Security
Headlines
HeadlinesLatestCVEs

Tag

#google

CVE-2020-6415: 1029576 - chromium - An open-source project to help move the web forward.

Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE
#web#google#java
CVE-2020-6398: 1032090 - chromium - An open-source project to help move the web forward.

Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVE-2020-6400: 1038036 - chromium - An open-source project to help move the web forward.

Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

RHEA-2020:0283: Red Hat Enhancement Advisory: Red Hat OpenStack Platform 16.0 GA

Updated packages that fix several bugs and add various enhancements are now available for Red Hat OpenStack Platform 16.0 (Train) for RHEL 8.1.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2019-3866: An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information. * CVE-2019-19687: A disclosure vulnerability was found in openstack-keystone's credentials API. Users with a project role are able to list any credentials with the /v3/credentials API when enforce_scope is false. Information for time-based one time passwords (TOTP) may also be disclosed. Deploymen...

CVE-2020-8506: Global TV Android & iOS Applications - Unencrypted Analytics (CVE-2020-8506)

The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics.

CVE-2020-8507: Information Security & Privacy Advisories

The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics.

CVE-2013-7051: Offensive Security’s Exploit Database Archive

D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters

CVE-2016-2031: Full Disclosure: Aruba ArubaOS/Aruba Instant/AirWave Management

Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.

CVE-2020-6007: Philips Hue Support - Release Notes Hue Bridge | Philips Hue US

Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.

CVE-2020-7241: Exploiting-WP-Database-Backup-WordPress-Plugin/README.md at master · V1n1v131r4/Exploiting-WP-Database-Backup-WordPress-Plugin

The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.