PT-2020-5487 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Intel Graphics Drivers versions prior to 26.20.100.7212 Linux kernel versions prior to 5.5 Description: The issue is related to improper input validation in some Intel Graphics Drivers, which may allow a privileged user to potentially enable ...

PT-2022-2032

Name of the Vulnerable Software and Affected Versions Spring Framework versions prior to 5.2.20 and 5.3.18 Spring Boot versions prior to 2.5.12 and 2.6.6 libspring-aop-java - 4.3.22-4ubuntu0.1esm1 libspring-beans-java - 4.3.22-4ubuntu0.1esm1 libspring-context-java - 4.3.22-4ubuntu0.1esm1...

PT-2020-16890 · Sonarsource · Sonarqube

Name of the Vulnerable Software and Affected Versions: SonarQube version 8.4.2.36762 Description: The issue allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the "api/settings/values" URI. The vendor's position is that it is the administrator's responsibility to...

PT-2020-14703 · Tiki · Tiki

Name of the Vulnerable Software and Affected Versions: Tiki versions prior to 21.2 Description: The issue allows an attacker to set the admin password to a blank value after a certain number of invalid login attempts. There have been reports of activities targeting this issue. Recommendations: Fo...

PT-2020-5780 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to a lack of privilege management mechanism in the wp-includes/class-wp-xmlrpc-server.php component of the WordPress content management system. This allows attackers to gain...

PT-2020-16166 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw in the Linux kernel performance monitoring subsystem was found, related to the use of PERF EVENT IOC SET FILTER. This issue could allow a local user to cause a denial of service...

PT-2020-6177 · Linux +8 · Linux +8

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. This issue allows a local user to increase their privileges to that of a running kernel on a...

PT-2020-7001

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including...

PT-2020-15678 · Etoile Web Design · Etoile Web Design Ultimate Appointment Booking & Scheduling Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin versions 1.1.9 and lower Description: The issue is related to a reflected XSS vulnerability. It occurs because the Appointment ID GET parameter value is not properly...

PT-2020-4192 · Fasterxml +3 · Jackson-Databind +3

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x before 2.9.10.5 Description: The issue is related to the deserialization mechanism in the Jackson-databind library, specifically with the com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool...

PT-2020-6153 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.7.8 Description: The issue is related to insufficient permission assignment checks for a critical resource in the fs/nfsd/vfs.c component of the Linux kernel. This can allow an attacker to gain unauthorized...

PT-2020-19995 · Ruby On Rails +3 · Rails +3

Name of the Vulnerable Software and Affected Versions: rails versions prior to 5.2.5 rails versions prior to 6.0.4 Description: A CSRF forgery issue exists that allows an attacker to forge a per-form CSRF token given a global CSRF token, such as the one present in the authenticity token meta tag...

PT-2022-1733 · Linux +10 · Linux Kernel +10

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.4 through 5.6.10 Description: The issue is related to a heap out-of-bounds write in the netfilter subsystem of the Linux kernel, specifically in the nf dup netdev.c file. This can allow local users to gain privileges o...

PT-2020-3071 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.6.10 Description: The issue is related to a memory leak in the Linux kernel's rpcsec gss krb5 implementation, specifically in the gss mech free function. This leak occurs when unloading a specific kernel module...

PT-2020-3604 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33 Description: A vulnerability in the stats method of...

PT-2020-2761 · Red Hat · Undertow

Name of the Vulnerable Software and Affected Versions: Undertow versions 2.0.29.Final and before Description: A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009. This issue allows a remote, unauthenticated attacker to read web...

PT-2020-3493 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 4.19 through 5.6.7 Description: The issue is related to a race condition in the Linux kernel, specifically in the enable sacf uaccess function, which can lead to code execution. This occurs because the function fails to...

PT-2020-12510 · Freerdp +6 · Freerdp +6

Name of the Vulnerable Software and Affected Versions: FreeRDP versions 1.1 through 1.9 Description: The issue involves an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in version 2.0.0. Recommendations: For versions 1.1 through 1.9, updat...

PT-2020-12658

Name of the Vulnerable Software and Affected Versions: Rank Math plugin versions 1.0.40.2 and earlier Description: The issue allows unauthenticated remote attackers to update arbitrary WordPress metadata. This includes the ability to escalate or revoke administrative privileges for existing users...

PT-2020-12659

Name of the Vulnerable Software and Affected Versions: Rank Math plugin versions 1.0.40.2 and earlier Description: The issue allows unauthenticated remote attackers to create new URIs that redirect to an external web site via the unsecured "rankmath/v1/updateRedirection" REST API endpoint. This...

PT-2020-9056 · Pki-Core +3 · Pki-Core +3

Name of the Vulnerable Software and Affected Versions: pki-core versions 10.x.x Description: A vulnerability was found in the Key Recovery Authority KRA Agent Service where it did not properly sanitize the recovery request search page, enabling a Reflected Cross Site Scripting XSS vulnerability. ...

PT-2020-11933 · Citrix · Citrix Adc +1

Name of the Vulnerable Software and Affected Versions: Citrix Gateway versions 11.1 through 12.1 Description: The issue concerns an Inconsistent Interpretation of HTTP Requests. It is noted that Citrix disputes the reported behavior as not a security issue, stating that Citrix ADC only caches...

PT-2020-09: Path Traversal vulnerability in Cisco ASA and Cisco FTD

A vulnerability in Cisco ASA and Cisco FTD allows attackers to read some WebVPN-related files, which may contain sensitive information like WebVPN configuration data of Cisco ASA users, bookmarks, cookies, web content, and HTTP URLs. Advisory status: February 13, 2020 - Vendor notification date...

PT-2020-16156 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability was found in the Linux kernel where a non-blocking socket in the llcp sock connect function leads to a leak and eventually causes the system to hang. Recommendations: A...

PT-2019-5022 · Git +5 · Git +5

Name of the Vulnerable Software and Affected Versions: Git versions prior to 2.24.1 Git versions prior to 2.23.1 Git versions prior to 2.22.2 Git versions prior to 2.21.1 Git versions prior to 2.20.2 Git versions prior to 2.19.3 Git versions prior to 2.18.2 Git versions prior to 2.17.3 Git versio...

PT-2020-5524 · Imagemagick +5 · Imagemagick +5

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.0.9-0 Description: A flaw was found in ImageMagick in MagickCore/quantum-export.c, related to an integer overflow. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined...

PT-2019-15248 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.2.4 Description: The issue is related to a Server Side Request Forgery SSRF vulnerability. This occurs because Windows paths are mishandled during certain validation of relative URLs. Recommendations: For version...

PT-2019-3728 · Mysql Server +6 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.27 and prior MySQL Server versions 8.0.17 and prior Description: The issue is related to insufficient access control in the MySQL Server product, specifically in the Server: Security: Encryption component. This allow...

PT-2019-5850 · Imagemagick +4 · Imagemagick +4

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.0.9-0 Description: The issue is related to an integer overflow in the MagickCore/quantum-private.h component of the ImageMagick console graphic editor. This allows a remote attacker to cause a denial of service...

PT-2019-5838 · Imagemagick +5 · Imagemagick +5

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.0.8-68 Description: The issue is related to a missing check for a 0 value of replace extent in the SubstituteString function, which can cause an offset p to overflow. This could be triggered by a crafted input...

PT-2019-5224 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.7 through 5.3.0 Description: The issue is related to an authentication error in the class-wp-rest-posts-controller function of the WordPress content management system, allowing users to mark posts as sticky via the REST...

PT-2019-5218 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.2.4 Description: The issue is related to a stored XSS attack that allows an attacker to inject JavaScript into STYLE elements. This can potentially impact the integrity of the data. The exploitation of this issue...

PT-2019-5213 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.2.3 Description: The issue is related to an error in the content management system of WordPress, allowing for a Cross-Site Scripting XSS attack when authorized users view post previews. This could enable a remote...

PT-2019-13997 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.2.9 Description: The issue is related to the check input term function in the sound/usb/mixer.c file of the Linux kernel, which mishandles recursion. This leads to kernel stack exhaustion. Recommendations: For...

PT-2019-3105 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.2.1 Description: A use-after-free issue was discovered in the Linux kernel, specifically in the drivers/net/wireless/intersil/p54/p54usb.c driver, caused by a malicious USB device. This issue can lead to a...

PT-2019-5200

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.1.17 Description The issue is related to improper privilege management in the Linux kernel, specifically in the ptrace link function. This can be exploited by local users to obtain root access under certain...

PT-2019-19912 · WordPress · Wpgraphql

Name of the Vulnerable Software and Affected Versions: WPGraphQL version 0.2.3 Description: The issue allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation. Recommendations: For WPGraphQL...

PT-2019-4979 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.1.5 Description: An issue was discovered in the MPT3COMMAND case in ctl ioctl main in drivers/scsi/mpt3sas/mpt3sas ctl.c. It allows local users to cause a denial of service or possibly have unspecified other...

PT-2019-11712 · Jenkins · Jenkins Ansible Tower Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Ansible Tower Plugin version 0.9.1 and earlier Description: A cross-site request forgery issue allowed attackers to connect to a specified URL using specified credentials IDs, potentially capturing stored credentials in Jenkins. The...

PT-2019-1956 · Oracle · Oracle General Ledger +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.8 Description: The issue is related to insufficient access control in the Consolidation Hierarchy Viewer component of Oracle E-Busines...

PT-2019-1964 · Oracle +6 · Mysql Server +5

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 8.0.15 and prior Description: The issue is related to insufficient access control in the MySQL Server component, specifically in the Server: Replication subcomponent. It allows a high-privileged attacker with network...

PT-2019-5302

Name of the Vulnerable Software and Affected Versions Bootstrap versions prior to 3.4.1 for 3.x and 4.3.1 for 4.x Description The issue is related to Cross-Site Scripting XSS in the tooltip or popover data-template attribute of the Bootstrap toolkit. This is due to a lack of input sanitization,...

PT-2019-3247 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.0.4 Description: The issue is related to a use-after-free error in the Linux kernel, specifically in the ipmi si module, which can be exploited to execute arbitrary code or cause a denial of service. This is d...

PT-2019-1330 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 5.6.42 and prior Oracle MySQL versions 5.7.24 and prior Oracle MySQL versions 8.0.13 and prior Description: The issue is related to insufficient access control in the MySQL Server component, specifically in the Server:...

PT-2018-2631 · Php +2 · Phpmailer +2

Name of the Vulnerable Software and Affected Versions: PHPMailer versions prior to 5.2.27 PHPMailer versions 6.x prior to 6.0.6 Description: The issue is related to insufficient input validation in the PHPMailer library, allowing a remote attacker to perform an object injection attack. This could...

PT-2018-2562 · Nginx +4 · Nginx +4

Name of the Vulnerable Software and Affected Versions: nginx versions 1.14.0 through 1.14.1 nginx versions 1.15.0 through 1.15.6 Description: The issue is related to the implementation of HTTP/2 in nginx, which can lead to excessive CPU usage. This problem affects nginx compiled with the ngx http...

PT-2018-3478 · Go +2 · Go +2

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.10.6 Go versions 1.11.x prior to 1.11.3 Description: The issue is related to the "go get" command and is caused by insufficient input validation, specifically when using the -u flag with a malicious import path. This ca...

PT-2018-3607 · Poppler +4 · Poppler +4

Name of the Vulnerable Software and Affected Versions: Poppler version 0.68.0 Description: The issue is related to the Parser::getObj function in the Poppler library for rendering PDF files, which can cause infinite recursion when processing a crafted file. This can be exploited by a remote...

PT-2018-16228 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1013 Description: An exploitable permanent denial of service issue exists due to the firmware upgrade functionality retrieving signed firmware binaries using plain HTTP requests. The device does not check the type of...

PT-2018-3024 · Mysql Server +6 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.5.59 and prior MySQL Server versions 5.6.39 and prior MySQL Server versions 5.7.21 and prior Description: The issue is related to inadequate access control in the MySQL Server component, specifically in the Server: DDL...