2020-5023 DESCRIPTION: IBM Spectrum Protect Plus could allow a remote user to inject arbitrary data iwhich could cause t...

Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects

A "severe" vulnerability in GNU Privacy Guard GnuPG's Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis...

CVE-2020-8581

Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled...

CVE-2020-35782

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations,...

Contiki Buffer Overflow Vulnerability

Contiki is an open source, highly portable, networked multitasking operating system for memory-constrained systems. Contiki suffers from a buffer overflow vulnerability that stems from not performing integrity checks on the value of the urgent data pointer, allowing an attacker to corrupt memory ...

CVE-2020-9331

CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation by local users with the SeChangeNotifyPrivilege right because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space...

CVE-2020-14374

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copydata function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhostcrypto application. The highest threat from this...

CVE-2020-14374

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copydata function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhostcrypto application. The highest threat from this...

Arbitrary Memory Overwrite

putty is vulnerable to arbitrary memory overwrite. A remote attacker is able to exploit the vulnerability to write arbitrary data into memory during the RSA key exchange before host key verification...

Information Disclosure

binutils is vulnerable to information disclosure. A heap-based buffer overflow from an integer overflow in the function simpleobjectelfmatch in simple-object-elf.c allows an attacker to obtain arbitrary data from memory. This is due to a lack of check for a zero shstrndx value...

CVE-2020-25250

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs...

Vulnerability fixed in Citrix Storefront

Citrix has fixed a vulnerability in StoreFront Server. The vulnerability allows an authenticated malicious party to obtain obtain arbitrary data from the StoreFront server. The malicious party must be logged into the same Active-Directory-domain as where the StoreFront logged on to the same...

CVE-2020-14500

Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data...

CVE-2020-14500

Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data...

CVE-2020-14500 IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158

Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data...

CVE-2019-4582

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 167288...

Remote Code Execution (RCE)

typo3/cms is vulnerable to insecure cryptography. During installation with mediace extension, the vulnerability exists because it was possible to generate arbitrary checksums that allows the injection of arbitrary data, allowing an attacker with at least one Extbase plugin or module action to...

Insecure Cryptography

typo3/cms is vulnerable to insecure cryptography. The vulnerability exists because it was possible to generate arbitrary checksums that allows the injection of arbitrary data...