ALEA-2020:4700 createrepo_c bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

CVE-2020-8183

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call...

CVE-2020-8183

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call...

bip.kolaczyce.pl Cross Site Scripting vulnerability OBB-1464220

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Remote Code Execution (RCE)

create-git is vulnerable to remote code execution RCE. The vulnerability exists as it allows concatenation and execution of user provided input without proper checking inside a exec call, leading to an execution of malicious commands...

CVE-2020-26878

Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API /service/v1/createUser endpoint, injecting arbitrary commands that will be executed as root user via web.py...

createmediaaccess.com Cross Site Scripting vulnerability OBB-1437741

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

PT-2020-16458 · Acme +1 · Mini Httpd +1

Name of the Vulnerable Software and Affected Versions: Belkin LINKSYS WRT160NL version 1.0.04.002 US 20130619 Description: The issue is a stack-based buffer overflow due to the use of sprintf in the create dir function of mini httpd. This can lead to arbitrary code execution if successfully...

CVE-2020-24033

An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with...

CVE-2020-13957

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous which could be used for remote code execution to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such featur...

gyogyexpressz.com Cross Site Scripting vulnerability OBB-1435048

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Oracle Trade Management Unauthorized Access Vulnerability

Oracle Trade Management is a trade management system from Oracle. It provides functions such as product categorization and allocation, import of purchase orders and letters of credit, and reconciliation of estimated and actual costs to improve trade efficiency and profitability. An unauthorized...

Oracle Database Server Database Filesystem component unauthorized access vulnerability

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. An unauthorized access vulnerability exists in the Oracle Database Server Database...

CVE-2020-14743

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to...

CVE-2020-14736

Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Public Synonym privilege with network access via Oracle Net to compromi...

CVE-2020-14741

Vulnerability in the Database Filesystem component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Resource, Create Table, Create View, Create Procedure, Dbfsrole privilege...

Grocy Cross-Site Scripting Vulnerability

Grocy is a web-based self-hosted grocery and home management solution for families by individual developers. The platform is an ERP system for families written in PHP. A cross-site scripting vulnerability exists in Grocy version 2.7.1 and prior versions. The vulnerability is related to a running...

CVE-2019-18794

The BASS Audio Library 2.4.14 under Windows is prone to a BASSStreamCreateFile Use after Free vulnerability via a crafted .ogg file. An attacker can exploit this to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service...

CVE-2019-18795

The BASS Audio Library 2.4.14 under Windows is prone to a BASSStreamCreateFile out of bounds read vulnerability via a crafted .wav file. An attacker can exploit this issues to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of servic...

Microsoft Windows Media Base Memory Corruption Vulnerability

Microsoft Windows is a desktop operating system from Microsoft. A security vulnerability exists in Microsoft Windows Media Base. An attacker could exploit the vulnerability to install programs; view, change, or delete data; or create new accounts with full user rights...