2241 matches found
CVE-2020-0940
An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1001, CVE-2020-1006, CVE-2020-1017...
Windows Push Notification Service Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this...
Windows Push Notification Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To...
Windows Push Notification Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To...
Windows Push Notification Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To...
Buffer Overflow Vulnerability in Multiple Samsung Products
The Samsung Galaxy S6, among others, is a smartphone from the South Korean company Samsung Samsung. A buffer overflow vulnerability exists in the baseband process in several Samsung products powered by the Shannon333 chipset. The vulnerability can be exploited by an attacker to execute code via a...
SQL Injection Vulnerability in Laikepui E-commerce System of Hunan One Eight Network Technology Co. Ltd (CNVD-2020-25309)
Laike e-commerce with independent copyright system, is an integrated e-commerce system all the functions of the platform. There is a SQL injection vulnerability in the Laike Push e-commerce system of Hunan One Eight Network Technology Co. Ltd, which can be exploited by an attacker to obtain...
SQL Injection Vulnerability in Laike Push E-commerce System of Hunan One Eight Network Technology Co. Ltd (CNVD-2020-25107)
Laikatsu Push e-commerce system is a platform that integrates all the functions of an e-commerce system. Hunan One Eight Network Technology Co., Ltd Laike Push e-commerce system has a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the...
SQL Injection Vulnerability in Laikepui E-commerce System of Hunan One Eight Network Technology Co. Ltd (CNVD-2020-25106)
Laikatsu Push e-commerce system is a platform that integrates all the functions of an e-commerce system. Hunan One Eight Network Technology Co., Ltd Laike Push e-commerce system has a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the...
SQL Injection Vulnerability in the E-commerce System of Hunan One Eight Network Technology Co.
Laike e-commerce with independent copyright system, is an integrated e-commerce system all the functions of the platform. There is a SQL injection vulnerability in the Laike Push e-commerce system of Hunan One Eight Network Technology Co. Ltd, which can be exploited by an attacker to obtain...
SQL Injection Vulnerability in Laikepui E-commerce System of Hunan One Eight Network Technology Co. Ltd (CNVD-2020-25314)
Laike e-commerce with independent copyright system, is an integrated e-commerce system all the functions of the platform. There is a SQL injection vulnerability in the Laike Push e-commerce system of Hunan One Eight Network Technology Co. Ltd, which can be exploited by an attacker to obtain...
SQL Injection Vulnerability in Laikepui E-commerce System of Hunan One Eight Network Technology Co. Ltd (CNVD-2020-25312)
Laike e-commerce with independent copyright system, is an integrated e-commerce system all the functions of the platform. There is a SQL injection vulnerability in the Laike Push e-commerce system of Hunan One Eight Network Technology Co. Ltd, which can be exploited by an attacker to obtain...
Command Execution Vulnerability in Coupon Pusher CMS
Push Couponer CMS is a completely free Taobao coupon website source code program. A command execution vulnerability exists in Push Couponer CMS, which can be exploited by attackers to execute malicious code...
CVE-2020-10952
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images...
CVE-2020-10952
CVE-2020-10952 affects GitLab Community and Enterprise Editions (GitLab CE/EE) 8.11–12.9.1. An access control error allows blocked users to pull and push docker images, enabling unintended image access/manipulation. According to the linked advisories, GitLab released security updates fixing this ...
TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services
The malware authors behind TrickBot banking Trojan have developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or relatively more secure push notifications, and complete fraudulent transactions. The Android app, called "TrickMo" by I...
CVE-2019-10803
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.jsL139". This could be abused by an attacker to inject arbitrary commands...
CVE-2019-10803
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.jsL139". This could be abused by an attacker to inject arbitrary commands...
CVE-2019-10803
CVE-2019-10803 affects push-dir up to version 0.4.1, enabling OS command injection via unsafely passed argument opt.branch to the git command in index.js (line ~139). Connected sources (Red Hat, OSV, Snyk, Veracode, GHSA) consistently describe arbitrary command execution stemming from lack of val...
CVE-2019-10803
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.jsL139". This could be abused by an attacker to inject arbitrary commands...