Design/Logic Flaw

CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...

Security Vulnerabilities fixed in Thunderbird 68.10.0 — Mozilla

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash.Note: this issue only affects Firefox on ARM64 platforms. Manipulating individual parts of a URL object could have caused an...

Mozilla: Use-after-free in SharedWorkerService

The Mozilla Foundation Security Advisory describes this flaw as: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash...

Mozilla: Use-after-free in SharedWorkerService

The Mozilla Foundation Security Advisory describes this flaw as: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash...

BD Alaris PCU (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Becton, Dickinson and Company BD Equipment: Alaris PCU Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

AnyDesk GUI Format String Write

The AnyDesk GUI is vulnerable to a remotely exploitable format string vulnerability. By sending a specially crafted discovery packet, an attacker can corrupt the frontend process when it loads or refreshes. While the discovery service is always running, the GUI frontend must be started to trigger...

CVE-2020-4045

SSB-DB version 20.0.0 has an information disclosure vulnerability. The get method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of private messages, which ...

GHSA-MPGR-2CX9-327H Information disclosure in SSB-DB

Impact What kind of vulnerability is it? Who is impacted? Servers running SSB-DB 20.0.0 which is packaged with SSB-Server 16.0.0 must upgrade immediately. There is no evidence that other SSB apps are vulnerable or that this problem has been exploited in the wild. The get method is supposed to onl...

CVE-2020-6090

The CVE-2020-6090 entry concerns WAGO PFC 200 Web-Based Management (WBM) version 03.03.10(15). Multiple sources (Talos, Red Hat, Tenable, CNVD, etc.) confirm an exploitable code execution vulnerability triggered by specially crafted authenticated HTTP requests to WBM. The root cause is that WBM’s...

KLA11809 Multiple vulnerabilities in Microsoft Apps

Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Word for Android can be exploited remotely via special...

Siemens LOGO! TDE service "NFSAccess" Delete Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can cause be used to delete critical system data resulting in a denial of service. An attacker...

CVE-2020-6110

An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs ...

Mozilla: Use-after-free in SharedWorkerService

The Mozilla Foundation Security Advisory describes this flaw as: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash...

Mozilla: Use-after-free in SharedWorkerService

The Mozilla Foundation Security Advisory describes this flaw as: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash...

CVE-2020-12405

The Mozilla Foundation Security Advisory describes this flaw as: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash...

CVE-2020-12405

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird 68.9.0, Firefox 77, and Firefox ESR 68.9...

Security Vulnerabilities fixed in Firefox ESR 68.9 — Mozilla

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. Mozilla developer Iain Ireland...

CVE-2020-6831

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR 68.8, Firefox 76, and Thunderbird 68.8.0...

CVE-2020-6831

CVE-2020-6831 is a bug described in Debian security advisories as a buffer overflow in the SCTP chunk input validation in the usrsctp library. The Debian entries explicitly tie this CVE to Firefox ESR (<68.8), Firefox (<76) and Thunderbird (

CVE-2020-6831

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR 68.8, Firefox 76, and Thunderbird 68.8.0...