A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected...
A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device....
A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site...
LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c. Date published : 2020-08-17 https://github.com/LuaJIT/LuaJIT/issues/603
lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage. Date published : 2020-08-17 https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110 https://www.lua.org/bugs.html#5.4.0-10
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). Date published : 2020-08-17 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6KONNG6UEI3FMEOY67NDZC32NBGBI44/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ/
ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference. Date published : 2020-08-17 https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a https://www.lua.org/bugs.html#5.4.0-12
ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server. Date published : 2020-08-17 https://www.cnvd.org.cn/flaw/show/CNVD-2020-42698
A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters. Date published : 2020-08-17 https://packetstormsecurity.com/files/158684/Online-Shopping-Alphaware-1.0-SQL-Injection.html https://www.exploit-db.com/exploits/48725
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ‘ASP.NET Core Denial of Service Vulnerability’. Date published : 2020-08-17 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’....
An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows...
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka ‘Microsoft Windows Codecs Library Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1560,...
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka ‘Windows dnsrslvr.dll Elevation of Privilege Vulnerability’. Date published : 2020-08-17 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1584