A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks. Date published : 2020-06-15 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863985 https://bugzilla.redhat.com/show_bug.cgi?id=1611614
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode. Date published : 2020-06-15 https://bugs.gentoo.org/715214 https://github.com/caddyserver/caddy/releases/tag/v0.10.13
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711. Date published : 2020-06-15 https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html https://bugs.gentoo.org/714084
A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion...
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and X or R has more than one fixed quantifier, a related issue to CVE-2019-20454. Date published :...
The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php. Date published : 2020-06-15 https://twitter.com/Sh0ckFR/status/1257298443527053313
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter. Date published : 2020-06-15 THREAD: Today, I release my vulnerabilities affecting #wordpress #wpForo 1.6.5 (20000+ active installations) but like asked by...
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter. Date published : 2020-06-15 THREAD: Today, I release my vulnerabilities affecting #wordpress #wpForo 1.6.5 (20000+ active installations) but like asked by...
The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF. Date published : 2020-06-15 THREAD: Today, I release my vulnerabilities affecting #wordpress #wpForo 1.6.5 (20000+ active installations) but like asked by the editor, I release...
OX Guard 2.10.3 and earlier allows SSRF. Date published : 2020-06-15 http://packetstormsecurity.com/files/158069/OX-Guard-2.10.3-Cross-Site-Scripting-Server-Side-Request-Forgery.html https://seclists.org/fulldisclosure/2020/Jun/20
OX Guard 2.10.3 and earlier allows XSS. Date published : 2020-06-15 http://packetstormsecurity.com/files/158069/OX-Guard-2.10.3-Cross-Site-Scripting-Server-Side-Request-Forgery.html https://seclists.org/fulldisclosure/2020/Jun/20
HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly...
Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability...
Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Date published :...