123 matches found
CVE-2018-19947
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later...
Information disclosure
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later...
Input validation
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in...
Cross site request forgery (csrf)
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery CSRF vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and...
CVE-2018-19947
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later...
CVE-2020-15900
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32t. This was fixed...
openSUSE Security Update : freerdp (openSUSE-2020-1090)
This update for freerdp fixes the following issues : frerdp was updated to version 2.1.2 bsc1171441,bsc1173247 and jscECO-2006 : - CVE-2020-11017: Fixed a double free which could have denied the server's service. - CVE-2020-11018: Fixed an out of bounds read which a malicious clients could have...
Command injection
A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions...
ansible - win_unzip path normalization
Borja Tarraso reports: A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the winunzip module as the extracted files are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by...
Memory corruption
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with system privileges...
CVE-2019-8605
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges. Recent assessments: Assessed Attacker Value: 0 Assessed...
CVE-2013-2159
Monkey HTTP Daemon: broken user name authentication...
CVE-2019-7201
An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak...
Design/Logic Flaw
An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak...
HeaderMap::Drain API is unsound
Affected versions of this crate incorrectly used raw pointer, which introduced unsoundness in its public safe API. Failing to drop the Drain struct causes double-free, and it is possible to violate Rust's alias rule and cause data race with Drain's Iterator implementation. The flaw was corrected ...
fix unsound APIs that could lead to UB
Affected versions of this crate API could use uninitialized memory with some APIs in special cases, like use the API in none generator context. This could lead to UB. The flaw was corrected by This patch fixes all those issues above...
HackerOne: Disclosure of Program email Title Report when being removed as contributor. Bypass for Report #645264
Summary: It is somehow related to this report 645264. But I found an alternative way to reproduce the issue even it is considered as resolved. Steps To Reproduce 1. As a Program admin, navigate to Program Settings 2. Click Program 3. Click Email Notifications 4. Make sure it is set to No Content ...
CVE-2019-12842
A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2...
CVE-2019-12846
A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2...
CVE-2019-12866
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168...