568 matches found
Vulnerabilities fixed in Red Hat OpenShift Virtualization
Red Hat has fixed multiple vulnerabilities in OpenShift Virtualization. The vulnerabilities potentially enable a malicious person able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Access to system data Increased user privileges Red Hat has released...
Win911 Mobile Server Security Vulnerability
Win911 Mobile Server is a server-side program used in industrial environments to provide interactive data support for mobile apps from Win911 USA. A security vulnerability exists in Win911 Mobile Server V2.5, which can be exploited by an attacker to overwrite the service executable and execute...
cn.ibizlab.plugin:ibiz-cloud-ai-baichuanai (>=8.1.0.371 <=8.1.0.578.187), cn.ibizlab.plugin:ibiz-cloud-ai-core (>=8.1.0.304 <=8.1.0.578.187) +438 more potentially affected by CVE-2020-17521 via org.codehaus.groovy:groovy-all (>=2.5.0 <=2.5.13)
org.codehaus.groovy:groovy-all MAVEN version =2.5.0, =8.1.0.371, =8.1.0.304, =8.1.0.371, =8.1.0.516, =8.1.0.304, =8.1.0.286, =8.1.0.286, =8.1.0.371, =8.1.0.371, =8.1.0.286, =8.1.0.286, =8.1.0.371, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.567.22 and more Source cves: CVE-2020-17521 Source...
CVE-2020-26910
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25...
Wireshark Resource Management Error Vulnerability (CNVD-2020-49576)
Wireshark formerly known as Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in Wireshark versions 3.2.0 through 3.2.5. An attacker...
OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...
CVE-2020-14635
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Logging. Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Obje...
PT-2020-3530
Name of the Vulnerable Software and Affected Versions Java SE versions 7u261 and 8u251 Java SE Embedded version 8u251 Description The issue is related to insufficient input validation in the Libraries component of Oracle Java SE and Java SE Embedded. It can be exploited by an unauthenticated...
PT-2020-4071 · Apple · Itunes For Windows +7
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.5 iPadOS versions prior to 13.5 tvOS versions prior to 13.4.5 watchOS versions prior to 6.2.5 Safari versions prior to 13.1.1 iTunes for Windows versions prior to 12.10.7 iCloud for Windows versions prior to 11.2 and...
PT-2020-4070 · Apple · Macos Catalina +5
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.5 iPadOS versions prior to 13.5 macOS Catalina versions prior to 10.15.5 tvOS versions prior to 13.4.5 watchOS versions prior to 6.2.5 Description: The issue is related to an out-of-bounds write problem, which can be...
Ruby on Rails Cross-Site Request Forgery Vulnerability (CNVD-2020-32423)
Ruby on Rails is a set of Rails team based on the Ruby language open source Web application framework. A cross-site request forgery vulnerability exists in Ruby on Rails versions prior to 5.2.5 and 6.0.4, which stems from a WEB application that does not adequately validate that a request is comin...
Autodesk Dynamo BIM Code Issue Vulnerability
Autodesk Dynamo BIM is a suite of open-source graphic programming design software from Autodesk USA. A security vulnerability exists in Autodesk Dynamo BIM version 2.5.1 and 2.5.0, which originates from the program's inability to properly verify signatures. The vulnerability can be exploited by a...
Rukovoditel SQL Injection Vulnerability (CNVD-2020-26656)
Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management , customer relationship management and other functions . A SQL injection vulnerability exists in Rukovoditel version 2.5.2. The vulnerability stems from a lack ...
CVE-2020-2864
Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite component: Accounts. Supported versions that are affected are 12.1.3 and 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupplier...
CVE-2020-10382
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler...
PT-2020-12693 · Nch · Express Invoice
Name of the Vulnerable Software and Affected Versions: NCH Express Invoice version 7.25 Description: The issue allows local users to discover the cleartext password by reading the configuration file. Recommendations: For version 7.25, consider restricting access to the configuration file to...
PT-2022-11605 · Libxml2 +3 · Libxml2 +3
Name of the Vulnerable Software and Affected Versions: VTK versions prior to 9.2.5 Description: The issue is a NULL pointer dereference vulnerability that lies in IO/Infovis/vtkXMLTreeReader.cxx. It occurs because the vendor did not check the return value of the libxml2 API xmlDocGetRootElement a...
DEBIAN-CVE-2014-6262
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted third argument to the rrdtool.graph function, aka ZEN-15415...
PT-2020-9918 · Apache · Apache Dubbo
Name of the Vulnerable Software and Affected Versions: Apache Dubbo versions 2.5.x Apache Dubbo versions 2.6.0 through 2.6.7 Apache Dubbo versions 2.7.0 through 2.7.4 Description: Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a PO...
CVE-2019-17651
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack XSS by injecting malicious JavaScript code into...