събота, 31 юли 2021 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (42 items)

New vulnerabilities from the NVD: CVE-2020-15078

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Published at: April 26, 2021 at 05:15PM
View on website

April 26, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-17517

The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users. This affected Apache Ozone prior to the 1.1.0 release. Improper Authorization vulnerability in __COMPONENT__ of Apache Ozone allows an attacker to __IMPACT__. This issue affects Apache Ozone Apache Ozone version 1.0.0 and prior versions.
Published at: April 27, 2021 at 12:15PM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25042

Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25041

Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25040

Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25039

Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25038

Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25037

Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25036

Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25035

Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25034

Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25033

Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25032

Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25031

Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-35542

Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack.
Published at: April 27, 2021 at 02:15PM
View on website

April 27, 2021 at 03:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-22001

HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution.
Published at: April 27, 2021 at 09:15PM
View on website

April 27, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-22000

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function.
Published at: April 27, 2021 at 09:15PM
View on website

April 27, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21998

In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
Published at: April 27, 2021 at 09:15PM
View on website

April 27, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21989

HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
Published at: April 27, 2021 at 09:15PM
View on website

April 27, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21987

HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session.
Published at: April 27, 2021 at 09:15PM
View on website

April 27, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-36326

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation.
Published at: April 28, 2021 at 06:15AM
View on website

April 28, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21996

AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario.
Published at: April 28, 2021 at 06:15PM
View on website

April 28, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21994

AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.
Published at: April 28, 2021 at 06:15PM
View on website

April 28, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21993

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.
Published at: April 28, 2021 at 06:15PM
View on website

April 28, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21991

AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials.
Published at: April 28, 2021 at 05:15PM
View on website

April 28, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18020

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component.
Published at: April 28, 2021 at 05:15PM
View on website

April 28, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18019

SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "mode_worcAction.php" component.
Published at: April 28, 2021 at 05:15PM
View on website

April 28, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18022

Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component.
Published at: April 28, 2021 at 07:15PM
View on website

April 28, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-17999

Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to execute arbitrary code by injecting commands via a crafted HTTP request to the component "/mc-admin/post-edit.php".
Published at: April 28, 2021 at 07:15PM
View on website

April 28, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21997

Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control.
Published at: April 29, 2021 at 06:15PM
View on website

April 29, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21995

Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system.
Published at: April 29, 2021 at 06:15PM
View on website

April 29, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21992

Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place.
Published at: April 29, 2021 at 06:15PM
View on website

April 29, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21990

Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.
Published at: April 29, 2021 at 05:15PM
View on website

April 29, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21452

An issue was discovered in uniview ISC2500-S. This is an upload vulnerability where an attacker can upload malicious code via /Interface/DevManage/EC.php?cmd=upload
Published at: April 29, 2021 at 08:15PM
View on website

April 29, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21101

Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the 'Add Asset' page via manipulation of a 'URL' field, which could let a remote malicious user execute arbitrary code.
Published at: April 29, 2021 at 08:15PM
View on website

April 29, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18032

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.
Published at: April 29, 2021 at 09:15PM
View on website

April 29, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15225

django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a `MaxValueValidator` with a a default `limit_value` of 1e50 to the form field used by `NumberFilter` instances. In addition, `NumberFilter` implements the new `get_max_validator()` which should return a configured validator instance to customise the limit, or else `None` to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade.
Published at: April 30, 2021 at 12:15AM
View on website

April 30, 2021 at 01:37AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18035

Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java".
Published at: April 30, 2021 at 02:15AM
View on website

April 30, 2021 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18070

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php".
Published at: April 30, 2021 at 03:15AM
View on website

April 30, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-1721

A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
Published at: April 30, 2021 at 03:15PM
View on website

April 30, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15153

Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch.
Published at: April 30, 2021 at 07:15PM
View on website

April 30, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18084

Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in.
Published at: May 01, 2021 at 12:15AM
View on website

May 01, 2021 at 01:36AM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар