Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

CVE-2020-24394: #962254 - NFSv4.2: umask not applied on filesystem without ACL support

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

CVE
Open in Source
#ios#mac#microsoft#amazon#ubuntu#linux#debian#js#git#intel#php#perl#samba#lenovo#amd#bios#buffer_overflow#asus#acer#samsung#auth#ibm#dell#rpm#wifi#ssl
CVE-2020-1597

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

CVE-2020-1378

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka 'Windows Registry Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1377.

CVE-2020-1377

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka 'Windows Registry Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1378.

CVE-2020-8233: Ubiquiti - Simplifying IT

A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.

Control Flow Guard for Clang/LLVM and Rust

As part of our ongoing efforts towards safer systems programming, we’re pleased to announce that Windows Control Flow Guard (CFG) support is now available in the Clang C/C++ compiler and Rust. What is Control Flow Guard? What is Control Flow Guard? CFG is a platform security technology designed to enforce control flow integrity.

CVE-2020-17496: Remote Code Execution 0day in vBulletin 5.x

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.

CVE-2020-16170: Call an Exorcist! My Robot’s Possessed!

Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors.

CVE-2020-13174

The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking.