AZL-6927 CVE-2020-24332 affecting package trousers for versions less than 0.3.14-7

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack...

UBUNTU-CVE-2020-24332

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack...

PT-2020-3584 · Apple · Macos Catalina +2

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 Description: An issue existed in the handling of environment variables, which has been addressed with improved validation. This issue may allow ...

python-psutil: Double free because of refcount mishandling

A double free issue has been discovered in python-psutil because of the mishandling of refcounts while converting system data into Python objects in functions like psutildiskpartitions, psutilusers, psutilnetifaddrs, and others. In particular cases, a local attacker may be able to get code...

python-psutil: Double free because of refcount mishandling

A double free issue has been discovered in python-psutil because of the mishandling of refcounts while converting system data into Python objects in functions like psutildiskpartitions, psutilusers, psutilnetifaddrs, and others. In particular cases, a local attacker may be able to get code...

Siemens LOGO! TDE service "NFSAccess" Delete Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the TDE service functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted network request can cause be used to delete critical system data resulting in a denial of service. An attacker...

Microsoft Windows Graphics Device Interface Information Disclosure Vulnerability (CNVD-2020-33802)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Graphics Device Interface GDI is one of the graphic device interfaces. An...

SAP Adaptive Server Enterprise Information Disclosure Vulnerability (CNVD-2020-29753)

SAP Adaptive Server Enterprise is a relational database server from SAP. An information disclosure vulnerability exists in SAP Adaptive Server Enterprise. An attacker could exploit this vulnerability to obtain account credentials, manipulate system data, and impact system availability...

CVE-2020-6252

Under certain conditions SAP Adaptive Server Enterprise Cockpit, version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact syst...

Information disclosure

Under certain conditions SAP Adaptive Server Enterprise Cockpit, version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact syst...

CVE-2020-6252

Under certain conditions SAP Adaptive Server Enterprise Cockpit, version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact syst...

SQL Injection Vulnerability in UQCMS Cloud Business System (CNVD-2020-26528)

UQCMS cloud business system is the program using PHP + MYSQL template using smarty template, front and back end is separated from a B2B2C e-commerce software. UQCMS cloud business system SQL injection vulnerability, an attacker can use the vulnerability to obtain sensitive information in the...

Double Free in psutil

psutil aka python-psutil through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object...

The vulnerability of microprogramming software for Intel processors and Intel Processor Graphics lies in the lack of protection for system data, which allows attackers to disclose protected information.

The vulnerability of microprogrammed software in Intel processors and Intel Processor Graphics is related to the lack of protection for system data. Exploiting this vulnerability can allow attackers to disclose protected information...

CVE-2020-3158

A vulnerability in the High Availability HA service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password...

CVE-2020-3158

A vulnerability in the High Availability HA service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password...

Vulnerabilities fixed in Nginx

A malicious party could exploit the vulnerability to obtain system data obtain system data. To exploit the vulnerability, the malicious party must make a specially prepared HTTP request. The developers of Nginx have made updates available to fix the vulnerability. You can download the updates fro...

Debian DLA-1998-1 : python-psutil security update

It was discovered that there were multiple double free vulnerabilities in python-psutil, a Python module providing convenience functions for accessing system process data. This was caused by incorrect reference counting handling within for/while loops that convert system data into said Python...

Arbitrary Code Execution

python-psutil is vulnerable to arbitrary code execution. Mishandling of refcount within a while or for loop that converts system data into a Python object results in a double-free bug and allows for execution of arbitrary code...

CVE-2019-18874

psutil aka python-psutil through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object...