Denial of Service Vulnerability in NAop401 at Nanda Aotuo Technology

NAop401 is an OP series text screen design tool. NAop401 has a denial of service vulnerability that can be exploited by an attacker to cause a program crash by constructing a malformed evp file...

Design/Logic Flaw

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vameditXml.php doesn't check the parameter that identifies the file name to be read. Thus, an...

PT-2020-1990 · Cisco +1 · Cisco Fxos +1

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software affected versions not specified Description: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2020-1152)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2020-1938

When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...

Code execution vulnerability in QQMusic installation package

QQ Music QQMusic is the official music playback software launched by Tencent. A code execution vulnerability exists in the QQMusic installation package. An attacker can exploit the vulnerability to execute task code...

Ansible Flaw Vulnerability

Ansible is a computer system configuration manager from the American company Ansible. The product can be used to publish, manage and organize computer systems. Ansible has a flaw vulnerability. An attacker can use ansible facts file to select modules to send...

CVE-2019-20100

The Atlassian Application Links plugin is vulnerable to cross-site request forgery CSRF. The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version...

UBUNTU-CVE-2020-6402

Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

KeePass Denial of Service Vulnerability

KeePass is a free open source password manager that helps you manage your passwords in a secure way. A denial of service vulnerability exists in KeePass. An attacker can exploit the vulnerability to launch a denial of service attack...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2019-1731)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CloudBees Jenkins Amazon EC2 Plugin Authorization Issue Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Amazon EC2 Plugin is used in which an EC2 connection agen...

VMware Tools Local Elevation of Privilege Vulnerability (CNVD-2020-13854)

VMware Tools is an enhancement tool that comes with VMware virtual machines, equivalent to the enhancements in VirtualBox Sun VirtualBox Guest Additions, and is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of...

CVE-2020-1605 Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets and arbitrarily execute commands on the target device.

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon JDHCPD process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This...

CVE-2019-19680

CVE-2019-19680 concerns a file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD). Unpatched PPS versions up to 8.9.22 and 8.14.2 are affected. The issue allows bypassing protection mechanisms related to extensions, MIME types, virus detection, and journal entries f...

CVE-2018-19833

The CVE-2018-19833 entry concerns the DDQ smart contract (ERC20) where the function that sets/owners can be invoked by anyone because there is no caller identity check. Connected CNVD records (e.g., CNVD-2020-03511 describing DDQ override vulnerability) reiterate that the DDQ implementation’s own...

CVE-2019-19675

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked...

Authentication flaw

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked...

CVE-2019-19675

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked...