вторник, 18 май 2021 г.

Weekly Digest: a new vulnerability is published on the National Vulnerability Database (92 items)

New vulnerabilities from the NVD: CVE-2019-4563 (security_directory_server)

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624.
Published at: October 29, 2020 at 06:15PM
View on website

November 01, 2020 at 09:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4547 (security_directory_server)

IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.
Published at: October 29, 2020 at 06:15PM
View on website

November 01, 2020 at 09:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-18925

opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack.
Published at: October 26, 2020 at 08:15PM
View on website

November 01, 2020 at 10:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4563 (security_directory_server)

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624.
Published at: October 29, 2020 at 06:15PM
View on website

November 01, 2020 at 12:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4547 (security_directory_server)

IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.
Published at: October 29, 2020 at 06:15PM
View on website

November 01, 2020 at 12:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-18925

opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack.
Published at: October 26, 2020 at 08:15PM
View on website

November 01, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4563 (security_directory_server)

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624.
Published at: October 29, 2020 at 06:15PM
View on website

November 01, 2020 at 02:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4547 (security_directory_server)

IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.
Published at: October 29, 2020 at 06:15PM
View on website

November 01, 2020 at 02:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-22552

The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.
Published at: October 28, 2020 at 04:15PM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21266

Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability.
Published at: October 29, 2020 at 04:15PM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16263

Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins.
Published at: October 28, 2020 at 08:15PM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16262

Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation.
Published at: October 28, 2020 at 08:15PM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16261

Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access.
Published at: October 28, 2020 at 08:15PM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16260

Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation.
Published at: October 28, 2020 at 08:15PM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16259

Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user.
Published at: October 28, 2020 at 08:15PM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16258

Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials.
Published at: October 28, 2020 at 08:15PM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16257

Winston 1.5.4 devices are vulnerable to command injection via the API.
Published at: October 28, 2020 at 07:15PM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16256

The API on Winston 1.5.4 devices is vulnerable to CSRF.
Published at: October 28, 2020 at 08:15PM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15703

There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root.
Published at: October 31, 2020 at 06:15AM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15278

Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By abusing this exploit, it is possible to perform destructive actions within the guild the user has high privileges in. This exploit has been fixed in version 3.4.1. As a workaround, unloading the Mod module with unload mod or, disabling the massban command with command disable global massban can render this exploit not accessible. We still highly recommend updating to 3.4.1 to completely patch this issue.
Published at: October 28, 2020 at 07:15PM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15277

baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
Published at: October 30, 2020 at 08:15PM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15276

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
Published at: October 30, 2020 at 09:15PM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15273

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, subsite setting list, widget area edit, and feed list on the management screen. The issue was introduced in version 4.0.0. It is fixed in version 4.4.1.
Published at: October 30, 2020 at 09:15PM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14323

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.
Published at: October 29, 2020 at 10:15PM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11616

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure.
Published at: October 29, 2020 at 06:15AM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11615

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure.
Published at: October 29, 2020 at 06:15AM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11489

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information disclosure.
Published at: October 29, 2020 at 06:15AM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11488

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution.
Published at: October 29, 2020 at 06:15AM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11487

NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may lead to information disclosure.
Published at: October 29, 2020 at 06:15AM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11486

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution.
Published at: October 29, 2020 at 06:15AM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11485

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request, which can lead to information disclosure or code execution.
Published at: October 29, 2020 at 06:15AM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11484

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure.
Published at: October 29, 2020 at 06:15AM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11483

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information disclosure.
Published at: October 29, 2020 at 06:15AM
View on website

November 02, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11174

u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130
Published at: November 02, 2020 at 09:15AM
View on website

November 02, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11173

u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8053, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8953, Nicobar, QCA6390, QCS404, QCS405, QCS610, Rennell, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM632, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
Published at: November 02, 2020 at 09:15AM
View on website

November 02, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11172

u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack overflow' in Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA9531, QCA9980
Published at: November 02, 2020 at 09:15AM
View on website

November 02, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11169

u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55
Published at: November 02, 2020 at 09:15AM
View on website

November 02, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11164

u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8909W, MSM8917, MSM8940, Nicobar, QCA6390, QCM2150, QCS605, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429W, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Published at: November 02, 2020 at 09:15AM
View on website

November 02, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11162

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCA6390, QCM2150, QCS404, QCS405, QCS605, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
Published at: November 02, 2020 at 09:15AM
View on website

November 02, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11157

u'Lack of handling unexpected control messages while encryption was in progress can terminate the connection and thus leading to a DoS' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8076, MDM9640, MDM9650, MSM8905, MSM8917, MSM8937, MSM8940, MSM8953, QCA6174A, QCA9886, QCM2150, QM215, SDM429, SDM439, SDM450, SDM632
Published at: November 02, 2020 at 09:15AM
View on website

November 02, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11156

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in QCA6390, QCN7605, QCS404, SA415M, SA515M, SC8180X, SDX55, SM8250
Published at: November 02, 2020 at 09:15AM
View on website

November 02, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11155

u'Buffer overflow while processing PDU packet in bluetooth due to lack of check of buffer length before copying into it.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55
Published at: November 02, 2020 at 09:15AM
View on website

November 02, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11154

u'Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55
Published at: November 02, 2020 at 09:15AM
View on website

November 02, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11153

u'Out of bound memory access while processing GATT data received due to lack of check of pdu data length and leads to remote code execution' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8053, QCA6390, QCA9379, QCN7605, SC8180X, SDX55
Published at: November 02, 2020 at 09:15AM
View on website

November 02, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11141

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap configuration request received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, SA415M, SA515M, SC8180X, SDX55, SM8250
Published at: November 02, 2020 at 09:15AM
View on website

November 02, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11125

u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9150, MDM9607, MDM9650, MSM8905, MSM8917, MSM8953, Nicobar, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Published at: November 02, 2020 at 09:15AM
View on website

November 02, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11114

u'Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio range to cause a buffer overflow via a crafted Link Layer packet(Equivalent to CVE-2019-17060,CVE-2019-17061 and CVE-2019-17517 in Sweyntooth paper)' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in AR9344
Published at: November 02, 2020 at 09:15AM
View on website

November 02, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19956

The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.
Published at: November 02, 2020 at 06:15PM
View on website

November 02, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19955

The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.
Published at: November 02, 2020 at 06:15PM
View on website

November 02, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19954

The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.
Published at: November 02, 2020 at 06:15PM
View on website

November 02, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19952

If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.
Published at: November 02, 2020 at 06:15PM
View on website

November 02, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19951

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.
Published at: November 02, 2020 at 06:15PM
View on website

November 02, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19950

If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.
Published at: November 02, 2020 at 06:15PM
View on website

November 02, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10937

An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later versions, in particular go-ipfs 0.7, mitigate this.
Published at: November 02, 2020 at 11:15PM
View on website

November 03, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19025

In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.).
Published at: November 02, 2020 at 11:15PM
View on website

November 03, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-17932

JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running.
Published at: November 02, 2020 at 11:15PM
View on website

November 03, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4349

IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service. IBM X-Force ID: 161486
Published at: November 03, 2020 at 04:15PM
View on website

November 03, 2020 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-7356

Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.
Published at: November 04, 2020 at 10:15PM
View on website

November 04, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15949

Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover.
Published at: November 05, 2020 at 05:15PM
View on website

November 05, 2020 at 07:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14240

HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
Published at: November 05, 2020 at 07:15PM
View on website

November 05, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14222

HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).
Published at: November 05, 2020 at 07:15PM
View on website

November 05, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-1725

IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440.
Published at: November 05, 2020 at 07:15PM
View on website

November 05, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2007-6747

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2006-7251

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2005-4894

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2005-4893

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2005-4892

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2004-2775

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2004-2774

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2004-2773

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2004-2772

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2003-1602

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2003-1601

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2003-1600

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2002-2442

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2002-2441

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2002-2440

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2001-1592

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2001-1591

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2001-1590

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2001-1589

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2001-1588

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2000-1252

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2000-1251

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2000-1250

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2000-1249

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2000-1248

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-1999-1598

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-1999-1597

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-1999-1596

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-1999-1595

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-1999-1594

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: November 05, 2020 at 10:15PM
View on website

November 05, 2020 at 11:37PM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар