4603 matches found
CVE-2020-15216 Signature Validation Bypass in goxmldsig
In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision...
CVE-2020-15216
CVE-2020-15216 affects the Go package goxmldsig (XML Digital Signatures, pure Go). Before 1.1.0, a crafted XML file can cause signature validation to be bypassed, allowing an altered document to appear signed. A patch is available: upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb961...
PT-2020-4181 · Cisco · Cisco Ios Xe
Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers affected versions not specified Cisco IOS XE Software for Cisco Catalyst 9000 Series affected versions not specified Description: The issue is related to insufficient...
GHSA-699Q-WCFF-G9MJ Unsafe deserialization in Yii 2
Impact Remote code execution in case application calls unserialize on user input containing specially crafted string. Patches 2.0.38 Workarounds Add the following to BatchQueryResult.php: php public function sleep throw new \BadMethodCallException'Cannot serialize '.CLASS; public function wakeup...
CVE-2018-20573 affecting package yaml-cpp 0.6.2-6
CVE-2018-20573 affecting package yaml-cpp 0.6.2-6. A patched version of the package is available...
GHSA-F8RJ-4V7G-P5RJ Directory Traversal in jansenstuffpleasework
Affected versions of jansenstuffpleasework resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...
PT-2020-6427 · Privoxy +3 · Privoxy +3
Name of the Vulnerable Software and Affected Versions: Privoxy versions prior to 3.0.29 Description: A memory leak issue was found in the show-status CGI handler when no action files are configured. This issue can be exploited by a remote attacker to cause a denial of service. Recommendations: Fo...
Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management
Summary Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management Vulnerability Details CVEID: CVE-2020-2734 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the RDBMS/Optimizer component could allow an authenticated attacker to...
PT-2020-14549 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations without requiring authentication. The flaw exists within the ajax dashboard.php file,...
PT-2020-14546 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to write arbitrary files on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...
EC-CUBE vulnerable to directory traversal
Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains a directory traversal vulnerability CWE-22. EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LTD. coordinated under the Information Security Early Warning...
PT-2020-6936 · Glib +7 · Glib +7
Name of the Vulnerable Software and Affected Versions: GLib affected versions not specified Description: A flaw was found in GLib where GVariant deserialization is vulnerable to an exponential blowup issue. This issue can cause excessive processing when a crafted GVariant is deserialized, leading...
PT-2020-3604 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33 Description: A vulnerability in the stats method of...
VMSA-2020-0009:vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities
Advisory ID: VMSA-2020-0009.1 CVSSv3 Range: 7.5-10.0 Issue Date:2020-05-08 Updated On: 2020-05-15 Initial Advisory CVEs: CVE-2020-11651, CVE-2020-11652 Synopsis: vRealize Operations Application Remote Collector ARC addresses Authentication Bypass and Directory Traversal vulnerabilities...
kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS
A vulnerability found in the Linux kernel's WMM implementation for Marvell WiFi-based hardware mwifiex could lead to a denial of service or allow arbitrary code execution. For this flaw to be executed, the attacker must be both local and privileged. There is no mitigation to this flaw. A patch ha...
CVE-2020-5292
CVE-2020-5292 – Leantime SQL injection (time-based blind) : Leantime before versions 2.0.15 and 2.1-beta3 is vulnerable to SQL injection via an unescaped parameter in a POST to /tickets/showKanban. The vulnerable parameter is “searchUsers” (internally named “users” in class.tickets.php) and requi...
HP ThinPro 6.x / 7.x Privileged Command Injection Vulnerability
HP ThinPro - Privileged command injection =============================================================================== Identifiers ------------------------------------------------- CVE-2019-18910 CVSSv3 score ------------------------------------------------- 7.6...
HP ThinPro 6.x / 7.x Citrix Command Injection Vulnerability
HP ThinPro - Citrix command injection =============================================================================== Identifiers ------------------------------------------------- CVE-2019-18909 CVSSv3 score ------------------------------------------------- 6.1 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N...
HP ThinPro 6.x / 7.x Privileged Command Injection
HP ThinPro - Privileged command injection =============================================================================== Identifiers ------------------------------------------------- CVE-2019-18910 CVSSv3 score ------------------------------------------------- 7.6...
HP ThinPro 6.x / 7.x Information Disclosure
HP ThinPro - Information disclosure =============================================================================== Identifiers ------------------------------------------------- CVE-2019-16285 CVSSv3 score ------------------------------------------------- 6.1 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N...