Security fix for the ALT Linux 8 package sudo version 1:1.9.2-alt1

Aug. 30, 2020 Evgeny Sinelnikov 1:1.9.2-alt1 - Update to latest release of the sudo 1.9 Fixes: CVE-2019-19232, CVE-2019-19234 - Added sudo event and I/O log server - Added send sudo I/O log to log server utility - Added selinux support - Added native audit support...

RUSTSEC-2020-0034 Multiple security issues including data race, buffer overflow, and uninitialized memory drop

arr crate contains multiple security issues. Specifically, 1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary. 2. Index and IndexMut implementation does not check the array bound. 3. Array::newfromtemplate drops uninitialized memo...

Multiple security issues including data race, buffer overflow, and uninitialized memory drop

arr crate contains multiple security issues. Specifically, 1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary. 2. Index and IndexMut implementation does not check the array bound. 3. Array::newfromtemplate drops uninitialized memo...

CVE-2020-15588

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...

Shopify: STAFF "No-Permissions" on the Store can retrieve the details Order via exchangeReceiptSend

I discovered a bug in an android mobile app that allowed STAFF No Permissions using Receipt Send to Mobile of any Order information in the Store. Steps to reproduce: 1 STAFF account is created and assigned "No Permissions" on a Shop by Owner/Admin 2 STAFF then login to shop. Notice that STAFF is...

Verint Workforce Optimization (WFO) Injection Vulnerability

Verint Workforce Optimization is a unified suite of software and services for capturing interactions and managing employee performance across an enterprise or target area. A security vulnerability exists in Verint Workforce Optimization WFO version 15.2. An attacker could exploit the vulnerabilit...

CVE-2020-13480

Verint Workforce Optimization WFO 15.2 allows HTML injection via the "send email" feature...

CVE-2020-13480

Verint Workforce Optimization WFO 15.2 allows HTML injection via the "send email" feature...

Design/Logic Flaw

Verint Workforce Optimization WFO 15.2 allows HTML injection via the "send email" feature...

CVE-2020-13480

The connected records confirm CVE-2020-13480 affects Verint Workforce Optimization (WFO) version 15.2 and is caused by HTML injection via the Send Email feature. The vulnerability details indicate an injection in a functional path that could affect email composition/handling within WFO. No exploi...

CVE-2020-13480

Verint Workforce Optimization WFO 15.2 allows HTML injection via the "send email" feature...

send-freedom.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1182782 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

AbsoluteTelnet 11.21 - (Username) Denial of Service Exploit

Exploit Title: AbsoluteTelnet 11.21 - 'Username' Denial of Service PoC Discovered by: Xenofon Vassilakopoulos Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.21.exe Tested Version: 11.21 Vulnerability Type: Denial of...

UBUNTU-CVE-2019-20797

An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer overflow in client and server code responsible for handling received UDP packets, as demonstrated by ISendPacket or ISendPacketTo in inetwork.c...

CVE-2020-11016

IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue...

Design/Logic Flaw

IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue...

PT-2020-6823 · Teeworlds +4 · Teeworlds +4

Name of the Vulnerable Software and Affected Versions: Teeworlds versions 0.7.x through 0.7.4 Teeworlds version 0.7.5 is not affected, so the range can be simplified to versions prior to 0.7.5. Corrected version: Teeworlds versions prior to 0.7.5 Description: The issue is related to insufficient...

CVE-2016-11046

An issue was discovered on Samsung mobile devices with JBP4.3, KK4.4, and L5.0/5.1 software. Because of a misused whitelist, attackers can reach the radio layer aka RIL or RILD to place calls or send SMS messages. The Samsung ID is SVE-2016-5733 May 2016...

AIDA64 Engineer 6.20.5300 - (Report File) filename Buffer Overflow (SEH) Exploit

Exploit Title: AIDA64 Engineer 6.20.5300 - 'Report File' filename Buffer Overflow SEH Exploit Author: Hodorsec Version: v6.20.5300 Software Link: http://download.aida64.com/aida64engineer620.exe Vendor Homepage: https://www.aida64.com/products/aida64-engineer Tested on: Win7 x86 SP1 - Build 7601...

CVE-2017-5651

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...