The vulnerability of the `system login block-for` command in Cisco NX-OSS routing devices allows a attacker to cause a service failure.

The vulnerability of the system login block-for command in the Cisco NX-OS networking operating system’s routers is related to data writing beyond the buffer. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

coreos-installer: incorrect signature verification on gzip-compressed install images

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

VulnCheck KEV: CVE-2020-8599

Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login...

Code injection

The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to it; regardless of access control group...

GNU libmicrohttpd Buffer Overflow Vulnerability

GNU libmicrohttpd is a GNU open source application. Run the HTTP server as part of another application. A buffer overflow vulnerability exists in versions of libmicrohttpd prior to 0.9.71, which stems from the fact that a missing bounds check will result in a buffer overflow that can be exploited...

NETGEAR JGS516PE/GS116Ev2 Arbitrary Data Write Vulnerability

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. An arbitrary data write vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. The vulnerability stems from the TFTP firmware update mechanism not properly implementing firmware validation. A remote...

CVE-2021-24088

Windows Local Spooler Remote Code Execution Vulnerability Recent assessments: bwatters-r7 at August 10, 2021 9:35pm UTC reported: This entry is based off the blackhat talk by Zhiniang Peng, Xuefeng Li, and Lewis Lee on August 4, 2021. They said CVE-2021-24088, 24077, and 1722 were all similar, bu...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-35782

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations,...

CVE-2020-14899

Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromis...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

DEBIAN-CVE-2020-14382

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2jsonmetadata.c' in function...

CVE-2020-25250

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs...

CVE-2020-25250

CVE-2020-25250 affects Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below, and 20.3.10.1000 and below. The issue allows client applications to write arbitrary data to the server logs. The connected documents do not provide exploit details, affecte...

OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Vulnerabilities fixed in MySQL Server

Ubuntu has fixed several vulnerabilities in MySQL. An authenticated remote malicious person could exploit the vulnerabilities potentially exploit them to cause a denial-of-service or obtain read and write access to data stored in MySQL databases stored. -= Ubuntu =- Canonical has made updates...

CVE-2020-14533

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce component: Dynamo Application Framework. Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...

CVE-2014-7175

FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php...

CVE-2020-5555

CVE-2020-5555 affects Shihonkanri Plus GOOUT (Ver1.5.8, Ver2.2.10). The issue stems from improper input validation, enabling remote attackers to read and write files in the server directory (and, for CVE-2020-5554, in arbitrary file paths). Connected docs corroborate multiple vulnerabilities in t...

CVE-2020-8599

Trend Micro Apex One 2019 and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability...