Weekly Vulnerabilities Reports > February 3 to 9, 2020

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device.

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side.

D-Link DIR-100 4.03B07: cli.cgi CSRF

D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters

Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page.

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.

A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device.

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone.

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera.

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow.

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow.

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.

Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.

Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges.

Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server.

An issue was discovered in OpServices OpMon 9.3.2.

pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service.

The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request.

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.

Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server.

A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact.

opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities

The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.

opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities

An issue was discovered in EyesOfNetwork 5.3.

An issue was discovered in Simplejobscript.com SJS through 1.66.

A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file.

The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php.

The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass.

An issue was discovered in OpServices OpMon 9.3.2.

RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.

SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function.

PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.

Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endpoint.

dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control.

TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature.

GitLab EE 8.9 and later through 12.7.2 has Insecure Permission

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument.

network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument.

An issue was discovered in Squid before 4.10.

Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page

IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.

ZPanel 10.0.1 has insufficient entropy for its password reset process.

There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4.

eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature).

eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request.

phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.

An issue was discovered in phpABook 0.9 Intermediate.

nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled.

An issue was discovered in Squid before 4.10.

The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace.

A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15).

Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130

Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Possibility of use-after-free and double free because of not marking buffer as NULL after freeing can lead to dangling pointer access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130

Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607

Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HLOS memory which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MSM8953, QCN7605, QCS605, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDX20, SDX24, SDX55, SM8150, SXR1130

Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM439, SDX24

Out of bound access due to access of uninitialized memory segment in an array of pointers while normal camera open close in Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SDM439, SDM630, SDM636, SDM660, SDX24

APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130

There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing commands could allow unintended GPU opcodes to be executed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process.

mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool.

On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations.

It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root.

IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client.

In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions.

Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity.

Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723.

CSRF vulnerability in Smoothwall Express 3.

A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.

A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages.

WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution

Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to parameterize housekeeping jobs in a way that exhausts system resources and results in a denial of service.

A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized.

A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated.

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.

Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.

The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF.

Batavi before 1.0 has CSRF.

An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase.

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.

Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters.

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process.

Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter.

Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php.

A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects.

ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution

Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability

vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability

SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.

A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.

OpenVAS Manager v2.0.3 allows plugin remote code execution.

Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.

A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.

Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to BlueimpController.php; the (2) dzchunkindex, (3) dzuuid, or (4) filename parameter to DropzoneController.php; the (5) qqpartindex, (6) qqfilename, or (7) qquuid parameter to FineUploaderController.php; the (8) x-file-id or (9) x-file-name parameter to MooUploadController.php; or the (10) name or (11) chunk parameter to PluploadController.php.

IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity.

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway.

Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.

An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets.

An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets.

A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.

D-Link DIR-100 4.03B07: cli.cgi XSS

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed.

On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made.

MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability

Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.

The external frontend system uses numerous background calls to the backend.

A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.

A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login.

Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor.

A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs.

an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06

The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet.

A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server.

statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks.

Cisco ACE A2(3.6) allows log retention DoS.

LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate.

LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny.

The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.

Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information.

An issue was discovered in EyesOfNetwork 5.3.

Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations.

A vulnerability exists in Arctic Torrent 1.4 via unspecified vectors in .torrent file handling, which could let a malicious user cause a Denial of Service.

Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.

On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart.

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability.

The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability.

Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information.

A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message.

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.

An issue was discovered in GitLab EE 11.3 and later.

The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics.

The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics.

GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.

GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.

GitLab EE 10.1 through 12.7.2 allows Information Disclosure.

GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).

GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.

GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.

GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.

Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.

Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.

An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option.

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information.

An issue was discovered in Squid before 4.10.

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.

A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections.

IBM Security Directory Server 6.4.0 stores sensitive information in URLs.

IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.

IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points.

IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view private IP addresses and other sensitive information.

webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").

Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.

Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.

Joomla! 1.7.1 has core information disclosure due to inadequate error checking.

Joomla! core 1.7.1 allows information disclosure due to weak encryption

SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests.

SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database.

A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information.

Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers.

Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords.

TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability.

Global.py in AIL framework 2.8 allows path traversal.

TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php.

Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request.

The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.

Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.

During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating message buffer with physical address information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Using memory after being freed in qsee due to wrong implementation can lead to unexpected behavior such as execution of unknown code in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150, SXR1130

When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.

Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.

Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access.

TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations.

The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.

The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability.

Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action.

Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search.

Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php.

The Fujitsu TLS library allows a man-in-the-middle attack.

Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter.

A cross-site scripting (XSS) vulnerability in Smoothwall Express 3.

D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability.

A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script.

Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter.

WordPress Super Cache Plugin 1.3 has XSS.

Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions.

The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack.

The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions.

The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions.

coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.

coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.

Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.

Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site.

Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability.

Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities.

bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter.

Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.

Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access.

PHPShop through 0.8.1 has XSS.

Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.

The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.

PmWiki before 2.2.21 has XSS.

Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information.

GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.

GitLab through 12.7.2 allows XSS.

GitLab EE 11.0 and later through 12.7.2 allows XSS.

GitLab EE 8.9 and later through 12.7.2 has Insecure Permission

A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi.

IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim.

SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability.

Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.

Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.

massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true).

The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing.

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation.

Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.

Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "f_email" parameter in index.php.

Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the "selected_theme" parameter in error.php.

The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses.

Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php.

ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.

File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.

An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext.

An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders.

A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server.

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability.

Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.

GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation.

A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.

A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.

Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.

Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.

Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.

Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature.

Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g.

Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle.

IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system.

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.

A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past.

Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter.

Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php.

Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS.

ProjectPier 0.8.8 does not use the Secure flag for cookies

ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag

ProjectPier 0.8.8 has stored XSS

Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability.

A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API.

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected device.

A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.

Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location.

Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files.

A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.

IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting.

PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components.

Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service.

A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.

An issue was discovered on Broadcom Wi-Fi client devices.

IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies.

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).

An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002.

nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).

In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.

Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries.

IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links.

An issue was discovered in PRTG 7.x through 19.4.53.

Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.