Ubuntu: Security Advisory (USN-4566-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for perl-XML-LibXML (EulerOS-SA-2020-2030)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.6.0 : libsoup (EulerOS-SA-2020-2047)

According to the versions of the libsoup package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could explo...

Huawei EulerOS: Security Advisory for perl-XML-LibXML (EulerOS-SA-2020-2055)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : perl-XML-LibXML (EulerOS-SA-2020-2055)

According to the version of the perl-XML-LibXML package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the...

Mozilla Thunderbird Security Advisories (MFSA2020-42, MFSA2020-44) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla Firefox Security Advisories (MFSA2020-42, MFSA2020-43) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

CVE-2020-4620

IBM Data Risk Manager iDNA 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could all...

KLA11966 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, spoof user interface, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. XSS vulnerability can be...

Denial Of Service (DoS)

firefox is vulnerable to denial of service. A use-after-free vulnerability in AssertWorkerThread due to a race condition with shared workers allows an attacker to crash the application and potentially execute arbitrary code...

Ubuntu: Security Advisory (USN-4499-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-24561

Trend Micro ServerProtect for Linux 3.0 contains an OS command injection vulnerability (CWE-78) that can allow an attacker with admin/root privileges on the SPLX console to execute arbitrary code on the affected system. Red Hat CVE-2020-24561, NVD, JVN, and NCSC corroborate the vulnerability deta...

Design/Logic Flaw

DLL Injection Vulnerability in McAfee Agent MA for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL...

Command Injection in giting

All versions of gitting are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The pull function is vulnerable through the branch variable. Recommendation No fix is current...

CVE-2020-12248

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled...

CVE-2020-25005

Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ID parameter which may allow a remote attacker to execute arbitrary code...

Sql injection

Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ID parameter which may allow a remote attacker to execute arbitrary code...

CVE-2020-13466

STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration...

Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities

Summary IBM Security Privileged Identity Manager has addressed an issue for nss-softokn as follows. Vulnerability Details CVEID: CVE-2019-11745 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system,...

JerryScript ecma_is_lexical_environment buffer overflow vulnerability

JerryScript is a lightweight JavaScript engine from the JerryScript project. jerryScript ecmaislexicalenvironment has a buffer overflow vulnerability that can be exploited by attackers to submit special requests that can crash an application or execute arbitrary code...