CVE-2020-35882
Summary: An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references...
Vulnerabilities
[KIS-2021-01] IPS Community Suite <= 4.5.4 (Downloads REST API) SQL Injection Vulnerability
Posted by Egidio Romano on Jan 06----------------------------------------------------------------------------- IPS Community Suite <= 4.5.4 (Downloads REST API) SQL Injection Vulnerability ----------------------------------------------------------------------------- Software...
Backdoor.Win32.Zombam.k / Remote Stack Buffer Overflow
Posted by malvuln on Jan 06Discovery / credits: malvuln - Malvuln.com (c) 2021 Original source:https://malvuln.com/advisory/79d9908b6769e64f922e74a090f5ceeb.txt Contact: malvuln13 () gmail com...
Files.com – Auth Bypass (Fat Client)
Posted by Balázs Hambalkó on Jan 06Hi, Vendor: Files.com Product: Fat Client Tested version: 3.3.6 but newer version high likely...
CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
Posted by Aki Tuomi on Jan 06Open-Xchange Security Advisory 2021-01-04 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOP-2009 (Bug...
CVE-2020-35269
Summary: Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding –...
CVE-2020-13654
Summary: XWiki Platform before 12.8 mishandles escaping in the property displayer. Reference Links(if available): https://github.com/xwiki/xwiki-platform/compare/xwiki-platform-12.7.1...xwiki-platform-12.8 https://jira.xwiki.org/browse/XWIKI-17374 https://github.com/xwiki/xwiki-platform/pull/1315 CVSS Score (if...
CVE-2020-19664
Summary: DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. Reference Links(if available):...
CVE-2020-25845
Summary: Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected...
CVE-2019-19680
Summary: A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22...
CVE-2020-19664
Summary: DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. Reference Links(if available):...
CVE-2020-4916
Summary: IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code...
CVE-2020-4928
Summary: IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request...
CVE-2020-26217
Summary: XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary...
CVE-2020-0688 – Microsoft / Exchange – Memory corruption
Summary: CVE-2020-0688 is a memory corruption vulnerability impacting Microsoft Exchange. A Metasploit module was observed in open source and subsequently...
CVE-2020-14871 – Oracle / Solaris – Unspecified
Summary: CVE-2020-14871 is an unspecified vulnerability impacting Oracle Solaris versions 10 and 11. A Metasploit module was observed in open...
CVE-2019-12840 – Webmin / Webmin – OS command injection
Summary: CVE-2019-12840 is an OS command injection vulnerability impacting Webmin versions 1.910 and earlier. A Metasploit module was observed in...
CVE-2019-12840 – Webmin/Webmin – OS command injection vulnerability
Summary: CVE-2019-12840 is an OS command injection vulnerability impacting Webmin versions 1.910 and earlier. A Metasploit module was observed in...
CVE-2020-14871 – Oracle/Solaris – unspecified vulnerability
Summary: CVE-2020-14871 is an unspecified vulnerability impacting Oracle Solaris versions 10 and 11. A Metasploit module was observed in open...
CVE-2020-0688 – Microsoft/Exchange
Summary: CVE-2020-0688 is a memory corruption vulnerability impacting Microsoft Exchange. A Metasploit module was observed in open source and subsequently...
survey on reliability of CVSS
Posted by Zinaida Benenson on Dec 29The University of Erlangen-Nuremberg (Germany) is conducting a research study to test the reliability...
Re: CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
Posted by Mark E. Jeftovic on Dec 29Is there a transposition typo in the Mac OSX version number? *Fixed Version:* |7.0.1.433| (Windows)...
Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
Posted by Reed Loden on Dec 25Due to a process fail, this CVE ID was accidentally reused for another vulnerability....
CarolinaCon Online CFP
Posted by CarolinaCon on Dec 25We hope this email finds you well. This year has had its challenges and we...
