Seal Finance Farm Security Breach

Seal Finance Farm is a network protocol used by the Seal Finance community to support decentralized trading.SEAL An experimental protocol that acts as an intermediary between the main DeFi protocol tokens, creating deeper liquidity between the two Seal Finance Farm has a security vulnerability. T...

DEBIAN-CVE-2020-12658

gssproxy aka gss-proxy before 0.8.3 does not unlock condmutex before pthread exit in gpworkermain in gpworkers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional...

CVE-2020-35275

Coastercms v5.8.18 is affected by cross-site Scripting XSS. A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application...

CVE-2020-35275

Coastercms v5.8.18 is affected by cross-site Scripting XSS. A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application...

CVE-2020-35275

Coastercms v5.8.18 is affected by cross-site Scripting XSS. A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application...

CVE-2020-35477

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...

UBUNTU-CVE-2020-35477

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...

CVE-2020-27048

In RWSendRawFrame of rwmain.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

Command Injection

corenlp-js-prefab is vulnerable to command injection. The vulnerability is possible via the main function...

Command Injection

corenlp-js-interface is vulnerable to command injection. The vulnerability is possible via the main function...

CVE-2020-28440 Command Injection

All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via main function in index.js. PoC var a = require"get-npm-package-version"; a"& touch JHU"; Remediation Upgrade get-npm-package-version to version 1.0.7 or higher. References - GitHub Commit - NPM Package - Vulnerable...

Noahdess Corenlp-js-interface Command Injection Vulnerability

Noahdess Corenlp-js-interface is a JS-written Npm codebase for interacting with Stanford CoreNLP by the Noahdess individual developer. Noahdess Corenlp-js-interface suffers from a command injection vulnerability that stems from the fact that both corenlp-js-interface are susceptible to command...

NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0117)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities: - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive...

NewStart CGSL CORE 5.04 / MAIN 5.04 : python-twisted-web Multiple Vulnerabilities (NS-SA-2020-0078)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python-twisted-web packages installed that are affected by multiple vulnerabilities: - In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characte...

NewStart CGSL CORE 5.04 / MAIN 5.04 : texlive Vulnerability (NS-SA-2020-0078)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has texlive packages installed that are affected by a vulnerability: - An issue was discovered in t1checkunusualcharstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1...

JerryScript Buffer Overflow Vulnerability (CNVD-2022-11530)

JerryScript is a lightweight JavaScript engine from the JerryScript Jerryscript project. JerryScript 2.3.0 is vulnerable due to an out-of-bounds read in the main print unhandled exception in the main-util .c file, which could be exploited by an attacker to cause code execution...

NewStart CGSL CORE 5.05 / MAIN 5.05 : dovecot Multiple Vulnerabilities (NS-SA-2020-0105)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has dovecot packages installed that are affected by multiple vulnerabilities: - In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used ...

CVE-2020-29657

In JerryScript 2.3.0, there is an out-of-bounds read in mainprintunhandledexception in the main-utils.c file...

UBUNTU-CVE-2020-29657

In JerryScript 2.3.0, there is an out-of-bounds read in mainprintunhandledexception in the main-utils.c file...