605 matches found
CVE-2021-28801
An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on QSW-M2108-2C;...
PT-2021-19832 · Nextcloud +1 · Nextcloud Server +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: The issue allows an attacker to gain write/read privileges on any Federated File Share. This can also...
PT-2021-19833 · Nextcloud +1 · Nextcloud Server +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: The issue arises when an attacker converts a Files Drop link to a federated share, causing problems o...
SUSE-SU-2021:1637-1 Security update for python-httplib2
This update for python-httplib2 contains the following fixes: Security fixes included in this update: - CVE-2021-21240: Fixed a regular expression denial of service via malicious header bsc1182053. - CVE-2020-11078: Fixed an issue where an attacker could change request headers and body bsc1171998...
CVE-2021-26023
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS...
IBM Security Guardium Insights 信息泄露漏洞
IBM Security Guardium Insights is a modern hybrid cloud data security hub designed to provide a reliable view of an organization's data security and compliance posture. An information disclosure vulnerability exists in IBM Security Guardium Insights 2.0.2. A remote attacker could exploit this...
jsoneditor Cross-site Scripting Vulnerability
Josdejong Jsoneditor is a web page based software for viewing, editing, and verifying Json data by the individual developer Josdejong. A cross-site scripting vulnerability exists in jsoneditor before 9.0.2, which allows the vulnerability to be triggered by injecting and executing JavaScript...
CVE-2020-14254
TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it...
HCL BigFix Inventory 安全漏洞
HCL BigFix Platform is a suite of endpoint security management platform from HCL India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Inventory v10.0.2 onwards, which stems from not disabling the...
PYSEC-2020-110
In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...
UBUNTU-CVE-2020-15251
In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...
PT-2020-5835 · Phpmyadmin +1 · Phpmyadmin +1
Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 5.0.2 and earlier Description: The issue is related to a lack of neutralization of elements in a CSV file in the "Export" function of the phpMyAdmin web application for database management. This could allow a remote attack...
@here/harp-leaflet (>=0.2.4 <=0.2.5) potentially affected by CVE-2020-8244 via bl (=4.0.2)
bl NPM version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on bl and may be impacted: - @here/harp-leaflet =0.2.4, =0.2.5 Source cves: CVE-2020-8244 Source advisory: OSV:GHSA-PP7H-53GX-MX7R...
CVE-2020-9722
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution...
CVE-2020-12081
An information disclosure vulnerability has been identified in FlexNet Publisher lmadmin.exe 11.14.0.2. The web portal link can be used to access to system files or other important files on the system...
CVE-2020-2978
Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracl...
CVE-2020-14699
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Orac...
CVE-2020-14677
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Orac...
UBUNTU-CVE-2020-14647
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Orac...
SUSE-SU-2020:1864-1 Security update for nasm
nasm was updated to version 2.14.02: Fix crash due to multiple errors or warnings during the code generation pass if a list file is specified. Create all system-defined macros defore processing command-line given preprocessing directives -p, -d, -u, --pragma, --before. If debugging is enabled,...