SAP 3D Visual Enterprise Viewer CGM File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Huawei EulerOS: Security Advisory for openldap (EulerOS-SA-2021-1638)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Siemens JT2Go DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...

CVE-2020-28382

A vulnerability has been identified in Solid Edge SE2020 All Versions SE2020MP12, Solid Edge SE2021 All Versions SE2021MP2. Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in a out of bounds write past the end of an allocated structure...

CVE-2020-27723

In versions 14.1.0-14.1.3 and 13.1.0-13.1.3.4, a BIG-IP APM virtual server processing PingAccess requests may lead to a restart of the Traffic Management Microkernel TMM process...

Exploit for CVE-2020-27949

Reading and writing memory of other processes using fasttrap T...

Denial Of Service (DoS)

openldap is vulnerable to denial of service. A NULL pointer dereference during a request for renaming RDNs allows an unauthenticated remote attacker to crash the slapd process by sending a malicious request...

GaussDB Kernel: Enabling the Auditing of Database Startup Stop Restoration and Switchover

The parameter auditdatabaseprocess specifies whether to audit database startup, stop, switchover, and restoration. After this parameter is set to on, database running status is traced. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, an...

CVE-2020-27616

ati2dblt in hw/display/ati2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process...

OSV-2020-2126 Heap-buffer-overflow in ndpi_workflow_process_packet

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26880 Crash type: Heap-buffer-overflow READ 1 Crash state: ndpiworkflowprocesspacket fuzzndpireader.c...

GLSA-202011-02 : OpenDMARC: Heap-based buffer overflow

The remote host is affected by the vulnerability described in GLSA-202011-02 OpenDMARC: Heap-based buffer overflow It was found that OpenDMARC did not properly handle DMARC aggregate reports. Impact : A remote attacker, by sending a specially crafted DMARC aggregate report, could possibly cause a...

Huawei EulerOS: Security Advisory for libosinfo (EulerOS-SA-2020-2211)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4574-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-5353

The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a...

Denial Of Service (DoS)

QEMU is vulnerable to denial of service. An infinite loop occurs while receiving packets in mcffecreceive, allowing a privileged user/process inside guest to exploit the vulnerability to crash the QEMU process on the host...

CVE-2020-13948

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

universal-prints.de Cross Site Scripting vulnerability OBB-1342497

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Improper access control

u'Improper access control can lead signed process to guess pid of other processes and access their address space' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking ...

Remote Code Execution in mongodb-query-parser

Versions of mongodb-query-parser prior to 2.0.0 are vulnerable to Remote Code Execution. The package fails to sanitize queries, allowing attackers to execute arbitrary code in the system. Parsing the following payload executes touch test-file: 'function return clearImmediate.constructor"return...

FedRAMP 101: How to get listed as “In Process”

Are you a cloud service provider working on a federal contract and need a FedRAMP authorization - but dont have a sponsor yet? Acquiring a committed government agency sponsor early in the FedRAMP process is crucial to your success and will ensure a smoother process. A major role for an agency...