GHSA-CWCP-6C48-FM7M Unsafe eval() in summit allows arbitrary code execution

Affected versions of summit allow attackers to execute arbitrary commands via collection names when using the PouchDB driver. Recommendation No direct patch is available at this time. Currently, the best option to mitigate the issue is to avoid using the PouchDB driver, as the package author has...

PT-2020-3263 · Oracle · Oracle Help Technologies

Name of the Vulnerable Software and Affected Versions: Oracle Help Technologies versions 11.1.1.9.0 through 12.2.1.3.0 Description: The issue is related to insufficient input validation in the Web UIX component of Oracle Help Technologies, allowing an unauthenticated attacker with network access...

PT-2020-14549 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations without requiring authentication. The flaw exists within the ajax dashboard.php file,...

PT-2020-14546 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to write arbitrary files on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...

PT-2020-14538 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax ftp...

PT-2020-6936 · Glib +7 · Glib +7

Name of the Vulnerable Software and Affected Versions: GLib affected versions not specified Description: A flaw was found in GLib where GVariant deserialization is vulnerable to an exponential blowup issue. This issue can cause excessive processing when a crafted GVariant is deserialized, leading...

Zero-Day Warning: It's Possible to Hack iPhones Just by Sending Emails

Watch out Apple users! The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims. The flaws could eventually let remote hackers...

PT-2020-2027

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions prior to the fixed version Description The issue is related to insufficient access control in the VMware Directory Service vmdir of VMware vCenter Server. This can allow a remote attacker to elevate their...

PT-2020-8698 · Ecryptfs +1 · Ecryptfs +1

Name of the Vulnerable Software and Affected Versions: Samsung mobile devices with M6.0 except MSM8909 SC77xx/9830 exynos3470/5420 Samsung mobile devices with N7.0 except MSM8939 Samsung mobile devices with N7.1 except MSM8996 SDM6xx/M6737T Samsung mobile devices with N7.x except exynos9610/9820...

PT-2020-10042 · Esoms · Esoms

Name of the Vulnerable Software and Affected Versions: eSOMS versions 4.0 to 6.0.3 Description: The issue is related to the lack of password complexity settings enforcement, potentially leading to lower access security due to insecure user passwords. Recommendations: For eSOMS versions 4.0 to...

PT-2020-6504 · D Link · D-Link Dap-2020

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: The issue is related to a stack-based buffer overflow when handling the var:page parameter provided to the "webproc" endpoint. This occurs due to the lack of proper validation of the length of...

PT-2020-20723 · D Link · D-Link Dir-615

Name of the Vulnerable Software and Affected Versions: D-Link DIR-615Jx10 devices affected versions not specified Description: The issue is a stack-based buffer overflow in the fmwlan.c file. It occurs via the formWlanSetup Wizard webpage parameter when the f radius ip1 is malformed...

PT-2020-20566 · Proftpd +2 · Proftpd +2

Name of the Vulnerable Software and Affected Versions: ProFTPD version 1.3.7 Description: The issue is an out-of-bounds OOB read vulnerability in the mod cap module via the cap to text function in cap text.c. Recommendations: For ProFTPD version 1.3.7, consider disabling the mod cap module until ...

PT-2020-1558 · Apache +1 · Apache +1

Name of the Vulnerable Software and Affected Versions: rConfig version 3.9.3 Description: An issue in rConfig allows an attacker to bypass local security restrictions due to insecure privilege management in the /etc/sudoers file. This occurs after an update to the rConfig specific Apache...

PT-2019-6188 · Struktur Ag +4 · Libde265 +4

Name of the Vulnerable Software and Affected Versions: libde265 version 1.0.4 Description: The issue is related to a segmentation fault in the apply sao internal function, which can be exploited via a crafted file, potentially allowing a remote attacker to cause a denial of service. The...

PT-2019-5697 · Red Hat · Cloudforms Management Engine

Name of the Vulnerable Software and Affected Versions: CloudForms Management Engine versions 5.10 through 5.11 Description: The issue is related to insufficient input validation, allowing a remote attacker to elevate privileges to root level and execute arbitrary code. An attacker logged into the...

PT-2019-3537 · Zingbox · Zingbox Inspector

Name of the Vulnerable Software and Affected Versions: Zingbox Inspector versions 1.286 and earlier Description: A command injection issue exists, allowing an authenticated user to execute arbitrary system commands in the CLI. The vulnerability is also related to the network traffic handler, whic...

PT-2019-4006 · D Link · Dhp-1565 +9

Name of the Vulnerable Software and Affected Versions: D-Link DIR-655C versions D-Link DIR-866L versions D-Link DIR-652 versions D-Link DHP-1565 versions D-Link DIR-855L versions D-Link DAP-1533 versions D-Link DIR-862L versions D-Link DIR-615 versions D-Link DIR-835 versions D-Link DIR-825...

PT-2019-14504 · Symonics +2 · Libmysofa +2

Name of the Vulnerable Software and Affected Versions: Symonics libmysofa version 0.7 Description: The issue is related to an invalid read in the getDimension function located in hrtf/reader.c. This problem can lead to unintended behavior. Recommendations: For Symonics libmysofa version 0.7,...

PT-2019-3070 · Cisco · Cisco Integrated Management Controller

Name of the Vulnerable Software and Affected Versions: Cisco Integrated Management Controller IMC affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to injec...