CVE-2020-14293

confdatetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field obtained from the web interface...

The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices which could be leveraged by local attackers to map or unmap rbd block devices aka CID-f44d04e696fe.

...

Linux kernel information disclosure vulnerability (CNVD-2020-51796)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An information disclosure vulnerability exists in Linux kernel before version 5.8.3, which stems from a TOCTOU mismatch in the NFS client code. An attacker can exploit...

PT-2020-5249 · Net Snmp +5 · Net-Snmp +5

Name of the Vulnerable Software and Affected Versions: Net-SNMP versions prior to 5.8 Description: The issue is related to improper privilege management in the Net-SNMP software. It allows SNMP WRITE access to the EXTEND MIB, which can be exploited to run arbitrary commands as root. This could...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-41489)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 5.8.0. An attacker could exploit this vulnerability to conduct a brute force attack...

Mattermost Server Information Disclosure Vulnerability (CNVD-2020-41493)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. An information disclosure vulnerability exists in Mattermost Server versions prior to 5.8.0. An attacker could exploit this vulnerability to obtain sensitive information...

Fork CMS Cross-Site Scripting Vulnerability (CNVD-2020-31119)

Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . A cross-site scripting vulnerability exists in Fork versions prior to 5.8.3. The vulnerability stems from the lack of proper validation of...

Zsh elevation of privilege vulnerability (CNVD-2020-50123)

Zsh is a command interpreter that can be used as a shell for interactive login and scripting. A security vulnerability exists in Zsh prior to version 5.8, which is caused by the program failing to overwrite the originally stored uid, and can be exploited by an attacker to restore the original...

CVE-2017-7399

Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users...

CVE-2019-17330

The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting XSS attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO...

March 5, 2019, update for Access 2010 (KB4018363)

March 5, 2019, update for Access 2010 KB4018363 This article describes update 4018363 for Microsoft Access 2010 that was released on March 5, 2019.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2010. It doesn't apply to th...

PT-2019-14907 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue in FusionPBX allows unauthorized access to download files due to an unsanitized variable f coming from the URL in the file resourcesdownload.php. This enables an attacker to download an...

Red Hat CloudForms Access Control Error Vulnerability

Red Hat CloudForms is a hybrid infrastructure management platform from Red Hat, Inc. The platform provides deployment, management, and other capabilities across virtual machines, clouds, containers, and physical infrastructure. An access control error vulnerability exists in Red Hat CloudForms...

UBUNTU-CVE-2019-6781

An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails...

DEBIAN-CVE-2019-3829

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption double free vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected...

CVE-2018-12409

The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1...

CVE-2018-12820

Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure...

CVE-2018-12818

Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure...

Cisco Secure Access Control System Remote Code Execution Vulnerability

Cisco Secure Access Control System ACS is the United States Cisco Cisco a set of security access control system. The system can be through the RADIUS, TACACS protocol for network access and network device access control respectively. ACS Report is one of the system report generation component. An...

CVE-2018-5787

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM Radio Interface Module process running on the WiNG Access Point via crafted packets...