понеделник, 31 май 2021 г.

Weekly Digest: a new vulnerability is published on the National Vulnerability Database (47 items)

New vulnerabilities from the NVD: CVE-2020-1725

A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.
Published at: January 28, 2021 at 10:15PM
View on website

February 01, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-1723

The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages. This vulnerability could be used in phishing attacks. Versions shipped with Red Hat Mobile Aplication Platform 4 are believed to be vulnerable.
Published at: January 28, 2021 at 10:15PM
View on website

February 01, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15836

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root.
Published at: February 01, 2021 at 04:15AM
View on website

February 01, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15835

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.
Published at: February 01, 2021 at 04:15AM
View on website

February 01, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15834

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface.
Published at: February 01, 2021 at 04:15AM
View on website

February 01, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15833

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner.
Published at: February 01, 2021 at 04:15AM
View on website

February 01, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15832

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device.
Published at: February 01, 2021 at 04:15AM
View on website

February 01, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13860

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password.
Published at: February 01, 2021 at 04:15AM
View on website

February 01, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13859

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature.
Published at: February 01, 2021 at 04:15AM
View on website

February 01, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13858

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations.
Published at: February 01, 2021 at 04:15AM
View on website

February 01, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13857

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request.
Published at: February 01, 2021 at 04:15AM
View on website

February 01, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13856

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes.
Published at: February 01, 2021 at 04:15AM
View on website

February 01, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13564

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template acl_id parameter.
Published at: February 01, 2021 at 06:15PM
View on website

February 01, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13563

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template group_id parameter.
Published at: February 01, 2021 at 06:15PM
View on website

February 01, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13562

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter.
Published at: February 01, 2021 at 06:15PM
View on website

February 01, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20473

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device.
Published at: February 01, 2021 at 11:15PM
View on website

February 02, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20471

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470.
Published at: February 01, 2021 at 11:15PM
View on website

February 02, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20470

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,<password>,call,<mobile_number> triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471.
Published at: February 01, 2021 at 11:15PM
View on website

February 02, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20468

An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS.
Published at: February 01, 2021 at 11:15PM
View on website

February 02, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14192

Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4.
Published at: February 02, 2021 at 02:15AM
View on website

February 02, 2021 at 04:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-1896

A stack overflow vulnerability in Facebook Hermes ‘builtin apply’ prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
Published at: February 02, 2021 at 09:15AM
View on website

February 02, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18568

The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution.
Published at: February 02, 2021 at 04:15PM
View on website

February 02, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15097

loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. All messages are stored in an elasticsearch index. In loklak less than or equal to commit 5f48476, a path traversal vulnerability exists. Insufficient input validation in the APIs exposed by the loklak server allowed a directory traversal vulnerability. Any admin configuration and files readable by the app available on the hosted file system can be retrieved by the attacker. Furthermore, user-controlled content could be written to any admin config and files readable by the application. This has been patched in commit 50dd692. Users will need to upgrade their hosted instances of loklak to not be vulnerable to this exploit.
Published at: February 02, 2021 at 08:15PM
View on website

February 02, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25018

In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
Published at: February 02, 2021 at 08:15PM
View on website

February 02, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25017

An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and CVE-2019-7283. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
Published at: February 02, 2021 at 08:15PM
View on website

February 02, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14255

HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.
Published at: February 02, 2021 at 10:15PM
View on website

February 02, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14221

HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.
Published at: February 02, 2021 at 10:15PM
View on website

February 02, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-17516

Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.
Published at: February 03, 2021 at 07:15PM
View on website

February 03, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-16268

Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.
Published at: February 03, 2021 at 08:15PM
View on website

February 03, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14247

HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.
Published at: February 04, 2021 at 09:15AM
View on website

February 04, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14246

HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials.
Published at: February 04, 2021 at 09:15AM
View on website

February 04, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14245

HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources.
Published at: February 04, 2021 at 09:15AM
View on website

February 04, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13586

A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Published at: February 04, 2021 at 09:15AM
View on website

February 04, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13580

An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a 16-bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt memory. This can allow an attacker to earn code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.
Published at: February 04, 2021 at 09:15AM
View on website

February 04, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13579

An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.
Published at: February 04, 2021 at 09:15AM
View on website

February 04, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10539

An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password's MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user (aka a "Backdoor Password" of 3p1kursupport). If the submitted password matches either one, access is granted.
Published at: February 05, 2021 at 04:15PM
View on website

February 05, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10538

An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack.
Published at: February 05, 2021 at 04:15PM
View on website

February 05, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10537

An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration is running on TCP port 4848. No password is required to access it with the administrator account.
Published at: February 05, 2021 at 04:15PM
View on website

February 05, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12122

In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)
Published at: February 05, 2021 at 10:15PM
View on website

February 05, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10858

Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.
Published at: February 05, 2021 at 10:15PM
View on website

February 05, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10857

Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.
Published at: February 05, 2021 at 10:15PM
View on website

February 05, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10554

An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM.
Published at: February 05, 2021 at 10:15PM
View on website

February 05, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10553

An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify that file.
Published at: February 05, 2021 at 10:15PM
View on website

February 05, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10552

An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well.
Published at: February 05, 2021 at 10:15PM
View on website

February 05, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10375

An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product.
Published at: February 05, 2021 at 10:15PM
View on website

February 05, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10234

The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \DosDevices\AscRegistryFilter and \Device\AscRegistryFilter are affected.
Published at: February 05, 2021 at 09:15PM
View on website

February 05, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11836

OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing� or “adb shell getprop ro.vendor.aee.enforcing� return no.
Published at: February 06, 2021 at 02:15AM
View on website

February 06, 2021 at 03:36AM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар