CVE-2019-12528
|
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.
Published:
February 04, 2020; 04:15:10 PM -05:00
|
(not available)
|
CVE-2019-10788
|
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function.
Published:
February 04, 2020; 04:15:10 PM -05:00
|
(not available)
|
CVE-2019-10787
|
im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.
Published:
February 04, 2020; 04:15:10 PM -05:00
|
(not available)
|
CVE-2019-10786
|
network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument.
Published:
February 04, 2020; 04:15:10 PM -05:00
|
(not available)
|
CVE-2015-2802
|
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability.
Published:
February 04, 2020; 04:15:10 PM -05:00
|
(not available)
|
CVE-2020-8615
|
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).
Published:
February 04, 2020; 03:15:14 PM -05:00
|
(not available)
|
CVE-2020-8517
|
An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.
Published:
February 04, 2020; 03:15:14 PM -05:00
|
(not available)
|
CVE-2020-8450
|
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
Published:
February 04, 2020; 03:15:14 PM -05:00
|
(not available)
|
CVE-2020-8449
|
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
Published:
February 04, 2020; 03:15:14 PM -05:00
|
(not available)
|
CVE-2020-8125
|
Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.
Published:
February 04, 2020; 03:15:14 PM -05:00
|
(not available)
|
CVE-2020-8124
|
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
Published:
February 04, 2020; 03:15:14 PM -05:00
|
(not available)
|
CVE-2020-8123
|
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.
Published:
February 04, 2020; 03:15:14 PM -05:00
|
(not available)
|
CVE-2020-8122
|
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.
Published:
February 04, 2020; 03:15:14 PM -05:00
|
(not available)
|
CVE-2020-8121
|
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.
Published:
February 04, 2020; 03:15:14 PM -05:00
|
(not available)
|
CVE-2020-8120
|
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.
Published:
February 04, 2020; 03:15:14 PM -05:00
|
(not available)
|
CVE-2020-8119
|
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.
Published:
February 04, 2020; 03:15:13 PM -05:00
|
(not available)
|
CVE-2020-8118
|
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
Published:
February 04, 2020; 03:15:13 PM -05:00
|
(not available)
|
CVE-2020-8117
|
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
Published:
February 04, 2020; 03:15:13 PM -05:00
|
(not available)
|
CVE-2020-8116
|
Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
Published:
February 04, 2020; 03:15:13 PM -05:00
|
(not available)
|
CVE-2020-8115
|
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim.
Published:
February 04, 2020; 03:15:13 PM -05:00
|
(not available)
|