понеделник, 27 септември 2021 г.

Weekly Update: New diabetes clinical trial (13 items)

New diabetes clinical trial: Breaking up Sedentary Time to Improve Glucose Control in a Population at Risk for Developing Type 2 Diabetes

Published on: September 13, 2021 at 07:00PM
Conditions:   Pre-diabetes;   Overweight and Obesity
Interventions:   Behavioral: BREAK;   Behavioral: ONE
Sponsor:   University of Colorado, Denver
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT05041491?term=diabetes&sfpd_d=14 September 13, 2021 at 05:22PM

via ClinicalTrials.gov


New diabetes clinical trial: Effect of Dapagliflozin vs Sitagliptin on Liver Fat Accumulation and Body Composition in Patients With Diabetes Mellitus and Liver Transplantation

Published on: September 13, 2021 at 07:00PM
Conditions:   Diabetes Mellitus;   Liver Transplant; Complications
Interventions:   Drug: Dapagliflozin 10Mg Tab;   Drug: Sitagliptin 100mg
Sponsor:   Medanta, The Medicity, India
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT05042505?term=diabetes&sfpd_d=14 September 13, 2021 at 05:22PM

via ClinicalTrials.gov


New diabetes clinical trial: A Learning Algorithm for MDI Individuals With Type 1 Diabetes to Adjust Recommendations for High Fat Meals and Exercise Management

Published on: September 13, 2021 at 07:00PM
Condition:   Type 1 Diabetes
Intervention:   Device: Sensor augmented MDI therapy plus mobile application
Sponsor:   McGill University
Recruiting
https://clinicaltrials.gov/ct2/show/NCT05041621?term=diabetes&sfpd_d=14 September 13, 2021 at 05:22PM

via ClinicalTrials.gov


New diabetes clinical trial: HIT on Hypoglycaemic Risk in T1D

Published on: September 14, 2021 at 07:00PM
Condition:   Type1diabetes
Interventions:   Behavioral: moderate intensity continous training;   Behavioral: high intensity interval training
Sponsors:   Liverpool John Moores University;   Society for Endocrinology;   Royal Liverpool University Hospital;   University of Birmingham;   University of Exeter
Completed
https://clinicaltrials.gov/ct2/show/NCT05044442?term=diabetes&sfpd_d=14 September 14, 2021 at 07:22PM

via ClinicalTrials.gov


New diabetes clinical trial: Retrospective Study to Evaluate the Safety of Duvie in Korean Patients With Type 2 Diabetes Mellitus

Published on: September 14, 2021 at 07:00PM
Condition:   Type2 Diabetes
Intervention:   Drug: Duvie(Lobeglitazone) tab 0.5mg
Sponsor:   Chong Kun Dang Pharmaceutical
Completed
https://clinicaltrials.gov/ct2/show/NCT05043467?term=diabetes&sfpd_d=14 September 14, 2021 at 07:22PM

via ClinicalTrials.gov


New diabetes clinical trial: Postprandial VLDL-triglycerid Metabolism in Type 2 Diabetes Patients With and Without NAFLD

Published on: September 14, 2021 at 07:00PM
Conditions:   NAFLD;   Type 2 Diabetes
Intervention:   Dietary Supplement: High-fat mixed-meal tolerance test (HF-MMT)
Sponsors:   University of Aarhus;   Danish Diabetes Academy
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT05044130?term=diabetes&sfpd_d=14 September 14, 2021 at 07:22PM

via ClinicalTrials.gov


New diabetes clinical trial: A Research Study Looking Into Blood Levels of Semaglutide and NNC0480-0389 When Given in the Same Injection or in Two Separate Injections in Healthy People

Published on: September 16, 2021 at 07:00PM
Condition:   Diabetes Mellitus, Type 2
Interventions:   Drug: Co-formulation NNC0480 0389+Semaglutide A 10/1 mg/mL;   Drug: semaglutide 1.34 mg/mL (placebo);   Drug: Semaglutide 1.34 mg/mL;   Drug: NNC0480-0389 A 10 mg/mL
Sponsor:   Novo Nordisk A/S
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT05046873?term=diabetes&sfpd_d=14 September 16, 2021 at 06:22PM

via ClinicalTrials.gov


New diabetes clinical trial: Personalized Dietary Management in Type 2 Diabetes

Published on: September 16, 2021 at 07:00PM
Condition:   T2D
Interventions:   Behavioral: Social Cognitive Theory (SCT)-Based Behavioral Counseling;   Behavioral: Isocaloric Mediterranean Diet Advice;   Behavioral: Personalized Guidance to Minimize Postprandial Glycemic Response (PPGR)
Sponsors:   NYU Langone Health;   National Institute of Nursing Research (NINR)
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT05046886?term=diabetes&sfpd_d=14 September 16, 2021 at 06:22PM

via ClinicalTrials.gov


New diabetes clinical trial: AMIloride for the Treatment of Nephrogenic Diabetes Insipidus for Patients With Bipolar Disorder Treated With Lithium

Published on: September 15, 2021 at 07:00PM
Condition:   Bipolar Disorder
Interventions:   Drug: Anhydrous Amiloride Hydrochloride;   Drug: Placebo
Sponsor:   Assistance Publique - Hôpitaux de Paris
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT05044611?term=diabetes&sfpd_d=14 September 16, 2021 at 06:22PM

via ClinicalTrials.gov


New diabetes clinical trial: Metabolic Phenotyping and Follow-Up of Patients With and Without Diabetes After New Onset of STEMI

Published on: September 16, 2021 at 07:00PM
Conditions:   ST Elevation Myocardial Infarction;   Diabetes Mellitus
Intervention:  
Sponsor:   German Diabetes Center
Recruiting
https://clinicaltrials.gov/ct2/show/NCT05046483?term=diabetes&sfpd_d=14 September 16, 2021 at 06:22PM

via ClinicalTrials.gov


New diabetes clinical trial: To Improve the Ability of Early Screening and Diagnosis in Patients With Diabetic Nephropathy

Published on: September 17, 2021 at 07:00PM
Condition:   Diabetic Kidney Disease
Intervention:  
Sponsor:   Yiming Mu
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT05047471?term=diabetes&sfpd_d=14 September 17, 2021 at 06:22PM

via ClinicalTrials.gov


New diabetes clinical trial: A Study of LY3502970 in Participants With Type 2 Diabetes Mellitus

Published on: September 17, 2021 at 07:00PM
Condition:   Type 2 Diabetes
Interventions:   Drug: LY3502970;   Drug: Dulaglutide;   Drug: Placebo
Sponsor:   Eli Lilly and Company
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT05048719?term=diabetes&sfpd_d=14 September 17, 2021 at 06:22PM

via ClinicalTrials.gov


New diabetes clinical trial: Electronic Frailty Index (eFI)Cacious-Diabetes Care

Published on: September 17, 2021 at 07:00PM
Conditions:   Diabetes;   Type2 Diabetes
Intervention:   Behavioral: Pharmacist-Led Optimization Intervention
Sponsor:   Wake Forest University Health Sciences
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT05047237?term=diabetes&sfpd_d=14 September 17, 2021 at 06:22PM

via ClinicalTrials.gov



Weekly Update: a new vulnerability is published on the National Vulnerability Database (35 items)

New vulnerabilities from the NVD: CVE-2019-20101

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist/<version>/check endpoint. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.
Published at: September 14, 2021 at 08:15AM
View on website

September 14, 2021 at 01:38PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10941

A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affected system, and successful exploitation requires no system privileges.
Published at: September 14, 2021 at 02:15PM
View on website

September 14, 2021 at 03:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-22149

Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.
Published at: September 15, 2021 at 03:15PM
View on website

September 15, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-22148

Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.
Published at: September 15, 2021 at 03:15PM
View on website

September 15, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-22147

Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
Published at: September 15, 2021 at 03:15PM
View on website

September 15, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-3960

VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory.
Published at: September 15, 2021 at 04:15PM
View on website

September 15, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-35340

A Directory Traversal vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read.
Published at: September 15, 2021 at 03:15PM
View on website

September 15, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19159

Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'.
Published at: September 15, 2021 at 05:15PM
View on website

September 15, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19158

Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
Published at: September 15, 2021 at 05:15PM
View on website

September 15, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19157

Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucenter&a=index'.
Published at: September 15, 2021 at 05:15PM
View on website

September 15, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19156

Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called.
Published at: September 15, 2021 at 05:15PM
View on website

September 15, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19155

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'.
Published at: September 15, 2021 at 05:15PM
View on website

September 15, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19154

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.
Published at: September 15, 2021 at 05:15PM
View on website

September 15, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19151

Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.
Published at: September 15, 2021 at 05:15PM
View on website

September 15, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19150

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'.
Published at: September 15, 2021 at 05:15PM
View on website

September 15, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19148

Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.
Published at: September 15, 2021 at 05:15PM
View on website

September 15, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19147

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'.
Published at: September 15, 2021 at 05:15PM
View on website

September 15, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19146

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.
Published at: September 15, 2021 at 05:15PM
View on website

September 15, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21127

MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.
Published at: September 15, 2021 at 08:15PM
View on website

September 15, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21126

MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.
Published at: September 15, 2021 at 08:15PM
View on website

September 15, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21125

An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.
Published at: September 15, 2021 at 08:15PM
View on website

September 15, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21124

UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.
Published at: September 15, 2021 at 08:15PM
View on website

September 15, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21122

UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.
Published at: September 15, 2021 at 08:15PM
View on website

September 15, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21121

Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file.
Published at: September 15, 2021 at 08:15PM
View on website

September 15, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-20012

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session.
Published at: September 15, 2021 at 11:15PM
View on website

September 16, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21321

emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.
Published at: September 16, 2021 at 01:15AM
View on website

September 16, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14130

Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809
Published at: September 16, 2021 at 03:15PM
View on website

September 16, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14124

There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12.
Published at: September 16, 2021 at 04:15PM
View on website

September 16, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14119

There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12
Published at: September 16, 2021 at 04:15PM
View on website

September 16, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14109

There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12
Published at: September 16, 2021 at 03:15PM
View on website

September 16, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-9060

An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1).
Published at: September 17, 2021 at 07:15PM
View on website

September 17, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12083

An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).
Published at: September 17, 2021 at 09:15PM
View on website

September 17, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12082

A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).
Published at: September 17, 2021 at 09:15PM
View on website

September 17, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12080

A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash.
Published at: September 17, 2021 at 09:15PM
View on website

September 17, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-20686

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Published at: September 17, 2021 at 10:15PM
View on website

September 17, 2021 at 11:33PM

via National Vulnerability Database



събота, 25 септември 2021 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (74 items)

New vulnerabilities from the NVD: CVE-2021-24303

The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues
Published at: September 06, 2021 at 02:15PM
View on website

September 06, 2021 at 03:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15939

An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL.
Published at: September 06, 2021 at 07:15PM
View on website

September 06, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-7877

A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command.
Published at: September 07, 2021 at 03:15PM
View on website

September 07, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-5318

A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability.
Published at: September 07, 2021 at 04:15PM
View on website

September 07, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-7865

A vulnerability(improper input validation) in the ExECM CoreB2B solution allows an unauthenticated attacker to download and execute an arbitrary file via httpDownload function. A successful exploit could allow the attacker to hijack vulnerable system.
Published at: September 07, 2021 at 06:15PM
View on website

September 07, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-7832

A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832)
Published at: September 07, 2021 at 06:15PM
View on website

September 07, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-7819

A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information.
Published at: September 07, 2021 at 06:15PM
View on website

September 07, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19131

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
Published at: September 07, 2021 at 06:15PM
View on website

September 07, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19752

The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.
Published at: September 07, 2021 at 11:15PM
View on website

September 08, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19751

An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read.
Published at: September 07, 2021 at 11:15PM
View on website

September 08, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19750

An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read.
Published at: September 07, 2021 at 11:15PM
View on website

September 08, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19769

A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script.
Published at: September 08, 2021 at 01:15AM
View on website

September 08, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19768

A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script.
Published at: September 08, 2021 at 01:15AM
View on website

September 08, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19767

A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script.
Published at: September 08, 2021 at 01:15AM
View on website

September 08, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19766

The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application.
Published at: September 08, 2021 at 01:15AM
View on website

September 08, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19765

An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack.
Published at: September 08, 2021 at 01:15AM
View on website

September 08, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19855

phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.
Published at: September 08, 2021 at 03:15AM
View on website

September 08, 2021 at 08:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19853

BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.
Published at: September 08, 2021 at 03:15AM
View on website

September 08, 2021 at 08:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-23404

This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack.
Published at: September 08, 2021 at 02:15PM
View on website

September 08, 2021 at 03:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-29012

An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
Published at: September 08, 2021 at 02:15PM
View on website

September 08, 2021 at 03:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1972

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1930

Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1929

Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1928

Buffer over read could occur due to incorrect check of buffer size while flashing emmc devices in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1923

Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1920

Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1919

Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1916

Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1914

Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1904

Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11301

Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11264

Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1809

A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1808

A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1807

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4. A local user may be able to write arbitrary files.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1784

A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to modify protected parts of the file system.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1770

A buffer overflow may result in arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A logic issue was addressed with improved state management.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1762

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1740

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1739

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-27942

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing a maliciously crafted font file may lead to arbitrary code execution.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-27940

This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. An attacker with file system access may modify scripts used by the app.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24672

A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: .
Published at: September 08, 2021 at 07:15PM
View on website

September 08, 2021 at 09:55PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-26772

Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the 'AjaxRun()' function.
Published at: September 09, 2021 at 12:15AM
View on website

September 09, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19138

Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
Published at: September 09, 2021 at 12:15AM
View on website

September 09, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19137

Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10".
Published at: September 09, 2021 at 12:15AM
View on website

September 09, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-26300

systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix.
Published at: September 09, 2021 at 04:15AM
View on website

September 09, 2021 at 08:34AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-7874

Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension.
Published at: September 09, 2021 at 04:15PM
View on website

September 09, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-7873

Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution.
Published at: September 09, 2021 at 04:15PM
View on website

September 09, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19515

qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.
Published at: September 09, 2021 at 06:15PM
View on website

September 09, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19144

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.
Published at: September 09, 2021 at 06:15PM
View on website

September 09, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19143

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'.
Published at: September 09, 2021 at 06:15PM
View on website

September 09, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19268

A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users.
Published at: September 09, 2021 at 09:15PM
View on website

September 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19267

An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.
Published at: September 09, 2021 at 09:15PM
View on website

September 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19266

A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML.
Published at: September 09, 2021 at 09:15PM
View on website

September 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19265

A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML.
Published at: September 09, 2021 at 09:15PM
View on website

September 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19264

A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.
Published at: September 09, 2021 at 09:15PM
View on website

September 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19263

A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit.
Published at: September 09, 2021 at 09:15PM
View on website

September 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19294

A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19293

A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19292

A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19291

A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19290

A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19289

A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19288

A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19287

A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19286

A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19285

A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19284

A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19283

A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19282

A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19281

A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19280

Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19957

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS 4.5.4.1715 build 20210630 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 build 20210809 and later
Published at: September 10, 2021 at 07:15AM
View on website

September 10, 2021 at 08:33AM

via National Vulnerability Database