Security News

CVE-2020-12680

National Vulnerability Database - Fri, 05/08/2020 - 09:15
** DISPUTED ** Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials. The functions of the executable file Avira.PWM.NativeMessaging.exe are aimed at collecting credentials stored in Chrome, Firefox, Opera, and Edge. The executable does not verify the calling program and thus a request such as fetchChromePasswords or fetchCredentials will succeed. NOTE: some third parties have stated that this is "not a vulnerability."
Categories: Security News

CVE-2020-7264

National Vulnerability Database - Fri, 05/08/2020 - 08:15
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
Categories: Security News

CVE-2020-7265

National Vulnerability Database - Fri, 05/08/2020 - 08:15
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
Categories: Security News

CVE-2020-7266

National Vulnerability Database - Fri, 05/08/2020 - 08:15
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
Categories: Security News

CVE-2020-10638

National Vulnerability Database - Fri, 05/08/2020 - 08:15
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
Categories: Security News

CVE-2020-12002

National Vulnerability Database - Fri, 05/08/2020 - 08:15
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
Categories: Security News

CVE-2020-12006

National Vulnerability Database - Fri, 05/08/2020 - 08:15
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.
Categories: Security News

CVE-2020-12010

National Vulnerability Database - Fri, 05/08/2020 - 08:15
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.
Categories: Security News

CVE-2020-12014

National Vulnerability Database - Fri, 05/08/2020 - 08:15
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands.
Categories: Security News

CVE-2020-12018

National Vulnerability Database - Fri, 05/08/2020 - 08:15
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data.
Categories: Security News

CVE-2020-12022

National Vulnerability Database - Fri, 05/08/2020 - 08:15
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.
Categories: Security News

CVE-2020-12026

National Vulnerability Database - Fri, 05/08/2020 - 08:15
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.
Categories: Security News

CVE-2020-12735

National Vulnerability Database - Fri, 05/08/2020 - 01:15
reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.
Categories: Security News

CVE-2012-0952

National Vulnerability Database - Thu, 05/07/2020 - 21:15
A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.53.
Categories: Security News

CVE-2012-0953

National Vulnerability Database - Thu, 05/07/2020 - 21:15
A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53.
Categories: Security News

CVE-2020-12719

National Vulnerability Database - Thu, 05/07/2020 - 20:15
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.
Categories: Security News

CVE-2020-12720

National Vulnerability Database - Thu, 05/07/2020 - 20:15
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
Categories: Security News

CVE-2020-12718

National Vulnerability Database - Thu, 05/07/2020 - 20:15
In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle.
Categories: Security News

CVE-2014-1423

National Vulnerability Database - Thu, 05/07/2020 - 19:15
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information.
Categories: Security News

CVE-2015-7946

National Vulnerability Database - Thu, 05/07/2020 - 19:15
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1.
Categories: Security News

Pages