PT-2020-16458 · Acme +1 · Mini Httpd +1

Name of the Vulnerable Software and Affected Versions: Belkin LINKSYS WRT160NL version 1.0.04.002 US 20130619 Description: The issue is a stack-based buffer overflow due to the use of sprintf in the create dir function of mini httpd. This can lead to arbitrary code execution if successfully...

CVE-2017-17522 affecting package python2 2.7.18-14

CVE-2017-17522 affecting package python2 2.7.18-14. A patched version of the package is available...

CVE-2020-8623 affecting package bind 9.16.3-3

CVE-2020-8623 affecting package bind 9.16.3-3. A patched version of the package is available...

CVE-2014-8141 affecting package unzip 6.0-19

CVE-2014-8141 affecting package unzip 6.0-19. A patched version of the package is available...

CVE-2014-9636 affecting package unzip 6.0-19

CVE-2014-9636 affecting package unzip 6.0-19. A patched version of the package is available...

CVE-2020-15216

In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision...

CVE-2020-15216

CVE-2020-15216 affects the Go package goxmldsig (XML Digital Signatures, pure Go). Before 1.1.0, a crafted XML file can cause signature validation to be bypassed, allowing an altered document to appear signed. A patch is available: upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb961...

CVE-2020-15216 Signature Validation Bypass in goxmldsig

In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision...

PT-2020-4181 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers affected versions not specified Cisco IOS XE Software for Cisco Catalyst 9000 Series affected versions not specified Description: The issue is related to insufficient...

GHSA-699Q-WCFF-G9MJ Unsafe deserialization in Yii 2

Impact Remote code execution in case application calls unserialize on user input containing specially crafted string. Patches 2.0.38 Workarounds Add the following to BatchQueryResult.php: php public function sleep throw new \BadMethodCallException'Cannot serialize '.CLASS; public function wakeup...

CVE-2018-20573 affecting package yaml-cpp 0.6.2-6

CVE-2018-20573 affecting package yaml-cpp 0.6.2-6. A patched version of the package is available...

GHSA-F8RJ-4V7G-P5RJ Directory Traversal in jansenstuffpleasework

Affected versions of jansenstuffpleasework resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...

PT-2020-6427 · Privoxy +3 · Privoxy +3

Name of the Vulnerable Software and Affected Versions: Privoxy versions prior to 3.0.29 Description: A memory leak issue was found in the show-status CGI handler when no action files are configured. This issue can be exploited by a remote attacker to cause a denial of service. Recommendations: Fo...

Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management

Summary Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management Vulnerability Details CVEID: CVE-2020-2734 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the RDBMS/Optimizer component could allow an authenticated attacker to...

PT-2020-14549 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations without requiring authentication. The flaw exists within the ajax dashboard.php file,...

PT-2020-14546 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to write arbitrary files on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...

EC-CUBE vulnerable to directory traversal

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains a directory traversal vulnerability CWE-22. EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LTD. coordinated under the Information Security Early Warning...

PT-2020-6936 · Glib +7 · Glib +7

Name of the Vulnerable Software and Affected Versions: GLib affected versions not specified Description: A flaw was found in GLib where GVariant deserialization is vulnerable to an exponential blowup issue. This issue can cause excessive processing when a crafted GVariant is deserialized, leading...

PT-2020-3604 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33 Description: A vulnerability in the stats method of...

VMSA-2020-0009:vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities

Advisory ID: VMSA-2020-0009.1 CVSSv3 Range: 7.5-10.0 Issue Date:2020-05-08 Updated On: 2020-05-15 Initial Advisory CVEs: CVE-2020-11651, CVE-2020-11652 Synopsis: vRealize Operations Application Remote Collector ARC addresses Authentication Bypass and Directory Traversal vulnerabilities...