Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-18169: CVE_Assessment_04_2019/Snagit_Report.pdf at master · GitHubAssessments/CVE_Assessment_04_2019

** DISPUTED ** A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details.

CVE

Related news

CVE-2021-33023: Advantech WebAccess | CISA

Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.

CVE-2021-38389: Advantech WebAccess | CISA

Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.

CVE-2021-39304: Security Advisories | Proofpoint US

Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.

CVE-2021-34814: Security Advisories | Proofpoint US

Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass.

CVE-2021-32028: 1956877 – (CVE-2021-32028) CVE-2021-32028 postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

CVE-2021-32029: PostgreSQL: CVE-2021-32029: Memory disclosure in partitioned-table UPDATE ... RETURNING

A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

CVE-2021-25476: Samsung Mobile Security

An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.

CVE-2021-35199: Security Advisories | NETSCOUT

NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile.

CVE-2021-35205: Security Advisories | NETSCOUT

NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.

CVE-2021-35203: Security Advisories | NETSCOUT

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.

CVE-2021-35198: Security Advisories | NETSCOUT

NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module.

CVE-2021-35204: Security Advisories | NETSCOUT

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint.

CVE-2021-35202: Security Advisories | NETSCOUT

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService.

CVE-2021-35200: Security Advisories | NETSCOUT

NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService.

WordPress Advanced Order Export For WooCommerce 3.1.7 Cross Site Scripting

WordPress Advanced Order Export For WooCommerce plugin version 3.1.7 suffers from a cross site scripting vulnerability.

CVE-2020-12083: CVE-2020-12083 Remediated in Code Insight

An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).

CVE-2020-12082: CVE-2020-12082 Remediated in Code Insight

A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).

CVE-2021-38408: Advantech WebAccess | CISA

A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.

CVE-2021-32947: FATEK Automation FvDesigner | CISA

FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

CVE-2020-12002: Advantech WebAccess Node | CISA

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.

CVE-2017-3085: Adobe Security Bulletin

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

CVE-2017-3080: Adobe Security Bulletin

Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907