NewStart CGSL MAIN 6.02 : python3 Multiple Vulnerabilities (NS-SA-2021-0059)

The remote NewStart CGSL host, running version MAIN 6.02, has python3 packages installed that are affected by multiple vulnerabilities: - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to...

NewStart CGSL CORE 5.04 / MAIN 5.04 : shim Vulnerability (NS-SA-2021-0009)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has shim packages installed that are affected by a vulnerability: - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows...

NewStart CGSL MAIN 4.06 : qemu-kvm Multiple Vulnerabilities (NS-SA-2021-0004)

The remote NewStart CGSL host, running version MAIN 4.06, has qemu-kvm packages installed that are affected by multiple vulnerabilities: - libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ipreass in ipinput.c. CVE-2019-15890 - ipreass in ipinput.c in libslirp 4.0.0 has a heap-based...

NewStart CGSL MAIN 6.02 : mariadb-connector-c Multiple Vulnerabilities (NS-SA-2021-0090)

The remote NewStart CGSL host, running version MAIN 6.02, has mariadb-connector-c packages installed that are affected by multiple vulnerabilities: - Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and...

NewStart CGSL CORE 5.04 / MAIN 5.04 : cloud-init Multiple Vulnerabilities (NS-SA-2021-0016)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has cloud-init packages installed that are affected by multiple vulnerabilities: - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys...

NewStart CGSL MAIN 6.02 : libarchive Vulnerability (NS-SA-2021-0079)

The remote NewStart CGSL host, running version MAIN 6.02, has libarchive packages installed that are affected by a vulnerability: - In Libarchive 3.4.0, archivewstringappendfrommbs in archivestring.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar...

NewStart CGSL CORE 5.04 / MAIN 5.04 : qt Vulnerability (NS-SA-2021-0031)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has qt packages installed that are affected by a vulnerability: - An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. readxbmbody in gui/image/qxbmhandler.cpp has a buffer over-read...

NewStart CGSL CORE 5.04 / MAIN 5.04 : okular Vulnerability (NS-SA-2021-0047)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has okular packages installed that are affected by a vulnerability: - KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. CVE-2020-9359 Note that Nessus has not tested for this issue but has...

NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2021-0018)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition...

CVE-2020-28466

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightene...

CVE-2020-28466

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightene...

Design/Logic Flaw

Chamilo 1.11.14 allows XSS via a main/calendar/agendalist.php?type= URI...

CVE-2020-7782 Command Injection

This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package...

NewStart CGSL CORE 5.05 / MAIN 5.05 : samba Multiple Vulnerabilities (NS-SA-2020-0106)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has samba packages installed that are affected by multiple vulnerabilities: - A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set i...

NewStart CGSL CORE 5.05 / MAIN 5.05 : mod_auth_mellon Vulnerability (NS-SA-2020-0106)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has modauthmellon packages installed that are affected by a vulnerability: - modauthmellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL...

Tenda AC5 AC1200 跨站脚本漏洞

The Tenda AC5 is an AC1200 smart dual-band WiFi router. A stored cross-site scripting vulnerability exists in the /main.html Wifi setting in Tenda AC5 V15.03.06.47multi. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the Wifi Name parameter...

Exploit for CVE-2020-1034

This is a PoC Proof of Concept exploit for CVE-2020-1034, a vulnerability discovered by Microsoft and fixed on August 9, 2020. The exploit targets an unpatched Windows 10 2004, build 19041.488. The exploit code is written in C++ and uses the Windows API to manipulate the system's Event Tracing fo...

CVE-2020-7771

The package asciitable.js before 1.0.3 are vulnerable to Prototype Pollution via the main function...

CVE-2020-7771

The package asciitable.js before 1.0.3 are vulnerable to Prototype Pollution via the main function...

Victornpb Asciitable.js Security Vulnerability

Victornpb Asciitable is a Javascript-based codebase for generating Ascii tables from two-digit tables of strings by the individual developer of Victornpb. A security vulnerability exists in asciitable.js before 1.0.3, which stems from the vulnerability to prototype contamination in the main...