CVE-2020-10989

An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter...

The vulnerability of the Ceph storage system, related to the failure to handle CRLF sequences in HTTP headers, allows attackers to inject arbitrary HTTP headers.

The vulnerability of the Ceph storage system is related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTTP headers, such as Set-Cookie, in order to install arbitrary cookie files...

PT-2022-2175 · Pjsip +3 · Pjsip +3

Name of the Vulnerable Software and Affected Versions: PJSIP versions up to and including 2.11.1 Description: The issue is related to the use of memory after it has been freed, potentially causing undefined behavior such as dialog list collision, which can lead to an endless loop. This occurs in ...

OSV-2020-704 Heap-buffer-overflow in BEInt<unsigned char, 1>::set

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13736 Crash type: Heap-buffer-overflow WRITE 1 Crash state: BEInt::set CFF::CFFIndex ::setoffsetat bool CFF::FDArray ::serializeCFF::cff2fontdict...

OSV-2020-369 UNKNOWN READ in ot::TimerScheduler::Remove

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13383 Crash type: UNKNOWN READ Crash state: ot::TimerScheduler::Remove ot::Mle::Mle::Stop otThreadSetEnabled...

WordPress 4.9.x < 4.9.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exist in the block editor. - A cross-site scripting XSS vulnerability exist in media files. - An open redirect vulnerability exist...

Fedora 31 : fwupd (2020-ad1c74c2a1)

New upstream release - Actually reload the DFU device after upgrade has completed - Capture the dock SKU in report metadata - Correctly set the Logitech device protocol - Do not use shim for non-secure boot configurations - Ensure that the DeviceID is set for child devices - Fix an error when...

The vulnerability of the set function in the structured data search package SDS of the package manager NPM allows a attacker to execute arbitrary code.

The vulnerability of the set function in the structured data search package SDS of the package manager NPM arises due to insufficient cleaning of the data provided by users. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

WordPress 4.7.x < 4.7.18 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exist in the block editor. - A cross-site scripting XSS vulnerability exist in media files. - An open redirect vulnerability exist...

WordPress 4.3.x < 4.3.24 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exist in the block editor. - A cross-site scripting XSS vulnerability exist in media files. - An open redirect vulnerability exist...

expat: large number of colons in input makes parser consume high amount of resources, leading to DoS

It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service...

Design/Logic Flaw

Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile in Kamorta, QCS605, Rennell, Saipan, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR113...

Security lock can be bypassed by changing the system date

Given an attacker has physical access to the device, a faulty timestamp check allowed to bypass the app lock by setting the system date to the past...

CVE-2020-4050

In affected versions of WordPress, misuse of the set-screen-option filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in...

DEBIAN-CVE-2020-4050

In affected versions of WordPress, misuse of the set-screen-option filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in...

UBUNTU-CVE-2020-4050

In affected versions of WordPress, misuse of the set-screen-option filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in...

CVE-2020-4050

In affected versions of WordPress, misuse of the set-screen-option filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in...

CVE-2020-4050

CVE-2020-4050 (WordPress) is a vulnerability where misusing the set-screen-option filter’s return value can enable arbitrary user meta fields to be saved. It requires an admin to install a plugin that misuses the filter, after which low-privilege users may exploit it. The issue was fixed in WordP...

CVE-2020-4050

In affected versions of WordPress, misuse of the set-screen-option filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in...

PT-2020-17852 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.2 WordPress versions 5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34 Description: The issue arises from the misuse of the...