CVE-2020-26880

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...

UBUNTU-CVE-2020-26880

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...

CVE-2020-24807

The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported...

CVE-2020-24807

The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported...

[SECURITY] Fedora 32 Update: pandoc-citeproc-0.16.2-2.fc32

The pandoc-citeproc library supports automatic generation of citations and a bibliography in pandoc documents using the Citation Style Language CSL ma cro language. More details on CSL can be found at . In addition to a library, the package includes an executable, pandoc-citepr oc, which works as...

InfoCage SiteShell installs their files with improper access permissions

Overview InfoCage SiteShell provided by NEC Corporation installs their files with improper access permissions CWE-732. Especially, the service executable files can be modified by Everyone users. NEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN...

[SECURITY] Fedora 33 Update: pandoc-citeproc-0.17.0.1-3.fc33

The pandoc-citeproc library supports automatic generation of citations and a bibliography in pandoc documents using the Citation Style Language CSL ma cro language. More details on CSL can be found at . In addition to a library, the package includes an executable, pandoc-citepr oc, which works as...

EulerOS Virtualization for ARM 64 3.0.6.0 : perl-Encode (EulerOS-SA-2020-2046)

According to the version of the perl-Encode packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was found that perl can load modules from the current directory if not found in the module directories, via the...

Huawei EulerOS: Security Advisory for perl-Module-Load-Conditional (EulerOS-SA-2020-2013)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : libffi (EulerOS-SA-2020-2113)

According to the version of the libffi packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that...

Heap Overflow Vulnerability in Advantech WebAccess HMI PanelSim.exe

Advantech WebAccess/HMI Designer is an integrated human-machine interface development tool. A heap overflow vulnerability exists in Advantech WebAccess HMI PanelSim.exe, which can be exploited by an attacker to cause a heap overflow and cause the program to crash...

CVE-2020-15843

ActFax Version 7.10 Build 0335 2020-05-25 is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal. The folder permissions allow "Full Control" to...

CVE-2020-14022

Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts "Import Contacts" functionality from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality E.g. the "Application Starter" module...

Arbitrary Code Execution

gdb is vulnerable to arbitrary code execution. An integer overflow in the stringappends function in cplus-dem.c allows remote attackers to execute arbitrary code via a malicious executable...

CVE-2020-7358

In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an...

CVE-2020-7358

In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an...

Code injection

In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an...

CVE-2020-7358

The CVE-2020-7358 entry relates to the AppSpider Installer. Affected software: AppSpider installer versions prior to 7.2.126. Vulnerable component: the installer launches an executable, which can be placed in the installation directory by a user with local access. Root cause: the installer cannot...

CVE-2020-7530

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...

CVE-2020-7530

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...