сряда, 2 юни 2021 г.

Weekly Digest: a new vulnerability is published on the National Vulnerability Database (49 items)

New vulnerabilities from the NVD: CVE-2019-25019

LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.
Published at: February 14, 2021 at 06:15AM
View on website

February 14, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24899

Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query.
Published at: February 15, 2021 at 08:15PM
View on website

February 15, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-22427

NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into a request.
Published at: February 15, 2021 at 08:15PM
View on website

February 15, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-22425

Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.
Published at: February 15, 2021 at 08:15PM
View on website

February 15, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-1974

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
Published at: February 16, 2021 at 12:15AM
View on website

February 16, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-1973

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
Published at: February 16, 2021 at 12:15AM
View on website

February 16, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-1972

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
Published at: February 16, 2021 at 12:15AM
View on website

February 16, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-1970

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
Published at: February 16, 2021 at 12:15AM
View on website

February 16, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-1969

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
Published at: February 16, 2021 at 12:15AM
View on website

February 16, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-1966

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
Published at: February 16, 2021 at 12:15AM
View on website

February 16, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24841

PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Published at: February 16, 2021 at 03:15PM
View on website

February 16, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25340

An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS).
Published at: February 16, 2021 at 05:15PM
View on website

February 16, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11635

The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.
Published at: February 16, 2021 at 10:15PM
View on website

February 16, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-2502

This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later
Published at: February 17, 2021 at 06:15AM
View on website

February 17, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-2501

A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)
Published at: February 17, 2021 at 06:15AM
View on website

February 17, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12386

Out-of-bounds write in some Intel(R) Graphics Drivers before version 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12385

Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12384

Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12380

Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12377

Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12376

Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12375

Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12373

Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12372

Unchecked return value in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12371

Divide by zero in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12370

Untrusted pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12369

Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12368

Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable an escalation of privilege via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12367

Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow a privileged user to potentially enable an escalation of privilege via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12366

Insufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12364

Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12363

Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12362

Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12361

Use after free in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12339

Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0544

Insufficient control flow management in the kernel mode driver for some Intel(R) Graphics Drivers before version 15.36.39.5145 may allow an authenticated user to potentially enable escalation of privilege via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0525

Improper access control in firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0524

Improper default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0523

Improper access control in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may potentially allow a privileged user to enable a denial of service via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0522

Improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0521

Insufficient control flow management in some Intel(R) Graphics Drivers before version 15.45.32.5145 may allow an authenticated user to potentially enable escalation of privilege via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-0518

Improper access control in the Intel(R) HD Graphics Control Panel before version 15.40.46.5144 and 15.36.39.5143 may allow an authenticated user to potentially enable escalation of privilege via local access.
Published at: February 17, 2021 at 04:15PM
View on website

February 17, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12365

Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access.
Published at: February 17, 2021 at 05:15PM
View on website

February 17, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-18255

HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation.
Published at: February 18, 2021 at 05:15PM
View on website

February 18, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-18243

HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation.
Published at: February 18, 2021 at 07:15PM
View on website

February 18, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25024

OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.
Published at: February 19, 2021 at 06:15AM
View on website

February 19, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10254

An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.
Published at: February 19, 2021 at 09:15AM
View on website

February 19, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10252

An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.
Published at: February 19, 2021 at 09:15AM
View on website

February 19, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12374

Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.
Published at: February 19, 2021 at 06:15PM
View on website

February 19, 2021 at 07:36PM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар