All

Popular

All

Latest

CVE-2013-0170 (enterprise_linux_desktop, enterprise_linux_eus, enterprise_linux_server, enterprise_linux_workstation, fedora, libvirt, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, opensuse, ubuntu_linux)

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause...

All

Latest

CVE-2013-0170 (enterprise_linux_desktop, enterprise_linux_eus, enterprise_linux_server, enterprise_linux_workstation, fedora, libvirt, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, opensuse, ubuntu_linux)

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause...

Loading

CVE-2020-27533

A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.

CVE-2020-27642

A cross-site scripting (XSS) vulnerability exists in the ‘merge account’ functionality in admins.js in BigBlueButton Greenlight 2.7.6.

CVE-2020-27638

receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.

5703 Western Regional Assurance Program (WRAP)

NIST Handbook 143, Section 5.2, Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory Recognition. Handbook 143, Program Handbook details the criteria used for OWM Laboratory...

5704 Northeastern Measurement Assurance Program (NEMAP)

NIST Handbook 143, Section 5.2, Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory Recognition. Handbook 143, Program Handbook details the criteria used for OWM Laboratory...

5705 Southwest Assurance Program (SWAP)

NIST Handbook 143, Section 5.2, Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory Recognition. Handbook 143, Program Handbook details the criteria used for OWM Laboratory...

5706 MidAmerica Measurement Assurance Program (MidMAP)

NIST Handbook 143, Section 5.2, Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory Recognition. Handbook 143, Program Handbook details the criteria used for OWM Laboratory...

CVE-2020-27619

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

CVE-2020-27620

The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by...

CVE-2020-27621

The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user’s IP address. Instead, for various actions, it would report the IP address of an internal...

CVE-2020-17355

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an...

CVE-2020-24421

Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current...

CVE-2020-17454

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the “publisher” component’s admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter...

CVE-2020-15244

In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product....

CVE-2020-9750

Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a...

CVE-2020-9749

Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a...

CVE-2020-9748

Adobe Animate version 20.5 (and earlier) is affected by a stack overflow vulnerability, which could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim...

CVE-2020-9747

Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires...

CVE-2020-24422

Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the...

CVE-2020-15265

In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel...

CVE-2020-15266

In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is...

CVE-2020-24419

Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...

CVE-2020-24418

Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure. An attacker could...

CVE-2020-24420

Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this...

CVE-2020-24424

Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...

CVE-2020-24423

Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...

CVE-2020-24425

Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to...

CVE-2016-5238 (debian_linux, qemu, ubuntu_linux)

The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer...

CVE-2016-4952 (debian_linux, qemu, ubuntu_linux)

QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1)...

CVE-2016-5105 (debian_linux, qemu, ubuntu_linux)

The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host...

CVE-2016-5106 (debian_linux, qemu, ubuntu_linux)

The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write...

CVE-2016-5107 (debian_linux, qemu, ubuntu_linux)

The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified...

CVE-2016-8578 (debian_linux, leap, qemu)

The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty...

CVE-2016-8667 (debian_linux, leap, qemu)

The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload...

CVE-2016-8668 (leap, qemu)

The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit...

CVE-2016-9104 (debian_linux, leap, qemu)

Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a...

CVE-2016-7994 (leap, qemu)

Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of...

CVE-2017-6386 (virglrenderer)

Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large number of...

CVE-2020-27615

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.

CVE-2020-15240

omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to...

CVE-2018-11764

Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.

CVE-2020-17381

An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%totalcmdTOTALCMD64.EXE...

CVE-2020-3317

A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances. The vulnerability is due to insufficient input validation...

CVE-2020-3304

A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload...

CVE-2020-3299

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect...

CVE-2020-3352

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. The vulnerability is due to the presence of undocumented configuration commands....

CVE-2020-3373

A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory...

CVE-2020-3410

A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The...

Loading