Information disclosure

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system OS with elevated privileges or gain access to sensitive information. For more information about these...

CVE-2020-26085

CVE-2020-26085 and related Cisco Jabber vulnerabilities affect Cisco Jabber Desktop and Mobile Client (Windows, macOS, and mobile). The connected sources describe multiple flaws that could allow an attacker to execute arbitrary code or access sensitive information on the underlying OS, with netwo...

Telerik Fiddler Code Injection Vulnerability

Telerik Fiddler is an HTTP protocol debugging proxy tool. A code injection vulnerability exists in Telerik Fiddler 5.0.20202.18177 and earlier versions, which allows an attacker to execute an arbitrary program via a hostname with a space character at the end, followed by the --utility-and-browser...

CVE-2020-27134

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system OS with elevated privileges or gain access to sensitive information. For more information about these...

CVE-2020-27132

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system OS with elevated privileges or gain access to sensitive information. For more information about these...

CVE-2020-27127

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system OS with elevated privileges or gain access to sensitive information. For more information about these...

CVE-2020-27133

CVE-2020-27133 is a Cisco Jabber Desktop and Mobile Client vulnerability family affecting Cisco Jabber for Windows, MacOS, and mobile platforms. The CVE entries arise from multiple issues in message handling and input validation: CVE-2020-26085 (XMPP message handling leading to remote code execut...

CVE-2020-13661

Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser...

CVE-2020-13661

Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser...

CVE-2020-13661

Telerik Fiddler before 5.0.20204. fixes the vulnerability CVE-2020-13661 which allows code execution through a crafted hostname with a trailing space followed by --utility-and-browser --utility-cmd-prefix= and the path to a locally installed program. The attack requires the user to interactively ...

CVE-2020-13661

Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser...

PYSEC-2020-222

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

Cisco Webex Meetings Desktop App URL Filtering Arbitrary Program Execution (cisco-sa-webex-client-url-fcmpdfVY)

According to its self-reported version, Cisco Webex Meetings Desktop App is affected by a vulnerability due to improper validation of input that is supplied to application URLs. An unauthenticated, remote attacker can exploit this, by persuading a user to follow a malicious URL, in order to execu...

CVE-2020-3263 Cisco Webex Meetings Desktop App URL Filtering Arbitrary Program Execution Vulnerability

A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by...

CVE-2020-12473

MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program...

CVE-2019-9745

CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service Recognition Update Client Service via an insecure communication channel Named Pipe. The data JSON sent via this channel is used to import data from...

Code injection

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local...

CVE-2019-10166

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local...

libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API

It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of...

libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API

It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of...