A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface...
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is...
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due...
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker...
A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is...
A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in...
A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of...
peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Date published : 2020-09-22 https://github.com/jgm/peg-markdown/issues/43
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http:///lms/index.php?page=books. Date published : 2020-09-22 http://simple.com https://github.com/Ko-kn3t/CVE-2020-25515
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http:///lms/admin.php. Date published : 2020-09-22 http://simple.com https://github.com/Ko-kn3t/CVE-2020-25514
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. Date published : 2020-09-22 http://phpgurukul.com https://github.com/Ko-kn3t/CVE-2020-25487
In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource. Date published : 2020-09-22 https://shotcut.org/blog/new-release-200913/ https://github.com/mltframework/shotcut/commit/f008adc039642307f6ee3378d378cdb842e52c1d
A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP...
Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API Date published : 2020-09-22 Verint: Unauthenticated Information Disclosure via API Home