Linux Distros Unpatched Vulnerability : CVE-2020-7905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network. CVE-2020-7905 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2019-20503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usrsctp before 2019-12-20 has out-of-bounds reads in sctploadaddressesfrominit. CVE-2019-20503 Note that Nessus relies on the presence of the package as reporte...

CVE-2020-7820

Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC...

usrsctp buffer overflow vulnerability

usrsctp is a user-level SCTP Stream Control Transmission Protocol stack with multi-platform support. A buffer overflow vulnerability exists in sctploadaddressesfrominit in versions of usrsctp prior to 2019-12-20. The vulnerability stems from a network system or product performing operations in...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read usrsctp before 2019-12-20 has out-of-bounds reads in sctploadaddressesfrominit. Remediation A fix was pushed into the master branch but not yet published. References - Chromium Bugs - GitHub Commit...

CVE-2019-18271

OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to a cross-site request forgery that may be introduced on the PI Vision administration site...

STMicroelectronics ST33TPHF2ESPI TPM Encryption Issue Vulnerability

The STMicroelectronics ST33TPHF2ESPI TPM is a Trusted Computing Platform Module from STMicroelectronics, Switzerland. A cryptographic issue vulnerability exists in versions of the STMicroelectronics ST33TPHF2ESPI TPM prior to 2019-09-12. The vulnerability stems from a networked system or product...

ACRN Denial of Service Vulnerability

ACRN is an open source virtual machine monitor for the Internet of Things. A security vulnerability exists in versions prior to ACRN 2019w25.5-140,000p. An attacker can exploit the vulnerability to cause a denial of service assertion failure...

Unspecified vulnerability in Yachtcontrol

Yachtcontrol is a ship navigation system from the Dutch company Yachtcontrol. A security vulnerability exists in Yachtcontrol versions 2019-10-06 and earlier. An attacker could exploit the vulnerability to execute operating system commands...

CVE-2019-16863

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL...

CVE-2019-9679

Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build tim...

PT-2019-14641 · FFmpeg · Ffjpeg

Name of the Vulnerable Software and Affected Versions: ffjpeg versions prior to 2019-08-18 Description: The issue is related to a NULL pointer dereference in the huffman decode step function at huffman.c. Recommendations: For versions prior to 2019-08-18, update to a version released after...

FlashLingo SQL Injection Vulnerability

FlashLingo is a program used to authenticate a user's Google account. A SQL injection vulnerability exists in versions of FlashLingo prior to 2019-06-12, which can be exploited by an attacker to execute illegal SQL commands...

Moodle Acclaim block plugin SQL injection vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Acclaim block is a plugin used in it to handle course completion. A SQL injection vulnerability exists in versions of the Moodle Acclai...

FredReinink Wellness-app SQL Injection Vulnerability

FredReinink Wellness-app is a web-based fitness tracking application. A SQL injection vulnerability exists in versions of FredReinink Wellness-app prior to 2019-06-19, which can be exploited by an attacker to execute illegal SQL commands...

CVE-2019-15520

comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory...

CVE-2019-15519

Power-Response before 2019-02-02 allows directory traversal up to the application's main directory via a plugin...

Sean Barrett stb_vorbis code issue vulnerability

Sean Barrett stbvorbis is an open source audio codec for decoding ogg vorbis files. Sean Barrett stbvorbis A code issue vulnerability exists in the 'getwindow' function in versions 2019-03-04 and earlier. The vulnerability stems from an improperly designed or implemented code development process...

Sean Barrett stb_vorbis Number Error Vulnerability

Sean Barrett stbvorbis is an open source audio codec for decoding ogg vorbis files. Sean Barrett stbvorbis A numeric error vulnerability exists in the 'predictpoint' function in versions 2019-03-04 and earlier. The vulnerability stems from a networked system or product not properly calculating or...

Rockwell Automation PanelView 5510 Access Control Error Vulnerability

Rockwell Automation PanelView 5510 is a graphic terminal device from Rockwell Automation. An access control error vulnerability exists in the PanelView 5510 manufactured before 2019-3-13. The vulnerability stems from a network system or product not properly restricting access to resources from...