HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity’s Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4. Date published :...
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated...
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. Date published : 2020-03-23 https://security.gentoo.org/glsa/202003-50 https://trac.torproject.org/projects/tor/ticket/33120
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of...
Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe. Date published : 2020-03-22 https://cve.naver.com/detail/cve-2020-9752
Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. Date published : 2020-03-22 https://code610.blogspot.com/2020/03/nagios-5611-xssd.html
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter. Date published : 2020-03-22 https://code610.blogspot.com/2020/03/nagios-5611-xssd.html
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter. Date published : 2020-03-22 https://code610.blogspot.com/2020/03/nagios-5611-xssd.html
Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. Date published : 2020-03-22 https://code610.blogspot.com/2020/03/rce-in-artica-426.html
An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service. Date published : 2020-03-22 https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt...
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service. Date published : 2020-03-22 https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt...
An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service. Date published : 2020-03-22 https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt...
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It...
Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session...