четвъртък, 5 август 2021 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (29 items)

New vulnerabilities from the NVD: CVE-2020-10666

The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command.
Published at: May 31, 2021 at 03:15PM
View on website

May 31, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4730

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533.
Published at: June 01, 2021 at 05:15PM
View on website

June 01, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4724

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.
Published at: June 01, 2021 at 05:15PM
View on website

June 01, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4723

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.
Published at: June 01, 2021 at 05:15PM
View on website

June 01, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4722

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.
Published at: June 01, 2021 at 05:15PM
View on website

June 01, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4653

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170964.
Published at: June 01, 2021 at 05:15PM
View on website

June 01, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4471

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780.
Published at: June 01, 2021 at 05:15PM
View on website

June 01, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10743

It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking.
Published at: June 02, 2021 at 02:15PM
View on website

June 02, 2021 at 03:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10742

A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability.
Published at: June 02, 2021 at 02:15PM
View on website

June 02, 2021 at 03:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14388

A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission.
Published at: June 02, 2021 at 04:15PM
View on website

June 02, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14380

An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite.
Published at: June 02, 2021 at 04:15PM
View on website

June 02, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14371

A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.
Published at: June 02, 2021 at 04:15PM
View on website

June 02, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14340

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.
Published at: June 02, 2021 at 04:15PM
View on website

June 02, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14336

A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability.
Published at: June 02, 2021 at 03:15PM
View on website

June 02, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14335

A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability.
Published at: June 02, 2021 at 03:15PM
View on website

June 02, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14326

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.
Published at: June 02, 2021 at 03:15PM
View on website

June 02, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14317

It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
Published at: June 02, 2021 at 03:15PM
View on website

June 02, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10771

A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.
Published at: June 02, 2021 at 03:15PM
View on website

June 02, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12067

The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
Published at: June 02, 2021 at 06:15PM
View on website

June 02, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10195

lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.
Published at: June 02, 2021 at 05:15PM
View on website

June 02, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-8761

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.
Published at: June 02, 2021 at 05:15PM
View on website

June 02, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-1877

The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file.
Published at: June 02, 2021 at 08:15PM
View on website

June 02, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2011-3656

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing.
Published at: June 02, 2021 at 08:15PM
View on website

June 02, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2009-0948

Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02.
Published at: June 02, 2021 at 07:15PM
View on website

June 02, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2009-0947

Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02.
Published at: June 02, 2021 at 07:15PM
View on website

June 02, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell.
Published at: June 03, 2021 at 05:15PM
View on website

June 03, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21003

Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin.php.
Published at: June 03, 2021 at 05:15PM
View on website

June 03, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14584

Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
Published at: June 03, 2021 at 11:15PM
View on website

June 04, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15077

OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Published at: June 04, 2021 at 02:15PM
View on website

June 04, 2021 at 03:36PM

via National Vulnerability Database


Download IFTTT for Android

Няма коментари:

Публикуване на коментар