In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output. Date published : 2020-11-05 https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES https://security.gentoo.org/glsa/202011-10
A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Notes”...
An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the...
A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing...
Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information. Date...
A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel’s Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote...
A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to...
Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user’s session by sending a malicious file in the chat. Date published : 2020-11-05 https://github.com/h3llraiser/CVE-2020-25399
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality. Date published : 2020-11-05 https://github.com/h3llraiser/CVE-2020-25398
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution...
Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security impact is minimal, a defense-in-depth fix has...
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak. Exploitation of this issue requires user...
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution...
Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure....