CVE-2020-29491
Summary: Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially...
vulnerability
CVE-2019-20484
Summary: An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload...
CVE-2016-20003
Summary: The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's...
CVE-2019-25012
Summary: The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE:...
CVE-2020-35894
Summary: An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur. Reference Links(if available):...
CVE-2020-35889
Summary: An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory...
CVE-2020-35882
Summary: An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references...
[KIS-2021-01] IPS Community Suite <= 4.5.4 (Downloads REST API) SQL Injection Vulnerability
Posted by Egidio Romano on Jan 06----------------------------------------------------------------------------- IPS Community Suite <= 4.5.4 (Downloads REST API) SQL Injection Vulnerability ----------------------------------------------------------------------------- Software...
Backdoor.Win32.Zombam.k / Remote Stack Buffer Overflow
Posted by malvuln on Jan 06Discovery / credits: malvuln - Malvuln.com (c) 2021 Original source:https://malvuln.com/advisory/79d9908b6769e64f922e74a090f5ceeb.txt Contact: malvuln13 () gmail com...
Files.com – Auth Bypass (Fat Client)
Posted by Balázs Hambalkó on Jan 06Hi, Vendor: Files.com Product: Fat Client Tested version: 3.3.6 but newer version high likely...
CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
Posted by Aki Tuomi on Jan 06Open-Xchange Security Advisory 2021-01-04 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOP-2009 (Bug...
CVE-2020-35269
Summary: Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding –...
CVE-2020-13654
Summary: XWiki Platform before 12.8 mishandles escaping in the property displayer. Reference Links(if available): https://github.com/xwiki/xwiki-platform/compare/xwiki-platform-12.7.1...xwiki-platform-12.8 https://jira.xwiki.org/browse/XWIKI-17374 https://github.com/xwiki/xwiki-platform/pull/1315 CVSS Score (if...
CVE-2020-19664
Summary: DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. Reference Links(if available):...
CVE-2020-25845
Summary: Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected...
CVE-2019-19680
Summary: A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22...
CVE-2020-19664
Summary: DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. Reference Links(if available):...
CVE-2020-4916
Summary: IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code...
CVE-2020-4928
Summary: IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request...
survey on reliability of CVSS
Posted by Zinaida Benenson on Dec 29The University of Erlangen-Nuremberg (Germany) is conducting a research study to test the reliability...
Re: CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
Posted by Mark E. Jeftovic on Dec 29Is there a transposition typo in the Mac OSX version number? *Fixed Version:*Â |7.0.1.433|Â (Windows)...
Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
Posted by Reed Loden on Dec 25Due to a process fail, this CVE ID was accidentally reused for another vulnerability....
CarolinaCon Online CFP
Posted by CarolinaCon on Dec 25We hope this email finds you well. This year has had its challenges and we...
Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze
Posted by Reed Loden on Dec 25Due to a process fail, this CVE ID was accidentally reused for another vulnerability....
