Important: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Critical: Red Hat Security Advisory: flash-plugin security update

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

F2fs-Tools F2fs.Fsck filesystem checking Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the getdnodeofdata functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this...

KLA11979 Security Advisory for Adobe Flash

Original advisories ADV200012 KLA11970 APSB20-58 Related products Adobe-Flash-Player-ActiveX Adobe-Flash-Player-NPAPI Adobe-Flash-Player-PPAPI CVE list KB list 4580325 Solution Install necessary updates from the KB section, that are listed in your Windows Update Windows Update usually can be...

Kentico CMS 9.0-12.0.49 - Persistent Cross Site Scripting

Exploit Title: Kentico CMS 9.0-12.0.49 - Persistent Cross Site Scripting Exploit Author: Ataberk YAVUZER CVE: CVE-2019-19493 Type: Webapps Vendor Homepage: https://www.kentico.com/ Version: 9.0-12.0.49 Date: 29-11-2019 CVE Details: https://nvd.nist.gov/vuln/detail/CVE-2019-19493 Details Persisten...

CVE-2020-13325

A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service...

Code injection

A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service...

CVE-2020-13325

Removed by vendor...

PT-2020-16299 · Jquery +2 · Jquery +2

Name of the Vulnerable Software and Affected Versions: MediaWiki MobileFrontend extension versions prior to 1.34.4 Description: The issue exists due to the mishandling of section.line during regex section line replacement from PageGateway. An attacker can exploit this by using crafted HTML to...

Denial Of Service (DoS)

binutils:bionic is vulnerable to denial of service DoS. An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils. There is a heap-based buffer over-read in bfddoprnt in bfd.c because elfobjectp in elfcode.h mishandles an eshstrndx section of typ...

Arbitrary Code Execution

binutils is vulnerable to arbitrary code execution. The vulnerability exists through a heap-based buffer overflow in processmipsspecific in readelf.c via a malformed MIPS option section...

Huawei Data Communication: Read current-configuration configuration section include multicast routing-enable

Get the sections with multicast routing-enable of the VRP device. Note: This script only stores information for other Policy Controls. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2020-21845

Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'...

Cross site scripting

Cross Site Scripting vulnerability in ePO extension in McAfee Application Control MAC prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section...

CVE-2020-7309

CVE-2020-7309 affects the ePO extension of McAfee Application Control (MAC) prior to version 8.3.1. The vulnerability is a Cross Site Scripting (XSS) flaw in the policy discovery input, allowing an attacker to inject arbitrary web script or HTML. Affected component: ePO extension’s policy discove...

Cross site scripting

TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie v...

The vulnerabilities affect the implementations of the functions read_fru_area(), read_fru_area_section(), ipmi_spd_print_fru(), ipmi_get_session_info(), ipmi_get_channel_cipher_suites(), and get_lan_param_select(). These functions are used for managing and configuring devices that support IPMI through ipmitool. This allows a malicious individual to cause service interruptions or execute arbitrary code.

The vulnerability of the implementations of several functions such as readfruarea, readfruareasection, ipmispdprintfru, ipmigetsessioninfo, ipmigetchannelciphersuites, and getlanparamselect—utilities for managing and configuring devices that support IPMI—is due to buffer overflows. Exploiting thi...

The vulnerability in the implementation of the read_section_as_string() function of the Grub2 operating system allows a attacker to influence data integrity or cause service failures.

The vulnerability of the readsectionasstring function in the Grub2 operating system’s loader is related to the issue of data operations going beyond the buffer boundaries. This is because the maximum length of a UINT32MAX is 1 byte. Exploiting this vulnerability could allow an attacker to influen...

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.

...