Out-of-bounds

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index...

CVE-2020-27483

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided...

CVE-2020-27484

Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow...

Vulnerability Descriptions in the New Version of the Security Update Guide

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System CVSS. This is a precise method that describes the vulnerability with attributes such as t...

Vulnerability Descriptions in the New Version of the Security Update Guide

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System CVSS. This is a precise method that describes the vulnerability with attributes such as t...

File Upload Vulnerability in easySite Content Management System

CSCL is a provider of artificial intelligence technology and informatization software and platforms. A file upload vulnerability exists in easySite Content Management System, which can be exploited by attackers to gain control of the server...

mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS

A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection, causing a denial of service of the MySQL Connectors...

cloud-init: Use of random.choice when generating random password

A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the...

CupCMS has a file inclusion vulnerability

CupCMS is a content management system that integrates video, stars, news, comics, community and more. CupCMS suffers from a file inclusion vulnerability. An attacker can exploit this vulnerability to gain server privileges...

Huawei Taurus-AL00B Resource Management Error Vulnerability (CNVD-2020-60319)

The Huawei Taurus-AL00B is a smartphone from the Chinese company Huawei Huawei. A resource management error vulnerability exists in certain Huawei phones. The vulnerability stems from use-after-free UAF, which can be exploited by an attacker to be able to extract power and affect services...

Foxit Studio Photo Remote Code Execution Vulnerability (CNVD-2020-59775)

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. A remote code execution vulnerability exists in the handling of CR2 files in Foxit Studio Photo 3.6.6.930 and earlier versions. The vulnerability stems from a lack of proper validation of user-supplied dat...

Foxit Studio Photo Remote Code Execution Vulnerability (CNVD-2020-59766)

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. A remote code execution vulnerability exists in the handling of NEF files in Foxit Studio Photo 3.6.6.930 and earlier versions. The vulnerability stems from a lack of proper validation of user-supplied dat...

Foxit Studio Photo Information Disclosure Vulnerability (CNVD-2020-59776)

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. An information disclosure vulnerability exists in the handling of CMP files in Foxit Studio Photo 3.6.6.930 and earlier versions. The vulnerability stems from a lack of proper validation of user-supplied...

Microsoft Windows Media Player HEVC Stream Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-6107

An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability...

PT-2020-4332 · Microsoft · Office

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: A remote code execution issue exists in Microsoft Office software due to improper handling of objects in memory. An attacker who successfully exploits this issue could run arbitrar...

PT-2020-4374 · Microsoft · Office Excel +1

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Description: A remote code execution issue exists in Microsoft Excel software due to its failure to properly handle objects in memory. This could allow an attacker to run arbitrary code in the...

PT-2020-4377 · Microsoft · Office Excel +2

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Description: A remote code execution issue exists in Microsoft Excel software due to improper handling of objects in memory. This could allow an attacker to run arbitrary code in the context of...

Sheng Zhang-Slice App has Denial of Service Vulnerability

Moment is a social chat app. A denial-of-service vulnerability exists in the Zhangsheng-Slice Moment app, which can be exploited by an attacker to cause a running app application to crash...

WarezTheRemote: Turning Remotes into Listening Devices

Television remotes have gotten little attention as a potential attack vector – despite being one of the most common household devices you can find...