CVE-2020-27132 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system OS with elevated privileges or gain access to sensitive information. For more information about these...

CVE-2020-27132 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system OS with elevated privileges or gain access to sensitive information. For more information about these...

Cisco Jabber Security Vulnerability

Cisco Jabber is the United States Cisco Cisco company's set of unified communications client solutions. The solution provides online status display, instant messaging, voice and other features. Jabber has a security vulnerability that can be exploited by an attacker to execute arbitrary programs ...

Open redirect

Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser...

EulerOS Virtualization 3.0.2.2 : libvirt (EulerOS-SA-2020-2209)

According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - qemu/qemudriver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows...

CVE-2020-13948

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

CVE-2020-3495 Cisco Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability

A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence...

CVE-2020-16602

Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236...

Race condition

Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236...

CVE-2020-16602

The CVE concerns Razer Chroma SDK Rest Server. A race condition allows remote code execution by replacing a file created under %PROGRAMDATA%\Razer Chroma\SDK\Apps before it is executed, with exploitation requiring network access on port 54236 during a registration step. Affected software: Razer C...

CVE-2020-16602

Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236...

CVE-2020-12473

MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program...

Code injection

MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program...

CVE-2020-12473

MonoX CMS

CVE-2019-9745

CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service Recognition Update Client Service via an insecure communication channel Named Pipe. The data JSON sent via this channel is used to import data from...

Design/Logic Flaw

CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service Recognition Update Client Service via an insecure communication channel Named Pipe. The data JSON sent via this channel is used to import data from...

CVE-2019-10161

It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of...

NewStart CGSL MAIN 4.06 : libvirt Vulnerability (NS-SA-2019-0173)

The remote NewStart CGSL host, running version MAIN 4.06, has libvirt packages installed that are affected by a vulnerability: - It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary pat...

CVE-2019-10161

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use...

Path traversal

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use...