Security
Headlines
HeadlinesLatestCVEs

Tag

#google

CVE-2019-19034: AssetExplorer ITAM Solution ServicePacks Readme

Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges.

CVE
#sql#xss#csrf#vulnerability#web#ios#android#mac#windows#google#microsoft#ubuntu#linux#debian#cisco#red_hat#dos#redis#js#git#java#oracle#intel#rce#perl#ldap#samba#ssrf#pdf#vmware#log4j#bios#buffer_overflow#oauth#auth#ssh#telnet#dell#postgres#chrome#firefox#sap#ssl
CVE-2020-6425: Debian -- Security Information -- DSA-4645-1 chromium

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.

CVE-2020-6420: Stable Channel Update for Desktop

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

CVE-2020-10675: infinite loop in Delete · Issue #188 · buger/jsonparser

The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.

CVE-2019-12921: GraphicsMagick Image Processing System

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.

CVE-2020-7982: Commits · openwrt/openwrt

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).

CVE-2020-8436: RegistrationMagic – Custom Registration Forms, User Registration and User Login Plugin

XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter.

CVE-2020-0041: Android Security Bulletin—March 2020  |  Android Open Source Project

In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel

CVE-2020-0034: Android Security Bulletin—March 2020  |  Android Open Source Project

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770

CVE-2020-9440: CKEditor 4.14 with Paste from LibreOffice released

A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor.