Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2015-2802
PUBLISHED: 2020-02-04

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TL…

CVE-2019-10786
PUBLISHED: 2020-02-04

network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument.

CVE-2019-10787
PUBLISHED: 2020-02-04

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.

CVE-2019-10788
PUBLISHED: 2020-02-04

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function.

CVE-2019-12528
PUBLISHED: 2020-02-04

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users’ sessions or non-Squid processes.

View Original Source Article HERE