News aggregator

CVE-2019-8251

National Vulnerability Database - Mon, 07/06/2020 - 14:15
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to information disclosure.
Categories: Security News

CVE-2019-8066

National Vulnerability Database - Mon, 07/06/2020 - 14:15
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
Categories: Security News

CVE-2020-15570

National Vulnerability Database - Mon, 07/06/2020 - 10:15
The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.
Categories: Security News

CVE-2020-15569

National Vulnerability Database - Mon, 07/06/2020 - 10:15
PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.
Categories: Security News

CVE-2020-7690

National Vulnerability Database - Mon, 07/06/2020 - 09:15
It's possible to inject JavaScript code via the html method.
Categories: Security News

CVE-2020-7691

National Vulnerability Database - Mon, 07/06/2020 - 09:15
It's possible to use <<script>script> in order to go over the filtering regex.
Categories: Security News

CVE-2020-15562

National Vulnerability Database - Mon, 07/06/2020 - 08:15
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.
Categories: Security News

CVE-2020-15541

National Vulnerability Database - Sun, 07/05/2020 - 18:15
SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution.
Categories: Security News

CVE-2020-15542

National Vulnerability Database - Sun, 07/05/2020 - 18:15
SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command.
Categories: Security News

CVE-2020-15543

National Vulnerability Database - Sun, 07/05/2020 - 18:15
SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path.
Categories: Security News

CVE-2020-15535

National Vulnerability Database - Sun, 07/05/2020 - 12:15
An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields.
Categories: Security News

CVE-2020-15536

National Vulnerability Database - Sun, 07/05/2020 - 12:15
An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields.
Categories: Security News

CVE-2020-15537

National Vulnerability Database - Sun, 07/05/2020 - 12:15
An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box.
Categories: Security News

CVE-2020-15538

National Vulnerability Database - Sun, 07/05/2020 - 12:15
XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ search bar.
Categories: Security News

CVE-2020-15539

National Vulnerability Database - Sun, 07/05/2020 - 12:15
SQL injection can occur in We-com Municipality portal CMS 2.1.x via the cerca/ keywords field.
Categories: Security News

CVE-2020-15540

National Vulnerability Database - Sun, 07/05/2020 - 12:15
We-com OpenData CMS 2.0 allows SQL Injection via the username field on the administrator login page.
Categories: Security News

CVE-2020-15466

National Vulnerability Database - Sun, 07/05/2020 - 07:15
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
Categories: Security News

CVE-2020-15528

National Vulnerability Database - Sat, 07/04/2020 - 21:15
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks.
Categories: Security News

CVE-2020-15529

National Vulnerability Database - Sat, 07/04/2020 - 21:15
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks.
Categories: Security News

CVE-2020-15530

National Vulnerability Database - Sat, 07/04/2020 - 21:15
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks.
Categories: Security News

Pages