Ansible Flaw Vulnerability

Ansible is a computer system configuration manager from the American company Ansible. The product can be used to publish, manage and organize computer systems. Ansible has a flaw vulnerability. An attacker can use ansible facts file to select modules to send...

CVE-2019-20100

The Atlassian Application Links plugin is vulnerable to cross-site request forgery CSRF. The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version...

UBUNTU-CVE-2020-6402

Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

KeePass Denial of Service Vulnerability

KeePass is a free open source password manager that helps you manage your passwords in a secure way. A denial of service vulnerability exists in KeePass. An attacker can exploit the vulnerability to launch a denial of service attack...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2019-1731)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CloudBees Jenkins Amazon EC2 Plugin Authorization Issue Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Amazon EC2 Plugin is used in which an EC2 connection agen...

VMware Tools Local Elevation of Privilege Vulnerability (CNVD-2020-13854)

VMware Tools is an enhancement tool that comes with VMware virtual machines, equivalent to the enhancements in VirtualBox Sun VirtualBox Guest Additions, and is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of...

CVE-2020-1605 Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets and arbitrarily execute commands on the target device.

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon JDHCPD process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This...

CVE-2019-19680

CVE-2019-19680 concerns a file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD). Unpatched PPS versions up to 8.9.22 and 8.14.2 are affected. The issue allows bypassing protection mechanisms related to extensions, MIME types, virus detection, and journal entries f...

CVE-2018-19833

The CVE-2018-19833 entry concerns the DDQ smart contract (ERC20) where the function that sets/owners can be invoked by anyone because there is no caller identity check. Connected CNVD records (e.g., CNVD-2020-03511 describing DDQ override vulnerability) reiterate that the DDQ implementation’s own...

CVE-2019-19675

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked...

Authentication flaw

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked...

CVE-2019-19675

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked...

SAP Enable Now Information Disclosure Vulnerability

SAP Enable Now is a collaborative content creation, management and sharing platform from SAP. The platform is mainly used for online learning and training in SAP and non-SAP systems. An information disclosure vulnerability exists in SAP Enable Now. An attacker could use this vulnerability to obta...

DLL Hijacking Vulnerability in WeChat PC Client

WeChat is a chatting and socializing software from Shenzhen Tencent Computer System Co. A DLL hijacking vulnerability exists in the WeChat PC client, which can be exploited by attackers to execute malicious code...

Denial of Service Vulnerability in USR-TCP232-410S

There are people networking to the Internet of Things communication technology as the core, the launch of industrial communications, LPWAN and gateway, Internet of Things module, industrial control machine, network IO controller and other networking communication equipment, including...

File Upload Vulnerability in hybbs v2.3.2

HYBBS is a PHP website program that supports plugin extensions and template extensions. A file upload vulnerability exists in hybbs v2.3.2, which can be exploited by attackers to gain control of the web server...

Dell Command Configure Code Issue Vulnerability

Dell Command Configure is a Dell USA application that provides configuration capabilities for business client platforms. The program contains both a command line interface and a graphical user interface for configuring a variety of BIOS features. A code issue vulnerability exists in Dell Command...

Ansible nxos_file_copy module input validation error vulnerability

Ansible is a computer system configuration manager from the American company Ansible. The product can be used to distribute, manage, and program computer systems. nxosfilecopy is one of the modules that supports copying files to remote NXOS devices. An input validation error vulnerability exists ...