kernel: integer overflow and OOB read in drivers/block/floppy.c

A vulnerability was found in the Linux kernel’s floppy disk driver implementation. A local attacker with access to the floppy device could call setgeometry in drivers/block/floppy.c, which does not validate the sect and head fields, causing an integer overflow and out-of-bounds read. This flaw ma...

CVE-2020-0187

In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-0150

In rwt3tmessagesetblocklist of rwt3t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

WordPress < 5.4.2 - Misuse of set-screen-option Leading to Privilege Escalation

Description Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation...

Prototype Pollution

kibana is vulnerable to prototype pollution. The vulnerability exists through the improper use of set function of lodash in multiple locations, allowing Object.prototype to be overwritten...

CVE-2019-20809

The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings...

MGASA-2020-0230 Updated nodejs-set-value packages fix security vulnerability

Updated nodejs-set-value package fixes security vulnerability: A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a...

Updated nodejs-set-value packages fix security vulnerability

Updated nodejs-set-value package fixes security vulnerability: A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a...

Buffer overflow vulnerability in multiple Tenda products (CNVD-2020-31397)

The Tenda AC9, among others, is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in httpd in several Tenda products. The vulnerability can be exploited to execute arbitrary code by sending the 'speeddir' parameter to the /goform/SetSpeedWan URL...

Buffer overflow vulnerability in multiple Tenda products (CNVD-2020-31409)

The Tenda AC9, among others, is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in httpd in several Tenda products. The vulnerability can be exploited to execute arbitrary code by sending the 'list' parameter to the /goform/SetNetControlList URL...

CVE-2020-13394

An issue was discovered on Tenda AC6 V1.0 V15.03.05.19multiTD01, AC9 V1.0 V15.03.05.196318CN, AC9 V3.0 V15.03.06.42multi, AC15 V1.0 V15.03.05.19multiTD01, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the...

CVE-2020-13391

An issue was discovered on Tenda AC6 V1.0 V15.03.05.19multiTD01, AC9 V1.0 V15.03.05.196318CN, AC9 V3.0 V15.03.06.42multi, AC15 V1.0 V15.03.05.19multiTD01, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the...

Node.js third-party modules: [object-path-set] Prototype pollution

I would like to report a prototype pollution vulnerability in object-path-set module. It allows an attacker to inject properties on Object.prototype. Module module name: object-path-set version: 1.0.0 npm page: https://www.npmjs.com/package/object-path-set Module Description set values in...

Node.js third-party modules: [keyd] Prototype pollution

I would like to report a prototype pollution vulnerability in keyd module. It allows an attacker to inject properties on Object.prototype. Module module name: keyd version: 1.3.4 npm page: https://www.npmjs.com/package/keyd Module Description A small library for using and manipulating key paths i...

DEBIAN-CVE-2020-11058

In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdpreadfontcapabilityset could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0...

UBUNTU-CVE-2020-11058

In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdpreadfontcapabilityset could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0...

UBUNTU-CVE-2019-20795

iproute2 before 5.1.0 has a use-after-free in getnetnsidfromname in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors such as C library...

Rocket Coin Digital Error Vulnerability

Rocket Coin XRC is an Ether-based digital currency.An integer overflow vulnerability exists in the 'multiTransfer' function in XRC. An attacker can use this vulnerability to set the balance of any user...

GlobeCoin Digital Error Vulnerability

GlobeCoin GLB is an ethereum-based digital currency.An integer overflow vulnerability exists in the 'transfertokensafterICO' function in GLB. An attacker can use this vulnerability to set the balance of any user...

CVE-2019-19514

Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic repeater settings via an SSID...