CVE-2020-1654 Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution

On Juniper Networks SRX Series with ICAP Internet Content Adaptation Protocol redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service DoS or Remote Code Execution RCE Continued processing of this malformed HTTP message may result in an extended Denial of...

Advantech WebAccess/SCADA suffers from a command execution vulnerability (CNVD-2020-48618)

Advantech WebAccess/SCADA is a suite of SCADA software based on a browser architecture. A command execution vulnerability exists in Advantech WebAccess/SCADA. An attacker could exploit the vulnerability to execute console commands...

CVE-2020-7814

RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files to be downloaded and excuted by lack of validation to file extension, witch can used as remote-code-excution attacks by hackers File download & execution vulnerability in COMPONENT of RAONWIZ RAON...

Apple CMS suffers from a command execution vulnerability (CNVD-2020-47331)

Apple CMS is a complete and powerful rapid site building system running on PHP+MYSQL environment. Apple CMS suffers from a command execution vulnerability that can be exploited by attackers to gain control of the web server...

CVE-2020-15515

The turn extension through 0.3.2 for TYPO3 allows Remote Code Execution...

CVE-2020-6089

An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

Security Bulletin: A Security Vulnerability has been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2020-4448)

Summary Websphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

OPENSUSE-SU-2020:0912-1 Security update for unbound

This update for unbound fixes the following issues: - CVE-2020-12662: Fixed an issue where unbound could have been tricked into amplifying an incoming query into a large number of queries directed to a target bsc1171889. - CVE-2020-12663: Fixed an issue where malformed answers from upstream name...

CVE-2020-9568

Adobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution...

VulnCheck KEV: CVE-2018-1000861

A code execution vulnerability exists in the Stapler web framework used by Jenkins...

Code Execution Vulnerability in Xunrui CMS

Xunrui CMS free open source system is based on PHP7 language using the latest CodeIgniter4 as the development framework for the production of web content management framework. XunRui CMS code execution vulnerabilities exist. An attacker can exploit the vulnerability to execute arbitrary code...

RHEL 6 : flash-plugin (RHSA-2020:2547)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2547 advisory. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version...

Cross site request forgery (csrf)

A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists in Easergy T300 Firmware version 1.5.2 and older which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted...

Code Execution Vulnerability in Lenovo L78071 Development Edition by Lenovo (Beijing) Co.

Lenovo Beijing Co., Ltd. is an enterprise engaged in the research and development, production, repair and testing of electronic computers and their components. A code execution vulnerability exists in the Lenovo L78071 Development Edition of Lenovo Beijing Limited, which can be exploited by an...

Critical: Red Hat Security Advisory: flash-plugin security update

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Command Execution Vulnerability in Multiple IBM Products

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from IBM in the United States. A command execution vulnerability exists in multiple IBM products. An attacker could exploit this vulnerability to execute commands in the SOAP API...

Microsoft Windows Runtime Elevation of Privilege Vulnerability (CNVD-2021-29547)

Microsoft Windows Runtime .net framework is an essential functional support library for the Windows operating system from Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Runtime, which arises from a program that does not properly handle objects in memory, and can be...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager (CVE-2020-4163)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1; IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere...

IBM WebSphere UploadFileArgument Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BroadcastMessageManager class. The issue results from the lack of proper validation of...

Command Execution Vulnerability in AC15 Upgrade Software of Shenzhen Jixiang Tengda Technology Co.(CNVD-2020-40766)

The AC15 upgrade software is manufactured by Shenzhen Jixiang Tengda Technology Co., Ltd. and features a built-in dual-core processor with DDR3 memory. The Shenzhen Jixiang Tengda Technology Co., Ltd AC15 Upgrade Software suffers from a command execution vulnerability that can be exploited by...