In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and delivered to the analysisd...
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and...
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client. Date published : 2020-01-29 https://security.gentoo.org/glsa/202007-33...
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring. Date published : 2020-01-29 https://sku11army.blogspot.com/2020/01/ruckus-rce-ruckus-m500-via-injection-on.html
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity...
IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port. Date published : 2020-01-29 https://github.com/kolya5544/BearFTP/blob/0.2.0/CHANGELOG.txt https://github.com/kolya5544/BearFTP/commit/9965337f9d4c0325e4aab324dcd485e4cbb7b428
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution Date published : 2020-01-29 https://www.bitdefender.com/support/security-advisories/code-injection-into-bitdefender-antivirus-for-mac-va-3441/
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus...
flaskparser.py in Webargs 5.x through 5.5.2 doesn’t check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type...
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in...
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. Date published : 2020-01-29 https://helpx.adobe.com/security/products/magento/apsb20-02.html
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure. Date published : 2020-01-29 https://helpx.adobe.com/security/products/magento/apsb20-02.html
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution. Date published : 2020-01-29 https://helpx.adobe.com/security/products/magento/apsb20-02.html
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure. Date published : 2020-01-29 https://helpx.adobe.com/security/products/magento/apsb20-02.html