Weekly Digest: a new vulnerability is published on the National Vulnerability Database (64 items)

New vulnerabilities from the NVD: CVE-2020-36434 An issue was discovered in the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can trigger a double free. Published at: August 08, 2021 at 09:15AM View on website August 08, 2021 at 01:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-36433 An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement. Published at: August 08, 2021 at 09:15AM View on website August 08, 2021 at 01:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-36432 An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new(). Published at: August 08, 2021 at 09:15AM View on website August 08, 2021 at 01:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17865 ** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17862 ** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-17861 ** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-7731 SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-2074 The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-2073 The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-9320 SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-6276 ** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models. Published at: August 09, 2021 at 09:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-4718 Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-4717 Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm. Published at: August 09, 2021 at 10:15PM View on website August 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-24742 An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. Published at: August 10, 2021 at 01:15AM View on website August 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-24741 An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where QLibrary attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. Published at: August 10, 2021 at 01:15AM View on website August 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-23151 rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped. Published at: August 10, 2021 at 02:15AM View on website August 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-23150 A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php. Published at: August 10, 2021 at 02:15AM View on website August 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-23149 The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information. Published at: August 10, 2021 at 02:15AM View on website August 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-23148 The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request. Published at: August 10, 2021 at 02:15AM View on website August 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-28397 A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once. Published at: August 10, 2021 at 02:15PM View on website August 10, 2021 at 03:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-25082 An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy. Published at: August 10, 2021 at 08:15PM View on website August 10, 2021 at 09:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-23172 A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives. Published at: August 10, 2021 at 08:15PM View on website August 10, 2021 at 09:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-23171 A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file. Published at: August 10, 2021 at 08:15PM View on website August 10, 2021 at 09:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21697 A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21690 A memory leak in the grow_array function in cmdutils.c og Ffmpeg 4.2 allows attackers to cause a denial of service (DOS) via a crafted ogg file. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21688 A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21684 A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21683 A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21682 A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21681 A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21680 A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21678 A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21677 A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21676 A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21675 A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. Published at: August 11, 2021 at 12:15AM View on website August 11, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21930 A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. Published at: August 11, 2021 at 01:15AM View on website August 11, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21929 A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. Published at: August 11, 2021 at 01:15AM View on website August 11, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-25052 In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. Published at: August 11, 2021 at 06:15PM View on website August 11, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21363 An arbitrary file deletion vulnerability exists within Maccms10. Published at: August 12, 2021 at 12:15AM View on website August 12, 2021 at 01:34AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21362 A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter. Published at: August 12, 2021 at 12:15AM View on website August 12, 2021 at 01:34AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21359 An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name. Published at: August 12, 2021 at 12:15AM View on website August 12, 2021 at 01:34AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-16632 In SapphireIMS 4097_1, the password in the database is stored in Base64 format. Published at: August 12, 2021 at 12:15AM View on website August 12, 2021 at 01:34AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-16631 In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality. Published at: August 12, 2021 at 12:15AM View on website August 12, 2021 at 01:34AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-16630 In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function. Published at: August 12, 2021 at 12:15AM View on website August 12, 2021 at 01:34AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-16629 In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" - it gives an error "Authentication failed. Please login again." Published at: August 12, 2021 at 12:15AM View on website August 12, 2021 at 01:34AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-20981 A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information. Published at: August 12, 2021 at 06:15PM View on website August 12, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-20979 An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code. Published at: August 12, 2021 at 06:15PM View on website August 12, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-20977 A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section. Published at: August 12, 2021 at 06:15PM View on website August 12, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-20975 In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter. Published at: August 12, 2021 at 06:15PM View on website August 12, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18446 Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php. Published at: August 12, 2021 at 08:15PM View on website August 12, 2021 at 09:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18445 Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php. Published at: August 12, 2021 at 08:15PM View on website August 12, 2021 at 09:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18464 Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information. Published at: August 12, 2021 at 10:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18463 Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message. Published at: August 12, 2021 at 10:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18462 File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file. Published at: August 12, 2021 at 10:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18460 Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content. Published at: August 12, 2021 at 10:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18458 Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd. Published at: August 12, 2021 at 10:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18457 Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html. Published at: August 12, 2021 at 09:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18456 Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php. Published at: August 12, 2021 at 09:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18455 Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php. Published at: August 12, 2021 at 09:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18454 Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html. Published at: August 12, 2021 at 09:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18451 Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php. Published at: August 12, 2021 at 09:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18449 Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php Published at: August 12, 2021 at 09:15PM View on website August 12, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18754 An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100. Published at: August 13, 2021 at 08:15PM View on website August 13, 2021 at 09:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18753 An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet. Published at: August 13, 2021 at 08:15PM View on website August 13, 2021 at 09:33PM via National Vulnerability Database