CVE-2019-20378
ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.
Source: CVE-2019-20378
[월:] 2020년 01월
CVE-2020-6838
CVE-2020-6838
In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c.
Source: CVE-2020-6838
CVE-2020-6836
CVE-2020-6836
grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may allow attackers to run arbitrary commands on the server.
Source: CVE-2020-6836
CVE-2020-6377
CVE-2020-6377
Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: CVE-2020-6377
CVE-2019-13767
CVE-2019-13767
Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Source: CVE-2019-13767
CVE-2019-19475
CVE-2019-19475
An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in �Authenticated Users� group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system.
Source: CVE-2019-19475
CVE-2020-6835
CVE-2020-6835
An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking.
Source: CVE-2020-6835
CVE-2012-4603
CVE-2012-4603
Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver.
Source: CVE-2012-4603
CVE-2012-3821
CVE-2012-3821
A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field.
Source: CVE-2012-3821
CVE-2012-4284
CVE-2012-4284
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code
Source: CVE-2012-4284