DEBIAN-CVE-2020-24870

Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identifyprocessdngfields in identify.cpp...

CVE-2020-24870

Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identifyprocessdngfields in identify.cpp...

UBUNTU-CVE-2020-24870

Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identifyprocessdngfields in identify.cpp...

CVE-2020-24870

Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identifyprocessdngfields in identify.cpp...

Libraw 缓冲区错误漏洞

LibRaw is a library for reading RAW files acquired from digital cameras. A stack buffer overflow vulnerability exists in LibRaw::identifyprocessdngfields in identify.cpp in versions of LibRaw prior to 0.20.1. No detailed vulnerability details are provided at this time...

CVE-2021-1306

A vulnerability in the restricted shell of Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE, and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is du...

Input validation

A vulnerability in the restricted shell of Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE, and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is du...

tomcat -- HTTP request smuggling in multiple versions

Bahruz Jabiyev, Steven Sprecher and Kaan Onarlioglu of NEU seclab reports: Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: Tomcat incorrectly ignored...

[SECURITY] Fedora 33 Update: python-yara-4.1.0-1.fc33

Python binding for the YARA pattern matching tool. YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each...

CVE-2020-24139

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services...

Design/Logic Flaw

User Enumeration vulnerability in TerraMaster TOS = 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php...

PT-2020-6973 · Unknown +3 · Imagemagick +3

Name of the Vulnerable Software and Affected Versions: ImageMagick versions 6.9.11-22 through 7.0.10-45 Description: A memory leak in the identify -help command allows remote attackers to perform a denial of service. The issue is related to incorrect memory deallocation before removing the last...

CVE-2020-27978

Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session...

CVE-2020-27978

Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session...

Design/Logic Flaw

Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session...

CVE-2020-27978

Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session...

CVE-2020-27978

CVE-2020-27978 (Shibboleth Identify Provider 3.x prior to 3.4.6) is a denial-of-service vulnerability where a remote unauthenticated attacker can trigger a login flow that exhausts Java heap by creating objects in the Java Servlet container session. Affected product is Shibboleth Identify Provide...

Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...

CVE-2020-12811

An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting XSS via the Identify Provider name field...

Cross site scripting

An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting XSS via the Identify Provider name field...