![]() ![]() User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142602711 This could lead to remote code execution with no additional execution privileges needed. ![]() In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. Product: Android Versions: Android-10 Android ID: A-139683471 User interaction is not needed for exploitation. This could lead to local escalation of privilege with no additional execution privileges needed. In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal. This affects git-diff-apply all versions prior to 0.22.2. In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying server. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.Ĭisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated accessĭetermine - contract_lifecycle_managementĪn issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. For more information about these vulnerabilities, see the Details section of this advisory. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). ![]() This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life (EOL) status on April 1, 2015. CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |