Qulture.Rocks: Privilege escalation from member user ( editor ) to admin user

Qulture.Rocks has multiple levels of admins, where you could manage parts of the application. One of those levels had a wrong configuration, which did not blocked it from updating its level to a higher one. Our team worked rapidly to fix this issue, blocking said level of updating itself...

DEBIAN-CVE-2020-9759

A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files...

UBUNTU-CVE-2020-9759

A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files...

CVE-2020-9759

A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files...

CVE-2020-9759 webOS TV Emulator privilege escalation vulnerability

A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files...

CVE-2020-3869

An issue existed in the handling of the local user's self-view. The issue was corrected with improved logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A remote FaceTime user may be able to cause the local user's camera self-view to display the incorrect camera...

DEBIAN-CVE-2013-4166

The gpgctxaddrecipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers...

Scientific Linux Security Update : ipa on SL7.x x86_64 (20200205)

Security Fixes : - ipa: Denial of service in IPA server due to wrong use of berscanf CVE-2019-14867 - ipa: Batch API logging user passwords to /var/log/httpd/errorlog CVE-2019-10195 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description...

Information Leakage Through Denial Of Service (DoS)

github.com/ gammazero/nexus is vulnerable to information leakage through denial of service attacks. The router can reassign call results to the wrong session when two clients are connecting concurrently and performing long running calls with the same request ID, resulting in denial of service...

Debian: Security Advisory (DSA-4606-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PYSEC-2020-94

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...

CVE-2019-20362

In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILESX86%\Teradici\PCoIP.exe instead of the intended pcoipvchanprintingsvc.exe file...

CVE-2018-13785

In libpng 1.6.34, a wrong calculation of rowfactor in the pngcheckchunklength function pngrutil.c may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service...

WAGO PFC200 Access Control Error Vulnerability

The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. An access control error vulnerability exists in the WAGO PFC200. An attacker could exploit this vulnerability with specially crafted packets to cause a denial of service and cause the device to enter an incorrect state...

MGASA-2019-0390 Updated libvirt packages fix security vulnerabilities

Updated libvirt packages fix security vulnerabilities: An information leak which allowed to retrieve the guest hostname under readonly mode CVE-2019-3886. Wrong permissions in systemd admin-sock due to missing SocketMode parameter CVE-2019-10132. Arbitrary file read/exec via...

Updated libvirt packages fix security vulnerabilities

Updated libvirt packages fix security vulnerabilities: An information leak which allowed to retrieve the guest hostname under readonly mode CVE-2019-3886. Wrong permissions in systemd admin-sock due to missing SocketMode parameter CVE-2019-10132. Arbitrary file read/exec via...

Unspecified Vulnerability in CallKit Component of Multiple Apple Products

Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer.Apple macOS Catalina is a specialized operating system developed for Mac computers. A security vulnerability exists in the CallKit component of multiple Apple products wi...

CVE-2019-10555

Buffer overflow can occur due to usage of wrong datatype and missing length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

CVE-2011-2337

The CVE-2011-2337 entry concerns WebKit in Google Chrome (pre-Blink M12) on 64-bit platforms, where a return value from strlen uses the wrong type. The Connected documents reiterate this same issue across multiple sources, without providing concrete exploit details, impacted versions beyond the C...

php: File rename across filesystems may allow unwanted access during processing

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...