BELL-CVE-2020-2800 CVE-2020-2800 does not affect BellSoft software

Bulletin has no description...

Cumulative Update 41 for Microsoft Dynamics NAV 2017 (Build 30219)

Cumulative Update 41 for Microsoft Dynamics NAV 2017 Build 30219 This article applies to Microsoft Dynamics NAV 2017 for all countries and all language locales. An information disclosure vulnerability exists if Microsoft Dynamics Business Central/NAV on-premises does not correctly hide the value ...

Denial Of Service (DoS)

mysql is vulnerable to denial of service. A flaw was found in the way MySQL handled SELECT statements with subqueries in the WHERE clause, that assigned results to a user variable. A remote, authenticated attacker could use this flaw to crash the MySQL server daemon mysqld. This issue only caused...

CVE-2020-11656

CVE-2020-11656 affects SQLite up to version 3.31.1, where the ALTER TABLE implementation has a use-after-free, demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. Affected products/contexts in the linked documents consistently reference SQLite 3.31.1 or earlier. Some s...

Fedora: Security Advisory for phpMyAdmin (FEDORA-2020-25f3aea389)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-11498

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...

CVE-2019-7755

In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection...

CVE-2019-7755

In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection...

Design/Logic Flaw

When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox 74...

Fake Coronavirus ‘Vaccine’ Website Busted in DoJ Takedown

The Department of Justice has raised its first federal court action against online fraud relating to the coronavirus pandemic, on Sunday taking steps to shutter a fraudulent website that claimed to give away free coronavirus vaccines. The website, “coronavirusmedicalkit.com,” was purporting to gi...

CVE-2020-6813

When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox 74...

QIWI: Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete"

Summary The API interface on https://contactws.contact-sys.com:3456/ accepts a body to interact with the server's AppServ object. Because of insufficient input validation, an attacker can abuse the ID parameter to inject arbitrary SQL statements into the underlying prepared statement. This leads ...

[20200306] - Core - SQL injection in Featured Articles menu parameters

The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the "Featured Articles" frontend menutype...

InnoGames: Create any military unit in any age

Summary of the Issue It's possible to create a sniperbot unit in the bronze age by sending a crafted request to xs1.forgeofempires.com/game/json endpoint Steps to reproduce 1 Login to https://xs1.forgeofempires.com with Chrome browser while observing network tab. 2 Open the poc20200227.html F7304...

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the transaction parameter, the server replies with a verbose error showing where the application resides the...

Denial Of Service (DoS)

libyang.so is vulnerable to denial of service DoS. It is due to the use of if-feature statement inside a list key node without defining the feature used, causing a SIGSEGV signal in the function lysparsepathand crashing the application...

CVE-2019-20394

A double-free flaw occurs in libyang in function yyparse when a type statement is used in a notification statement. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution...

CVE-2019-20392

An invalid memory access flaw was discovered in libyang in the function resolvefeaturevalue when an if-feature statement is used inside a list key node and the feature used is not defined. Applications that use libyang to process untrusted input YANG files may crash...

CVE-2019-20391

An invalid memory access flaw occurs in libyang in the function resolvefeaturevalue when an if-feature statement is used inside a bit. Applications that use libyang to process untrusted input YANG files may crash...

Denial Of Service (DoS)

libyang.so is vulnerable to denial of service DoS. A double free error occurs due to the use of type statement in notification statement in the function lysparsepath, causing an application or arbitrary code execution...