acer - Page 46 - Security Headlines - AI Powered Cyber Security News Aggregator

CVE-2020-11698: SensePost | Clash of the (spam)titan

An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server.

4 years ago

CVE

Open in Source

#sql #vulnerability #web #mac #git #php #rce #perl #vmware #acer #auth #postgres

CVE-2020-15020: Elementor Website Builder – More than Just a Page Builder

An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.

4 years ago

CVE

Open in Source

#sql #xss #vulnerability #web #ios #android #mac #windows #apple #google #js #git #wordpress #php #perl #acer #auth #chrome #webkit #firefox #sap #ssl

CVE-2020-14356: kernel NULL pointer dereference in __cgroup_bpf_run_filter_skb

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.

CVE-2020-24394: #962254 - NFSv4.2: umask not applied on filesystem without ACL support

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

4 years ago

CVE

Open in Source

#ios #mac #microsoft #amazon #ubuntu #linux #debian #js #git #intel #php #perl #samba #lenovo #amd #bios #buffer_overflow #asus #acer #samsung #auth #ibm #dell #rpm #wifi #ssl

CVE-2020-11946: Read me | OpManager Help

Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.

CVE-2020-8661

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.

4 years ago

CVE

Open in Source

#vulnerability #google #dos #git #acer

CVE-2013-4855: Exploiting SOHO Routers

D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.

5 years ago

CVE

Open in Source

#xss #vulnerability #web #ddos #dos #git #java #samba #botnet #buffer_overflow #acer #auth #wifi #ssl

CVE-2019-16294: Scintilla

SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.

5 years ago

CVE

Open in Source

#sql #web #mac #windows #apple #google #microsoft #ubuntu #linux #dos #apache #redis #js #git #java #intel #php #c++#rce #perl #samba #pdf #vmware #amd #acer #dell #ruby #rpm #firefox #sap #ssl

Attacking the VM Worker Process

In the past year we invested a lot of time making Hyper-V research more accessible to everyone. Our first blog post, “First Steps in Hyper-V Research”, describes the tools and setup for debugging the hypervisor and examines the interesting attack surfaces of the virtualization stack components. We then published “Fuzzing para-virtualized devices in Hyper-V”, which has been the focus of our friends at the Virtualization Security Team.

5 years ago

msrc-blog

Open in Source

#vulnerability #ios #mac #intel #c++#acer #ssl

CVE-2019-15218

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.

5 years ago

CVE

Open in Source

#ios #mac #windows #apple #linux #cisco #js #git #intel #c++#perl #samba #vmware #lenovo #amd #bios #buffer_overflow #acer #huawei #auth #ibm #dell #chrome

Tag

#acer