Improper access due to socket opened by the logging application without specifying localhost address in Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, Rennell, SDX20 Date published : 2020-06-22 https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin
Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053,...
Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...
Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150 Date published : 2020-06-22 https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin
A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a...
IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic link. Date published :...
The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn’t validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server’s stack. Date published : 2020-06-22 https://github.com/chocolate-doom/chocolate-doom/issues/1293...
The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation. Date published : 2020-06-22 http://packetstormsecurity.com/files/158323/VIPRE-Password-Vault-1.100.1090-Man-In-The-Middle.html https://www.info-sec.ca/advisories/Vipre-Password-Vault.html
The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. Date published : 2020-06-22 http://packetstormsecurity.com/files/158322/Sophos-Secure-Email-Android-Application-3.9.4-Man-In-The-Middle.html https://www.info-sec.ca/advisories/Sophos-Secure-Email.html
The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. Date published : 2020-06-22 https://packetstormsecurity.com/files/157608/WebTareas-2.0p8-Cross-Site-Scripting.html https://sourceforge.net/p/webtareas/blog/
Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin...
app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute. Date published : 2020-06-22 https://github.com/MISP/MISP/commit/609bfbd450c933d21c50c9f0161d633c43413eb6
An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending ‘’ bytes to a signature (it accepts these modified signatures as...
An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending ‘’ bytes to ciphertexts (it decrypts modified ciphertexts without...