Gentoo Linux Security Advisory 202007-49 - NSS has an information disclosure vulnerability when handling DSA keys. Versions less than 3.52.1 are affected.
4a852924b4ae34fc98fa7071801bc91eGentoo Linux Security Advisory 202007-16 - Multiple vulnerabilities have been found in cURL, the worst of which could result in information disclosure or data loss. Versions less than 7.71.0 are affected.
2e1310847f34cc20dbac1a05a0e4e89bWordPress Email Subscribers and Newsletters plugin versions 4.2.2 and below suffer from a file download vulnerability.
4c2e2ffb4bdd987513ecff071860aaadSeveral security issues have been identified in the VMware ESIx virtual machine monitor (VMM). A use-after-free (UAF) vulnerability in PVNVRAM, a missing return value check in EHCI USB controller leading to private heap information disclosure, and several out-of-bounds reads.
d2417f8af8ebed99ebd6fdfff7a2c153Webtareas versions 2.1 and 2.1p suffer from unauthenticated file uploads that allow for remote code execution and expose directory listings.
411b5ebef9a23a0632621a466851bcb3Ubuntu Security Notice 4407-1 - It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. It was discovered that an information disclosure vulnerability existed in LibVNCServer when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. Various other issues were also addressed.
ab2befd375e9d3e5fb9cb009d5446e52Gentoo Linux Security Advisory 202006-1 - An information disclosure vulnerability in GnuTLS allow remote attackers to obtain sensitive information. Versions less than 3.6.14 are affected.
6846b303f654b57b93a753ac75da510fCastel NextGen DVR version 1.0.0 suffers from authorization bypass, credential disclosure, and cross site request forgery vulnerabilities.
aa89a93b4527459f2ae2ef8eb52607afNeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from an arbitrary file download vulnerability.
e762859b96e7391cb7c4d0f1d5bc1371Joomla XCloner Backup version 3.5.3 suffers from a local file disclosure vulnerability.
66b5261ea7ccf14e1684d338e34e4975webERP version 4.15.1 suffers from an unauthenticated backup file disclosure vulnerability.
c046b257ecfc8a77adb0160b4cf0e185Ubuntu Security Notice 4349-1 - A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. A buffer overflow was discovered in BlockIo service. An unauthenticated user could potentially enable escalation of privilege, information disclosure and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. Various other issues were also addressed.
f5b3739ba7435473ac014a588c4080a5File Explorer version 1.4 for iOS suffers from an information disclosure vulnerability.
83b0a4ee978a1cc4ed42917bc32a23a3Netis E1+ version 1.2.32533 suffers from an unauthenticated wifi password disclosure vulnerability.
37d000d068348c3de171961a0e429488Edimax EW-7438RPn suffers from an information disclosure vulnerability.
e3c873185770ad98a312b8c27a03ed7cThe Swift File Transfer mobile application for ios, blackberry and android suffers from cross site scripting and information disclosure vulnerabilities.
6fd632a2b00ac6e346ea8245a8726339MicroStrategy Intelligence Server and Web version 10.4 suffers from remote code execution, cross site scripting, server-side request forgery, and information disclosure vulnerabilities.
d7196c7b2e9d5315f3c161ae1a25fb32HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a local physical access information disclosure vulnerability.
255ed9d1368d7aa40e9fa99b81e489f7Broadcom Wi-Fi device KR00K information disclosure proof of concept exploit. It works on WPA2 AES CCMP with Frequency 2.4GHz WLANs.
98b594cbe4b6ceea6d1932367e850f97Citrix Gateway versions 11.1, 12.0, and 12.1 suffer from an information disclosure vulnerability.
d5d012e0d06c1a3aa0e4cd4c44123f39ManageEngine EventLog Analyzer version 10.0 suffers from an information disclosure vulnerability.
e96d634969087160cfe99473c472b296The Citytv Video Android and iOS applications send potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to third party sites (Adobe Experience Cloud, ScorecardResearch). Citytv Video Android versions 4.08.0 and below and iOS versions 3.36 and below are affected.
a4c54d68932b6a368bcb9f373ccb7b24The Global TV Android and iOS applications send potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to both first (CNAME to third) and third party sites (Adobe Experience Cloud, ScorecardResearch). Global TV Android versions 2.3.2 and below and iOS versions 4.7.5 and below are affected.
53b85b11c7e2c82b9010d72677aa5e0dDebian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
01708b9f6807865189e459e77166ada4SmartClient version 120 suffers from information disclosure, local file inclusion, remote file upload, and XML external entity injection vulnerabilities.
57f8471ef038330e69a08ce5bd6f84a5
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed