FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through...
HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. Due to improper authentication of specific interface, in specific scenario attackers could access specific interface without authentication. Successful exploit could...
An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated...
By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx. This affects...
user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions. Date published : 2020-06-15 https://github.com/openbmc/openbmc/issues/3670 https://lists.ozlabs.org/pipermail/openbmc/2020-June/022020.html
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. Date published : 2020-06-15 https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/ https://support.apple.com/kb/HT211931
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. Date published : 2020-06-15 https://security.gentoo.org/glsa/202007-57 http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html
In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers. Date published : 2020-06-15 http://www.ijg.org/files/jpegsrc.v9d.tar.gz https://bugs.gentoo.org/727908
In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. Date published : 2020-06-15 http://www.ijg.org/files/jpegsrc.v9d.tar.gz https://bugs.gentoo.org/727908
GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause...
In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command. Date published : 2020-06-15...
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. Date published : 2020-06-15 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZRYFJIA6ZKOH7U4K5WH5OL7OKXE4N52/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BJOYV5GHUFJMUVQW3TJKXZ7JPXL4W3ER/
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption...
KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO. Date published : 2020-06-15 https://github.com/KumbiaPHP/KumbiaPHP/releases https://github.com/jenaye/KumbiaPHP-