π¨ CVE-2020-18900
A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128. NOTE: the vendor has disputed this as described in libyal/libexe issue 1 on GitHub
π@cveNotify
A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128. NOTE: the vendor has disputed this as described in libyal/libexe issue 1 on GitHub
π@cveNotify
GitHub
OOB read of 1 and 2 in libexe_io_handle_read_coff_optional_header of libexe 20180812 Β· Issue #1 Β· libyal/libexe
Multiple heap-buffer-overflow errors inside function libexe_io_handle_read_coff_optional_header in libexe_io_handle.c We found with our fuzzer multiple heap-buffer-overflow errors inside function l...
π¨ CVE-2020-24345
JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option
π@cveNotify
JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option
π@cveNotify
GitHub
Stack overflow in ecma_is_lexical_environment Β· Issue #3977 Β· jerryscript-project/jerryscript
JerryScript revision git hash: 392ee71 Test case function a() { new new Proxy(a, {}) } JSON.parse("[]", a) Execution steps ./jerry poc.js Build cmd python tools/build.py --compile-flag=&q...
π¨ CVE-2020-22278
phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.
π@cveNotify
phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.
π@cveNotify
π¨ CVE-2020-22083
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used with un-trusted data
π@cveNotify
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used with un-trusted data
π@cveNotify
π¨ CVE-2020-23826
The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176
π@cveNotify
The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176
π@cveNotify
π¨ CVE-2020-22427
NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time
π@cveNotify
NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time
π@cveNotify
Blogspot
Postauth RCE bugs in NagiosXI 5.6.11
pentest research exploits security writeup - you name IT.
π¨ CVE-2020-21468
A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7
π@cveNotify
A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7
π@cveNotify
Redis
Redis - The Real-time Data Platform
Developers love Redis. Unlock the full potential of the Redis database with Redis Enterprise and start building blazing fast apps.
π¨ CVE-2020-23904
A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program.
π@cveNotify
A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program.
π@cveNotify
GitHub
speexenc stack buffer overflow Β· Issue #14 Β· xiph/speex
I have found a stack buffer overflow vulnerability in speexenc,this may cause a rce by open a crafted wav file sample2.zip the vulnerability function: speexenc.c:122 } else { nb_read = fread(in,1,t...
π¨ CVE-2020-23622
An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header
π@cveNotify
An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header
π@cveNotify
GitHub
SSRF and DDOS vulnerability Β· Issue #253 Β· 4thline/cling
The Upnp protocol implemented in the latest version of cling has a flaw, and the CALLBACK parameter in the request header of the service's subscribe request is not checked, resulting in the att...
π¨ CVE-2020-24307
An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present.
π@cveNotify
An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present.
π@cveNotify
GitHub
Infrastructure-Assessment/Privilege Escalation/Common Windows Privilege Escalation.md at master Β· NyaMeeEain/Infrastructure-Assessment
Assessment_Note. Contribute to NyaMeeEain/Infrastructure-Assessment development by creating an account on GitHub.
π¨ CVE-2020-19909
Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.
π@cveNotify
Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.
π@cveNotify
daniel.haxx.se
CVE-2020-19909 is everything that is wrong with CVEs
This is a story consisting of several little building blocks and they occurred spread out in time and in different places. It is a story that shows with clarity how our current system with CVE Ids and lots of power given to NVD is a completely broken system.β¦
π¨ CVE-2020-21469
An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).
π@cveNotify
An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).
π@cveNotify
PostgreSQL Mailing List Archives
Buffer overflow when continuously send SIGHUP to postgres
REPRODUCTION && ERROR MESSAGE: 1. initialize database with executable binary "initdb"; 2. start a server with "postgress" (command: "./postgres -Ddata β¦
π¨ CVE-2020-22916
An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.
π@cveNotify
An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.
π@cveNotify
GitHub
GitHub - snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability: XZ 5.2.5 mishandles read the designed payload, leadingβ¦
XZ 5.2.5 mishandles read the designed payload, leading to denial of service (resource consumption) - GitHub - snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability: XZ 5.2.5 mishandle...
π¨ CVE-2020-24165
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties.
π@cveNotify
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties.
π@cveNotify
Launchpad
Bug #1863025 βUse-after-free after flush in TCG acceleratorβ : Bugs : QEMU
I believe I found a UAF in TCG that can lead to a guest VM escape. The security list informed me "This can not be treated as a security issue." and to post it here. I am looking at the 4.2.0 source code. The issue requires a race and I will try to describeβ¦
π¨ CVE-2020-24567
voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error
π@cveNotify
voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error
π@cveNotify
Cymaera
Cymæra · End to End Software Solutions
CVE-2020-24567: Voidtools "Everything" Service - DLL Hijacking and Potential Abuses.
π¨ CVE-2020-25575
An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010
π@cveNotify
An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010
π@cveNotify
withoutblogs
From failure to Fehler
About two and a half years ago I wrote a Rust library called failure, which quickly became one of the most popular error handling libraries in Rust. This week, its current maintainer decided to β¦
π¨ CVE-2020-25071
Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. Note: It has been argued that this is not reproducible. "The original issue was that the task would be created and an alert would be shown on the screen. Now the task would be created, but the alert won't be executed as those attributes are now stripped.
π@cveNotify
Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. Note: It has been argued that this is not reproducible. "The original issue was that the task would be created and an alert would be shown on the screen. Now the task would be created, but the alert won't be executed as those attributes are now stripped.
π@cveNotify
Medium
A Tale of Reflected XSS to Stored which ultimately resulted into a CVE
Hi guys, this is my first blog. So please excuse for any mistakes encountered.
π¨ CVE-2020-24890
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way
π@cveNotify
libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way
π@cveNotify
GitHub
segmentation fault in LibRaw::parse_tiff_ifd Β· Issue #335 Β· LibRaw/LibRaw
Reproduce steps: compile provided test.c run command:./test poc Stack trace: #0 0x00007ffff7afdcc7 in LibRaw::parse_tiff_ifd (this=this@entry=0x7ffffff43250, base=<optimized out>, base@entry=...
π¨ CVE-2020-25750
An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']) is used for simplexml_load_string without sanitization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
π@cveNotify
An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']) is used for simplexml_load_string without sanitization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
π@cveNotify
GitHub
XXE Vulnerability Β· Issue #400 Β· DevGroup-ru/dotplant2
In class Pay2PayPayment(application\components\payment\Pay2PayPayment.php), there is an XXE vulnerability in checkResult function. public function checkResult($hash = '') { if (isset($_POST...
π¨ CVE-2020-25756
A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice.
π@cveNotify
A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice.
π@cveNotify
GitHub
A buffer overflow error in mg_get_http_header Β· Issue #1135 Β· cesanta/mongoose
A buffer overflow error in mg_get_http_header function in mongoose/src/mg_http.c in Mongoose 6.18, where header_names and header_values have a bound of (MG_MAX_HTTP_HEADERS); however, there is no c...
π¨ CVE-2020-25786
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
π@cveNotify
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
π@cveNotify
GitHub
iot/DIR-816L_XSS.md at master Β· sek1th/iot
Contribute to sek1th/iot development by creating an account on GitHub.