technology Archives | Cyberthreat Blog

CVE-2013-0170 (enterprise_linux_desktop, enterprise_linux_eus, enterprise_linux_server, enterprise_linux_workstation, fedora, libvirt, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, opensuse, ubuntu_linux)

by Alyssa Portillo | Oct 22, 2020 | CVE Validated | 0 |

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause...

CVE-2018-1000205 (u-boot)

by Alyssa Portillo | Oct 22, 2020 | CVE Validated | 0 |

U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special...

CVE-2020-24033

by Alyssa Portillo | Oct 22, 2020 | CVE Notifications | 0 |

An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to...

CVE-2020-27560

by Alyssa Portillo | Oct 22, 2020 | CVE Notifications | 0 |

ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.

CVE-2020-27646

by Alyssa Portillo | Oct 22, 2020 | CVE Notifications | 0 |

Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft.

CVE-2020-27533

by Alyssa Portillo | Oct 22, 2020 | CVE Notifications | 0 |

A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.

CVE-2020-26649

by Alyssa Portillo | Oct 22, 2020 | CVE Notifications | 0 |

AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php

CVE-2020-26650

by Alyssa Portillo | Oct 22, 2020 | CVE Notifications | 0 |

AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php

VU#208577: Chocolatey Boxstarter vulnerable to privilege escalation due to weak ACLs

by Alyssa Portillo | Oct 22, 2020 | CERT-Vulnerabilities | 0 |

Overview Chocolatey Boxstarter fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. Description CVE-2020-15264 The Chocolatey Boxstarter installer...

CVE-2020-27642

by Alyssa Portillo | Oct 22, 2020 | CVE Notifications | 0 |

A cross-site scripting (XSS) vulnerability exists in the ‘merge account’ functionality in admins.js in BigBlueButton Greenlight 2.7.6.

CVE-2020-27638

by Alyssa Portillo | Oct 22, 2020 | CVE Notifications | 0 |

receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.

CVE-2018-10846 (debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_workstation, fedora, gnutls, ubuntu_linux)

by Alyssa Portillo | Oct 22, 2020 | CVE Validated | 0 |

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of “Just in Time” Prime+probe attack in combination with...

Tag: technology