вторник, 8 юни 2021 г.

Weekly Digest: a new vulnerability is published on the National Vulnerability Database (62 items)

New vulnerabilities from the NVD: CVE-2020-19596

Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username.
Published at: April 06, 2021 at 12:15AM
View on website

April 06, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19595

Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a crafted username.
Published at: April 06, 2021 at 12:15AM
View on website

April 06, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-17453

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
Published at: April 06, 2021 at 01:15AM
View on website

April 06, 2021 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25026

Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.
Published at: April 06, 2021 at 11:15AM
View on website

April 06, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23533

Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.
Published at: April 06, 2021 at 07:15PM
View on website

April 06, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13422

OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.
Published at: April 07, 2021 at 12:15AM
View on website

April 07, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13421

OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.
Published at: April 07, 2021 at 12:15AM
View on website

April 07, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13420

OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.
Published at: April 07, 2021 at 12:15AM
View on website

April 07, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13419

OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.
Published at: April 07, 2021 at 12:15AM
View on website

April 07, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13418

OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.
Published at: April 07, 2021 at 12:15AM
View on website

April 07, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11255

Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables
Published at: April 07, 2021 at 11:15AM
View on website

April 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11252

Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Published at: April 07, 2021 at 11:15AM
View on website

April 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11251

Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Published at: April 07, 2021 at 11:15AM
View on website

April 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11247

Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Published at: April 07, 2021 at 11:15AM
View on website

April 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11246

A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Published at: April 07, 2021 at 11:15AM
View on website

April 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11245

Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Published at: April 07, 2021 at 11:15AM
View on website

April 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11243

RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
Published at: April 07, 2021 at 11:15AM
View on website

April 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11242

User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents in Snapdragon Industrial IOT, Snapdragon Mobile
Published at: April 07, 2021 at 11:15AM
View on website

April 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11237

Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
Published at: April 07, 2021 at 11:15AM
View on website

April 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11236

Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
Published at: April 07, 2021 at 11:15AM
View on website

April 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11234

When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Published at: April 07, 2021 at 11:15AM
View on website

April 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11231

Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Published at: April 07, 2021 at 11:15AM
View on website

April 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11210

Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Published at: April 07, 2021 at 11:15AM
View on website

April 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11191

Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Published at: April 07, 2021 at 11:15AM
View on website

April 07, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-1055

The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.
Published at: April 07, 2021 at 11:15PM
View on website

April 08, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-1054

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.
Published at: April 07, 2021 at 11:15PM
View on website

April 08, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23426

zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.
Published at: April 08, 2021 at 06:15PM
View on website

April 08, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23539

An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message.
Published at: April 08, 2021 at 08:15PM
View on website

April 08, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14104

A RACE CONDITION on XQBACKUP causes a decompression path error on Xiaomi router AX3600 with ROM version =1.0.50.
Published at: April 08, 2021 at 09:15PM
View on website

April 08, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14099

On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password.
Published at: April 08, 2021 at 09:15PM
View on website

April 08, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14106

The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26.
Published at: April 09, 2021 at 12:15AM
View on website

April 09, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14103

The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.
Published at: April 09, 2021 at 12:15AM
View on website

April 09, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21883

Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.
Published at: April 09, 2021 at 04:15PM
View on website

April 09, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8188

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8187

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8186

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8185

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8184

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8183

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8182

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8181

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8180

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8179

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8178

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8177

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8176

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8175

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8174

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8173

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8172

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8171

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8170

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8169

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8168

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8167

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8166

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8165

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8164

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8163

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8162

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-8161

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
Published at: April 09, 2021 at 08:15PM
View on website

April 09, 2021 at 09:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-20001

In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation.
Published at: April 11, 2021 at 11:15PM
View on website

April 12, 2021 at 01:36AM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар