irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel...
OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication). Date published : 2020-02-12 https://openvpn.net/security-advisories/
The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%AMDPPCupload and then creating a symbolic link in %PROGRAMDATA%AMDPPCtemp that...
Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation,...
functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224. Date published : 2020-02-12...
Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. Date published : 2020-02-12 https://sku11army.blogspot.com/2020/02/netis-authenticated-rce-on-wf2471.html
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution...
Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field. Date published : 2020-02-12 http://packetstormsecurity.com/files/156289/CHIYU-BF430-TCP-IP-Converter-Cross-Site-Scripting.html https://drive.google.com/open?id=1eDN0rsGPs4-yxeMxl7MGh__yjdbl-wON
Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of small packets....
Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they...
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of...
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2. Date published : 2020-02-12 http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html http://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2. Date published : 2020-02-12 https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop. Date published : 2020-02-12 http://www.openwall.com/lists/oss-security/2020/02/12/1 https://dovecot.org/pipermail/dovecot-news/2020-February/000431.html