CVE-2020-15024

An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation...

Default credentials

An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation...

CVE-2020-15024

An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation...

NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0039)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially...

NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0047)

The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable...

NewStart CGSL MAIN 4.05 : krb5-appl Vulnerability (NS-SA-2020-0049)

The remote NewStart CGSL host, running version MAIN 4.05, has krb5-appl packages installed that are affected by a vulnerability: - utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow...

NewStart CGSL MAIN 4.05 : tomcat6 Vulnerability (NS-SA-2020-0048)

The remote NewStart CGSL host, running version MAIN 4.05, has tomcat6 packages installed that are affected by a vulnerability: - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust...

NewStart CGSL MAIN 4.05 : qemu-kvm Multiple Vulnerabilities (NS-SA-2020-0049)

The remote NewStart CGSL host, running version MAIN 4.05, has qemu-kvm packages installed that are affected by multiple vulnerabilities: - libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ipreass in ipinput.c. CVE-2019-15890 - ipreass in ipinput.c in libslirp 4.0.0 has a heap-based...

NewStart CGSL MAIN 4.05 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2020-0048)

The remote NewStart CGSL host, running version MAIN 4.05, has java-1.7.0-openjdk packages installed that are affected by multiple vulnerabilities: - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

NewStart CGSL MAIN 4.05 : ipmitool Vulnerability (NS-SA-2020-0053)

The remote NewStart CGSL host, running version MAIN 4.05, has ipmitool packages installed that are affected by a vulnerability: - It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer...

NewStart CGSL MAIN 4.05 : ksh Vulnerability (NS-SA-2020-0046)

The remote NewStart CGSL host, running version MAIN 4.05, has ksh packages installed that are affected by a vulnerability: - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment...

NewStart CGSL MAIN 4.05 : sudo Vulnerability (NS-SA-2020-0047)

The remote NewStart CGSL host, running version MAIN 4.05, has sudo packages installed that are affected by a vulnerability: - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default...

NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0046)

The remote NewStart CGSL host, running version MAIN 4.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable...

GHSA-JP99-5H8W-GMXC Sandbox Breakout / Arbitrary Code Execution in @zhaoyao91/eval-in-vm

All versions of @zhaoyao91/eval-in-vm are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through this.constructor.constructor . This may allow attackers to execute arbitrary code in the system. Evaluating the payload...

GHSA-3GPC-W23C-W59W Sandbox Breakout / Arbitrary Code Execution in pitboss-ng

All versions of pitboss-ng are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through this.constructor.constructor . This may allow attackers to execute arbitrary code in the system. Evaluating the payload...

Sandbox Breakout / Arbitrary Code Execution in sandbox

All versions of sandbox are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through this.constructor.constructor . This may allow attackers to execute arbitrary code in the system. Evaluating the payload...

Exploit for Deserialization of Untrusted Data in Oracle Access_Manager

This is a Java class file, specifically the Main class from the com.axin package. The class has a single method, main, which takes an array of String arguments. The method is not implemented, as it is empty. The class has several annotations and attributes, including: LineNumberTable: This...

Prototype Pollution

deep-get-set is vulnerable to prototype pollution. The vulnerability exists as the main function does not restrict proto, constructor and prototype headers to be set in objects...

Sandbox Breakout / Arbitrary Code Execution in safe-eval

All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through Error objects. This may allow attackers to execute arbitrary code in the system. Evaluating the payload js function var ex = new Error...

CVE-2020-8108

Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80...