CVE-2020-0575
Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access.
Read MoreImproper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access.
Read MoreA sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be...
Read MoreAffected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before...
Read Moreu’In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.’ in Snapdragon Connectivity, Snapdragon...
Read MoreA remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This...
Read MoreDr. Therese McAllister of NIST’s Community Resilience Program will be presenting on Community Resilience and the Role of Federal Support in Florida International University’s Preeminent Institute for Resilient and...
Read MoreRecently I happened to notice that the Cisco AnyConnect VPN client clears the clipboard if you paste a password into it. (Note – if you know and can type any of your passwords in 2020, you should at least partially...
Read MoreA cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS...
Read MoreRecently I happened to notice that the Cisco AnyConnect VPN client clears the clipboard if you paste a password into it. (Note – if you know and can type any of your passwords in 2020, you should at least partially...
Read MoreA reader asked about another malicious file, thinking it is an intentionally corrupt ZIP file. If you follow the steps I showed in diary entry “Office: About OLE and ZIP Files”, you will see that it is not a corrupt...
Read MoreIn Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two...
Read MoreSQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can...
Read More