Use-after-free

WebKitGTK+ is vulnerable to use-after-free. It is possible for a remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing...

Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-31270)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices have a security vulnerability that can be exploited by attackers to run applications in a locked Secure Folder without a password...

GHSA-VH95-RMGR-6W4M Prototype Pollution in minimist

Affected versions of minimist are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument --proto.y=Polluted...

CVE-2020-5283

ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS showsubdirlastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the...

CVE-2020-5283

ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS showsubdirlastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the...

CVE-2020-5283

Removed by vendor...

Memory Corruption Vulnerability in DCCE HMIware at Dalian Polytechnic Computer Control Engineering Co.

DCCE HMIware configuration editing software, is a special human-machine interface configuration software developed for DCCE touch screen, the software provides users with a powerful integrated development environment, the product is widely used in the field of medical, chemical, electric power,...

Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-30402)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An unspecified vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to obtain thumbnails of content in private mode...

Arbitrary File Read Vulnerability in AppVision's Video Surveillance System

Applusoft specializes in UHD, ultra-long focus, multi-spectral, thermal imaging products, technical services and overall customized solutions. AppVision's video surveillance system has an arbitrary file reading vulnerability, the vulnerability is due to its video surveillance backend does not do...

ImpressCMS 1.3.11 - Why you should not trust PHP_SELF

We scanned the at the time current version 1.3.11 of ImpressCMS and found an unauthorized SQL Injection vulnerability. The exploit affects installations that use PDO as a database driver. The issue was fixed in version 1.4.0, though the patch does not follow best practices and might not be...

Microsoft Warns of Critical Windows Zero-Day Flaws

Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. The unpatched flaws are being exploited by attackers in “limited, targeted” attacks, the company said. According to Microsoft, two remote code execution vulnerabilities exist i...

Fuji Xerox printers buffer overflow vulnerability

Fuji Xerox is the world's largest manufacturer of digital and information technology products and a Fortune 500 company. Fuji Xerox series of printer products can meet a variety of different business needs. A wide range of black and white color digital printers offer high performance and quality....

Microsoft Windows Graphics Component Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Graphics Components is one of the graphics components. A privilege vulnerability exists in...

CVE-2020-10376

Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header...

Denial of Service Vulnerability in NAop401 at Nanda Aotuo Technology

NAop401 is an OP series text screen design tool. NAop401 has a denial of service vulnerability that can be exploited by an attacker to cause a program crash by constructing a malformed evp file...

Design/Logic Flaw

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vameditXml.php doesn't check the parameter that identifies the file name to be read. Thus, an...

PT-2020-1990 · Cisco +1 · Cisco Fxos +1

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software affected versions not specified Description: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2020-1152)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2020-1938

When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...

Code execution vulnerability in QQMusic installation package

QQ Music QQMusic is the official music playback software launched by Tencent. A code execution vulnerability exists in the QQMusic installation package. An attacker can exploit the vulnerability to execute task code...