Ansible: two random password lookups in same task return same value

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords a...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2020-16693)

Mozilla Firefox Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. An information disclosure vulnerability exists in Mozilla Firefox versions prior to 74. The vulnerability can be exploited to read local files via a fetch request from a web extension with all-urls...

chromium-browser: Insufficient policy enforcement in media

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

The vulnerability of the way predictor implementation in AMD CPUs’ L1D cache architecture allows a hacker to gain access to memory on the same CPU’s physical core.

The vulnerability of the way predictor’s implementation for first-level cache data on AMD CPUs’ L1D cache relates to the fact that accessing the same memory cell from a different virtual address may cause that cell to be evicted from the L1D cache. Exploiting this vulnerability could allow a remo...

UBUNTU-CVE-2020-6809

When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox 74...

CVE-2020-6420

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

Insecure Cross-Origin Resource Sharing Configuration

Cross Origin Resource Sharing CORS is an HTML5 technology which gives modern web browsers the ability to bypass restrictions implemented by the Same Origin Policy. The Same Origin Policy requires that both the JavaScript and the page are loaded from the same domain in order to allow JavaScript to...

kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver

A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an attacker on the same WiFi physical network segment could cause a system crash, resulting in a denial of service, or potentially execute arbitrary code. This...

kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver

A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an attacker on the same WiFi physical network segment could cause a system crash, resulting in a denial of service, or potentially execute arbitrary code. This...

CVE-2020-5525

Aterm series Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen...

CVE-2020-5524

Aterm series Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function...

Trend Micro Vulnerability Protection DLL Sideloading Vulnerability

Trend Micro Vulnerability Protection is an endpoint vulnerability protection product that provides one step faster and stronger endpoint protection. A DLL side-loading vulnerability exists in Trend Micro Vulnerability Protection 2.0. The vulnerability can be exploited by an attacker via the produ...

CVE-2020-8601

Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory...

CVE-2020-1692

Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course...

[ASA-202002-10] webkit2gtk: multiple issues

Arch Linux Security Advisory ASA-202002-10 ========================================== Severity: High Date : 2020-02-17 CVE-ID : CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 Package : webkit2gtk Type : multiple issues Remote : Yes Link :...

Nord Security: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information

Summary: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. Description: An HTML5 cross-origin resource sharing CORS policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy ...

HackerOne: 404-response contains debug-information with all headers

Summary: When requesting a page that does not exist under www.hackerone.com the page returns a hidden HTML-element debugData that reflects all headers in the GET-request, including http-only cookies. Description: This in itself is not a serious vulnerablity, but as the program description mention...

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in Cisco products. The vulnerabilities are all in the Cisco Discovery Protocol CDP. The vulnerabilities allow an unauthenticated malicious person using a rogue CDP packet to establish a Denial-of-Service and potentially execute arbitrary code execution. Because CDP...

CVE-2020-3111

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discove...

PT-2020-1657 · Cisco · Cisco Fxos +3

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software affected versions not specified Cisco IOS XR Software affected versions not specified Cisco NX-OS Software affected versions not specified Description: A vulnerability in the Cisco Discovery Protocol implementation could...