ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +34364 more potentially affected by CVE-2019-10086 via commons-beanutils:commons-beanutils (>=1.0 <=1.9.3)

commons-beanutils:commons-beanutils MAVEN version =1.0, =1.1, =0.0.1, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.2.8 - ai.catboost:catboost-spark3.22.12 =1.2.10 and more Source cves: CVE-2019-10086 Source advisory: OSV:GHSA-6PHF-73Q6-GH87...

ch.rasc:wamp2spring-security (=1.0.0), cn.springcloud.gray:spring-cloud-gray-server (>=B.0.0.1 <=B.0.0.6) +209 more potentially affected by CVE-2020-5408 via org.springframework.security:spring-security-core (>=5.0.0.RELEASE <=5.0.15.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.0.0.RELEASE, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.2, =B.0.0.1, =2.21.8, =0.3.0, =2017.11.28, =2018.1.20 - com.netflix.genie:genie-app =4.0.0-rc.2 and more Source cves: CVE-2020-5408 Source advisory: OSV:GHSA-2PPP-9496-P23Q...

PT-2020-6510 · Mobileiron · Mobileiron Sentry +3

Name of the Vulnerable Software and Affected Versions: MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 MobileIron Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0...

F5 NGINX Controller Authorization Issue Vulnerability (CNVD-2020-51553)

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. An authorization issue vulnerability exists in F5 NGINX Controller versions 3.0.0 through 3.4.0 in NGINX Controller...

thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...

CVE-2020-6246

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXTTABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

freerdp: Out-of-bounds write in planar.c

A flaw was found in freerdp in versions between 1.0 and 2.0.0. An out-of-bounds memory write was found in the planar.c function which could allow an attacker to control data sent from the RDP server to the client. The highest threat from this vulnerability is to data confidentiality and integrity...

freerdp: Integer overflow in region.c

A flaw was found in FreeRDP in versions between 1.0 and 2.0.0. An integer overflow was found in the region.c function which could allow an attacker the ability to control the RDP server as well as the data sent to the client. The highest threat from this vulnerability is to data confidentiality a...

AEgir Information Disclosure Vulnerability (CNVD-2020-31168)

AEgir is a JavaScript project automation build package from Protocol Labs. An information disclosure vulnerability exists in aegir publish and aegir build in Aegir versions 21.7.0 through 21.10.1 excluding version 21.10.1. An attacker can use this vulnerability to obtain information about...

CVE-2020-4358

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 17876...

thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...

@amitport/useful (>=0.5.0 <=0.5.2), @arivazhagan/demo-project (=1.0.1) +1010 more potentially affected by CVE-2020-7676 via angular (>=1.0.8 <=1.7.9)

angular NPM version =1.0.8, =0.5.0, =0.0.8, =2.3.0, =1.5.8, =2.8.3-2, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.2.24, =0.0.1, =0.0.1, =0.0.5, =0.1.7 and more Source cves: CVE-2020-7676 Source advisory: SNYK:JS-ANGULAR-570058...

NaviServer Denial of Service Vulnerability

NaviServer is a high-performance Web server written in C and Tcl. A denial of service vulnerability exists in NaviServer versions 4.99.4 through 4.99.19. The vulnerability stems from the nsd/driver.c ChunkedDecode function failing to properly validate the length of a chunk. A remote attacker coul...

DEBIAN-CVE-2020-11523

libfreerdp/gdi/region.c in FreeRDP versions 1.0 through 2.0.0-rc4 has an Integer Overflow...

UBUNTU-CVE-2020-11523

libfreerdp/gdi/region.c in FreeRDP versions 1.0 through 2.0.0-rc4 has an Integer Overflow...

IBM API Connect Information Disclosure Vulnerability (CNVD-2020-31096)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An information disclosure vulnerability exists in the management server in IBM API Connect...

3h1-ui (>=2.14.41 <=3.0.0-next.258), @abt-desk/apm (>=0.0.1 <=0.33.12) +945 more potentially affected by CVE-2019-1010091 via tinymce (>=5.0.11 <=5.2.1)

tinymce NPM version =5.0.11, =2.14.41, =0.0.1, =0.1.0, =0.1.2, =0.3.7, =0.1.17, =0.1.0, =0.0.1, =0.2.0-0, =1.0.18-beta.8, =1.0.0, =1.2.3-beta.1, =0.1.1, =1.0.0, =8.7.0 and more Source cves: CVE-2019-1010091 Source advisory: OSV:GHSA-C78W-2GW7-GJV3...

CVE-2020-10176

ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43p1 devices allow Eval Injection of commands...

WordPress Access Restriction Bypass Vulnerability (CNVD-2020-27079)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress versions 3.7 through 5.4, which stems from the fact that a passwo...

NetFortris Fonality Trixbox endpoint_devicemap.php Component OS Command Injection Vulnerability

NetFortris Fonality Trixbox is a suite of business telephony software from NetFortris USA. An operating system command injection vulnerability exists in the endpointdevicemap.php component in NetFortris Fonality Trixbox Community Edition versions 1.2.0 through 2.8.0.4, which can be exploited by a...