SAP Enable Now Information Disclosure Vulnerability

SAP Enable Now is a collaborative content creation, management and sharing platform from SAP. The platform is mainly used for online learning and training in SAP and non-SAP systems. An information disclosure vulnerability exists in SAP Enable Now. An attacker could use this vulnerability to obta...

DLL Hijacking Vulnerability in WeChat PC Client

WeChat is a chatting and socializing software from Shenzhen Tencent Computer System Co. A DLL hijacking vulnerability exists in the WeChat PC client, which can be exploited by attackers to execute malicious code...

Denial of Service Vulnerability in USR-TCP232-410S

There are people networking to the Internet of Things communication technology as the core, the launch of industrial communications, LPWAN and gateway, Internet of Things module, industrial control machine, network IO controller and other networking communication equipment, including...

File Upload Vulnerability in hybbs v2.3.2

HYBBS is a PHP website program that supports plugin extensions and template extensions. A file upload vulnerability exists in hybbs v2.3.2, which can be exploited by attackers to gain control of the web server...

Dell Command Configure Code Issue Vulnerability

Dell Command Configure is a Dell USA application that provides configuration capabilities for business client platforms. The program contains both a command line interface and a graphical user interface for configuring a variety of BIOS features. A code issue vulnerability exists in Dell Command...

Ansible nxos_file_copy module input validation error vulnerability

Ansible is a computer system configuration manager from the American company Ansible. The product can be used to distribute, manage, and program computer systems. nxosfilecopy is one of the modules that supports copying files to remote NXOS devices. An input validation error vulnerability exists ...

Ruby has an unspecified vulnerability

Ruby is a simple and fast object-oriented object-oriented programming scripting language. An unspecified vulnerability exists in Ruby. An attacker can exploit this vulnerability to invoke arbitrary Ruby methods...

CVE-2011-4076

OpenStack Nova before 2012.1 allows someone with access to an EC2ACCESSKEY equivalent to a username to obtain the EC2SECRETKEY equivalent to a password. Exposing the EC2ACCESSKEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2SECRETKEY. A...

Unspecified Vulnerability in Blackview BV7000_Pro

The Blackview BV7000Pro is a smartphone from Blackview of Hong Kong, China. A security vulnerability exists in the Blackview BV7000Pro build fingerprint: Blackview/BV7000Pro/BV7000Pro:7.0/NRD90M/1493011204:user/release-keys in the com.mediatek. A security vulnerability exists in the factorymode...

Denial of Service Vulnerability in Oceanis Browser

Maxthon is a multi-tab browser. A denial of service vulnerability exists in Maxthon Browser, which can be exploited by attackers to cause the program to crash...

Nextcloud: Improper confidentiality protection of server-side encryption keys

This vulnerability is related to the Improper integrity protection of server-side encryption keys vulnerability but leverages a different attack vector. While the previous attack broke the confidentiality of encrypted files because the public keys are not integrity-protected, this new attack brea...

CVE-2019-19035

jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and processSOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file...

CVE-2009-5047

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4611. Reason: This candidate is a duplicate of CVE-2009-4611. Notes: All CVE users should reference CVE-2009-4611 rather than this candidate. All references and descriptions in this candidate have been removed to prevent...

CVE-2019-18680

A flaw was found in the Linux kernel's implementation of RDS over TCP. A system that has the rdstcp kernel module that is loaded through an autoload via a local process running listen, or manual loading, could possibly cause a kernel panic. Mitigation While this is a network protocol being...

Microsoft Windows win32k Information Disclosure Vulnerability (CNVD-2019-41636)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is a suite of operating systems for use on personal devices.Microsoft Windows Server is a suite of server operating systems.win32k is the kernel part of one of the Windows subsystem...

Microsoft Excel Information Disclosure Vulnerability (CNVD-2020-20381)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel. An attacker can exploit this vulnerability by tricking a user into opening a specially crafted document file to obtain sensitive...

TYPO3 cross-site scripting vulnerability (CNVD-2019-41233)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 versions prior to 4.3.12, 4.4.x prior to 4.4.9 and 4.5.x prior to 4.5.4. The vulnerability stems from a lack of proper validation of...

CVE-2019-18812

A memory leak in the sofdfsentrywrite function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory consumption, aka CID-c0a333d842ef...

Mozilla Firefox ESR < 24.7 Multiple Vulnerabilities

Binary data 701240.prm...

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Digital Error Vulnerability

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliances Software ASA Software are both products of Cisco, Inc.Cisco Firepower Threat Defense is a set of unified software that provides next-generation firewall services. Defense is a set of unified software to provide...