Microsoft Edge suffers from information disclosure and remote code execution vulnerabilities. Affected builds include 85.0.564.83, 85.0.564.86, 85.0.564.70, 86.0.622.38, 86.0.622.43, 86.0.622.48, 86.0.622.51, and 86.0.622.56.
d1283aca7d57dba59274a53c8d4be7c8Gentoo Linux Security Advisory 202010-3 - An information disclosure vulnerability in libjpeg-turbo allow remote attackers to obtain sensitive information. Versions 2.0.4-r1 are affected.
c41e8764f72fbfba8fd43336c2c227d5MonoCMS Blog version 1.0 suffers from arbitrary file deletion, cross site request forgery, and information disclosure vulnerabilities.
858c4bad79460948ebff42b9ed1fd0cdIt appears that the corona virus Exposure Notifications API for iOS and Android may have a data leakage issue.
f3e9ce294b54d711be777bb3c9716ce7Ubuntu Security Notice 4547-1 - It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
9922e4b06254766557616cfff60d0f5aWordPress WP Courses plugin versions 2.0.29 and below suffer from an issue that allows an unauthenticated attacker the ability to ex-filtrate all the content of courses through the WordPress REST API.
44b651d956b8e89fb868cb5ebd9d676cB-swiss 3 Digital Signage System version 3.6.5 is vulnerable to an unauthenticated database download and information disclosure vulnerability. This can enable the attacker to disclose sensitive information resulting in authentication bypass, session hijacking and full system control.
1175b32ecdd1ad1b9b42a4c5bc9c5d4cGentoo Linux Security Advisory 202009-8 - An information disclosure vulnerability in GNOME Shell might allow local attackers to obtain sensitive information. Versions less than 3.34.5-r1 are affected.
309e5318135523eb52d41ec01f1dfaceTiandy IPC and NVR version 9.12.7 suffer from a credential disclosure vulnerability.
31af0e01d3411bff4073c4969fab0aa5As of 2020/09/01, all versions of Bagisto appear to leak database and email server credentials in the document root.
7fc061d5cf8581a756c5a61f9a15896fGentoo Linux Security Advisory 202008-8 - NSS has multiple information disclosure vulnerabilities when handling secret key material. Versions less than 3.55 are affected.
2a9415ebd0e6d2b85bb1b35bfa6528d5Gentoo Linux Security Advisory 202007-49 - NSS has an information disclosure vulnerability when handling DSA keys. Versions less than 3.52.1 are affected.
4a852924b4ae34fc98fa7071801bc91eGentoo Linux Security Advisory 202007-16 - Multiple vulnerabilities have been found in cURL, the worst of which could result in information disclosure or data loss. Versions less than 7.71.0 are affected.
2e1310847f34cc20dbac1a05a0e4e89bWordPress Email Subscribers and Newsletters plugin versions 4.2.2 and below suffer from a file download vulnerability.
4c2e2ffb4bdd987513ecff071860aaadSeveral security issues have been identified in the VMware ESIx virtual machine monitor (VMM). A use-after-free (UAF) vulnerability in PVNVRAM, a missing return value check in EHCI USB controller leading to private heap information disclosure, and several out-of-bounds reads.
d2417f8af8ebed99ebd6fdfff7a2c153Webtareas versions 2.1 and 2.1p suffer from unauthenticated file uploads that allow for remote code execution and expose directory listings.
411b5ebef9a23a0632621a466851bcb3Ubuntu Security Notice 4407-1 - It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. It was discovered that an information disclosure vulnerability existed in LibVNCServer when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. Various other issues were also addressed.
ab2befd375e9d3e5fb9cb009d5446e52Gentoo Linux Security Advisory 202006-1 - An information disclosure vulnerability in GnuTLS allow remote attackers to obtain sensitive information. Versions less than 3.6.14 are affected.
6846b303f654b57b93a753ac75da510fCastel NextGen DVR version 1.0.0 suffers from authorization bypass, credential disclosure, and cross site request forgery vulnerabilities.
aa89a93b4527459f2ae2ef8eb52607afNeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from an arbitrary file download vulnerability.
e762859b96e7391cb7c4d0f1d5bc1371Joomla XCloner Backup version 3.5.3 suffers from a local file disclosure vulnerability.
66b5261ea7ccf14e1684d338e34e4975webERP version 4.15.1 suffers from an unauthenticated backup file disclosure vulnerability.
c046b257ecfc8a77adb0160b4cf0e185Ubuntu Security Notice 4349-1 - A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. A buffer overflow was discovered in BlockIo service. An unauthenticated user could potentially enable escalation of privilege, information disclosure and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. Various other issues were also addressed.
f5b3739ba7435473ac014a588c4080a5File Explorer version 1.4 for iOS suffers from an information disclosure vulnerability.
83b0a4ee978a1cc4ed42917bc32a23a3Netis E1+ version 1.2.32533 suffers from an unauthenticated wifi password disclosure vulnerability.
37d000d068348c3de171961a0e429488
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed