SUSE-SU-2020:0959-1 Security update for python-PyYAML

This update for python-PyYAML fixes the following issues: - CVE-2020-1747: Fixed an arbitrary code execution when YAML files are parsed by FullLoader bsc1165439...

Code Execution Vulnerability in Coyote Hair Input Method

Coyote Hair Input Method is the Windows version of the Zhongzhou Rhyme Input Method engine. A code execution vulnerability exists in Coyote Hair Input Method, which can be exploited by attackers to execute malicious code...

Code execution vulnerability in Ape Programming client

Ape Programming Client is a platform under Ape Tutoring that specializes in online education for youth programming. A code execution vulnerability exists in Ape Programming Client, which can be exploited by attackers to execute malicious code...

Command Execution Vulnerability in Xianqi Kindergarten Online Management System

Xianqi Kindergarten Online Management System is a kindergarten online management system. A code execution vulnerability exists in the CKI Kindergarten Online Management System, which can be exploited by an attacker to gain server privileges...

CVE-2020-2167

CVE-2020-2167 affects the Jenkins OpenShift Pipeline Plugin, with versions 1.0.56 and earlier vulnerable. The root cause is the YAML parser not restricting deserialization of arbitrary types, enabling remote code execution when a user provides YAML input to the plugin’s build step. Public records...

Schneider Electric ProSoft Configurator Code Issue Vulnerability

Schneider Electric ProSoft Configurator is a configuration manager for logic controllers from Schneider Electric, France. A code issue vulnerability exists in Schneider Electric ProSoft Configurator v1.002 and prior versions for Modicon PMEPXM0100H modules. An attacker could exploit the...

CVE-2020-7476

A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit Versions prior to 1.0.1, which could cause execution of malicious code when a malicious file is put in the search path...

Code Execution Vulnerability in Foxit Reader U3D Plug-in (CNVD-2020-26509)

Foxit Software Incorporated Foxit Software is a provider of product technology and solutions that cover the document lifecycle, including document generation, conversion, display, editing, searching, printing, storage, signing, forms, protection, and secure distribution management. A code executi...

Huawei EulerOS: Security Advisory for e2fsprogs (EulerOS-SA-2020-1272)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

cPanel Code Execution Vulnerability (CNVD-2020-18566)

cPanel is a set of Web-based host control management system of the U.S. cPanel. A code execution vulnerability exists in cPanel versions prior to 84.0.20. An attacker can exploit this vulnerability to achieve code execution via the PassengerApps API using a demo account...

Microsoft Issues March 2020 Updates to Patch 115 Security Flaws

Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company's history. Of the 115 bugs spanning its various products —...

Microsoft Windows and Windows Server Code Execution Vulnerabilities

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A code execution vulnerability exists in Microsoft Windows and Windows Server that can be...

Quest Software KACE K1000 Systems Management Appliance Code Execution Vulnerability

The Quest Software KACE K1000 Systems Management Appliance KACE SMA is a systems management appliance from Quest Software, USA. A security vulnerability exists in the service/krashrpt.php file in Quest Software KACE SMA versions prior to 6.4 SP3 6.4.120822. A remote attacker can exploit the...

CVE-2020-2158

The CVE-2020-2158 entry affects Jenkins Literate Plugin versions 1.0 and earlier. The root cause is that the YAML parser is not configured to prevent instantiation of arbitrary types, enabling remote code execution. The impact is remote code execution with the plugin, and multiple sources identif...

CVE-2016-11021

setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter...

Code Execution Vulnerability in Yimin Trader Jiying

Yimin Trader Smart Earnings is a stock investors special computerized securities finance tools. Yimin Trader Zhiying has a code execution vulnerability that can be exploited by attackers to execute arbitrary code...

Code Execution Vulnerability in YY Voice

YY Voice is an Internet-based team voice communication platform developed by Guangzhou Huado Network Technology Co. A code execution vulnerability exists in YY Voice, which can be exploited by an attacker to execute arbitrary code...

Code Execution Vulnerability in Crypto Game Box

Quick Play Game Box is a treasure trove of games for game lovers. A code execution vulnerability exists in Quick Play Game Box, which can be exploited by attackers to execute arbitrary code...

Dell Security Management Server Code Issue Vulnerability

Dell Security Management Server is a data security management solution from Dell Dell. A code issue vulnerability exists in Dell Security Management Server versions prior to 10.2.10. The vulnerability stems from an improperly designed or implemented code development process for a network system o...

CVE-2020-8809

Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attack...