A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform...
IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation. IBM X-Force ID: 181861. Date published : 2020-08-11 https://www.ibm.com/support/pages/node/6257885 https://exchange.xforce.ibmcloud.com/vulnerabilities/181861
IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to disable the Wincollect service which could aid an attacker in bypassing security mechanisms in future attacks. IBM X-Force ID: 181860. Date published :...
django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in...
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user...
radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY. Date published : 2020-08-11 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/45SGGCWFIIV7N2X2QZRREHOW7ODT3IH7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJET3RR6W7LAK4H6VPTMAZS24W7XYHRZ/
Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by visiting manage/control.php and ignoring 302 Redirect responses. Date published : 2020-08-11 https://cxsecurity.com/issue/WLB-2020080046 https://www.turcom.com.tr/en/urunlerimiz-sorunsuz-internet-trcwifizone.asp
Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension. Date...
Firejail through 0.9.62 mishandles shell metacharacters during use of the –output or –output-stderr option, which may lead to command injection. Date published : 2020-08-11 https://www.debian.org/security/2020/dsa-4742 https://www.debian.org/security/2020/dsa-4743
Firejail through 0.9.62 does not honor the — end-of-options indicator after the –output option, which may lead to command injection. Date published : 2020-08-11 https://www.debian.org/security/2020/dsa-4743 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W66IR5YT4KG464SKEMQN2NP2LGATGEGS/
Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if...
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the...
SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field. Date published : 2020-08-11 https://www.sevenlayers.com/index.php/364-soplanning-v1-46-01-xss-session-hijack https://www.soplanning.org
content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields[‘name’] to appendSubheading. Date published : 2020-08-11 https://github.com/symphonycms/symphonycms/issues/2917