Windscribe WindscribeService Named Pipe Privilege Escalation

The Windscribe VPN client application for Windows makes use of a Windows service WindscribeService.exe which exposes a named pipe \.\pipe\WindscribeService allowing execution of programs with elevated privileges. Windscribe versions prior to 1.82 do not validate user-supplied program names,...

CVE-2020-5231 Opencast users with ROLE_COURSE_ADMIN can create new users

In Opencast before 7.6 and 8.1, users with the role ROLECOURSEADMIN can use the user-utils endpoint to create new users not including the role ROLEADMIN. ROLECOURSEADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code except for tests but only i...

UBUNTU-CVE-2020-8428

fs/namei.c in the Linux kernel before 5.5 has a maycreateinsticky use-after-free, which allows local users to cause a denial of service OOPS or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2018-1341)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

The forDNN.UsersExportImport module before 1.2.0 for DNN formerly DotNetNuke allows an unprivileged user to import create new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data...

CVE-2020-2518

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to...

CVE-2020-2527

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromi...

CVE-2020-2511

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS...

Code injection

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to...

Vulnerability of the create_resource_pool() function (drivers/gpu/drm/amd/display/dc) in Linux kernel, allowing a hacker to trigger a service failure

The vulnerability of the createresourcepool function drivers/gpu/drm/amd/display/dc in the Linux operating system is related to a memory leak. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

The vulnerability of the `clock_source_create()` function (/gpu /drm/amd/display/dc) in the Linux kernel allows a malicious actor to cause a service failure.

The vulnerability of the clocksourcecreate function /gpu /drm/amd/display/dc in the Linux kernel is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause service interruptions remotely...

PT-2020-1541 · Oracle · Oracle Database Server +1

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, and 19c Description: The issue is related to insufficient access control in the Core RDBMS component of Oracle Database Server. It can be exploited by a remote attacker with low...

Oracle Database Server CVE-2020-2517 Remote Security Vulnerability

Description Oracle Database Server is prone to a remote security vulnerability that exists in Database Gateway for ODBC. The vulnerability can be exploited over 'OracleNet' protocol. For an exploit to succeed, the attacker must have 'Create Procedure' and 'Create Database Link' privileges. This...

PT-2020-1534 · Oracle · Oracle Database Server +1

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, and 19c Description: The issue is related to a vulnerability in the Core RDBMS component of Oracle Database Server, allowing a high-privileged attacker with Create Index and Create Tabl...

PT-2020-1539 · Oracle · Oracle Database Server +1

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c Description: The issue is related to a vulnerability in the Database Gateway for ODBC component, which can be exploited by a low-privileged attacker with Create Sessio...

PT-2020-1538 · Oracle · Oracle Database Server +1

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, and 19c Description: The issue is related to a vulnerability in the Core RDBMS component of Oracle Database Server, allowing a high-privileged attacker with Create Materialized View and...

map.startuplithuania.lt Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1062513 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

The vulnerability in the `png_create_info_struct` function of the PNG bitmap graphics library allows a attacker to cause a denial-of-service attack.

The vulnerability of the pngcreateinfostruct function in the library for working with PNG bitmap graphics in libpng is related to improper memory release before deleting the last reference. Exploiting this vulnerability can allow an attacker to cause service interruptions through various network...

DEBIAN-CVE-2019-19770

In the Linux kernel 4.19.83, there is a use-after-free read in the debugfsremove function in fs/debugfs/inode.c which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfscreatefile. NOTE: Linux kernel developers dispu...

DRUPAL-CONTRIB-2019-094

This project enables administrators to create modal dialogs. The routes used by the module lacked proper permissions, allowing untrusted users to access, create and modify modal configurations...