opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack.
Published at: October 26, 2020 at 02:15PM
View on website
Etiqueta: hack
New vulnerability on the NVD: CVE-2020-13100
Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.
Published at: October 26, 2020 at 11:15AM
View on website
New vulnerability on the NVD: CVE-2018-8062
A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service.
Published at: October 23, 2020 at 01:15AM
View on website
New vulnerability on the NVD: CVE-2019-14711
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.
Published at: October 23, 2020 at 01:15AM
View on website
New vulnerability on the NVD: CVE-2019-14712
Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation.
Published at: October 23, 2020 at 01:15AM
View on website
Educ Arte Económico 