събота, 25 септември 2021 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (74 items)

New vulnerabilities from the NVD: CVE-2021-24303

The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues
Published at: September 06, 2021 at 02:15PM
View on website

September 06, 2021 at 03:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15939

An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL.
Published at: September 06, 2021 at 07:15PM
View on website

September 06, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-7877

A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command.
Published at: September 07, 2021 at 03:15PM
View on website

September 07, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-5318

A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability.
Published at: September 07, 2021 at 04:15PM
View on website

September 07, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-7865

A vulnerability(improper input validation) in the ExECM CoreB2B solution allows an unauthenticated attacker to download and execute an arbitrary file via httpDownload function. A successful exploit could allow the attacker to hijack vulnerable system.
Published at: September 07, 2021 at 06:15PM
View on website

September 07, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-7832

A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832)
Published at: September 07, 2021 at 06:15PM
View on website

September 07, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-7819

A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information.
Published at: September 07, 2021 at 06:15PM
View on website

September 07, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19131

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
Published at: September 07, 2021 at 06:15PM
View on website

September 07, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19752

The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.
Published at: September 07, 2021 at 11:15PM
View on website

September 08, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19751

An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read.
Published at: September 07, 2021 at 11:15PM
View on website

September 08, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19750

An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read.
Published at: September 07, 2021 at 11:15PM
View on website

September 08, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19769

A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script.
Published at: September 08, 2021 at 01:15AM
View on website

September 08, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19768

A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script.
Published at: September 08, 2021 at 01:15AM
View on website

September 08, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19767

A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script.
Published at: September 08, 2021 at 01:15AM
View on website

September 08, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19766

The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application.
Published at: September 08, 2021 at 01:15AM
View on website

September 08, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19765

An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack.
Published at: September 08, 2021 at 01:15AM
View on website

September 08, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19855

phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.
Published at: September 08, 2021 at 03:15AM
View on website

September 08, 2021 at 08:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19853

BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.
Published at: September 08, 2021 at 03:15AM
View on website

September 08, 2021 at 08:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-23404

This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack.
Published at: September 08, 2021 at 02:15PM
View on website

September 08, 2021 at 03:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-29012

An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
Published at: September 08, 2021 at 02:15PM
View on website

September 08, 2021 at 03:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1972

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1930

Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1929

Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1928

Buffer over read could occur due to incorrect check of buffer size while flashing emmc devices in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1923

Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1920

Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1919

Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1916

Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1914

Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1904

Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11301

Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11264

Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
Published at: September 08, 2021 at 03:15PM
View on website

September 08, 2021 at 05:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1809

A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1808

A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1807

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4. A local user may be able to write arbitrary files.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1784

A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to modify protected parts of the file system.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1770

A buffer overflow may result in arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A logic issue was addressed with improved state management.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1762

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1740

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-1739

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-27942

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing a maliciously crafted font file may lead to arbitrary code execution.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-27940

This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. An attacker with file system access may modify scripts used by the app.
Published at: September 08, 2021 at 06:15PM
View on website

September 08, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24672

A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: .
Published at: September 08, 2021 at 07:15PM
View on website

September 08, 2021 at 09:55PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-26772

Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the 'AjaxRun()' function.
Published at: September 09, 2021 at 12:15AM
View on website

September 09, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19138

Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
Published at: September 09, 2021 at 12:15AM
View on website

September 09, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19137

Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10".
Published at: September 09, 2021 at 12:15AM
View on website

September 09, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-26300

systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix.
Published at: September 09, 2021 at 04:15AM
View on website

September 09, 2021 at 08:34AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-7874

Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension.
Published at: September 09, 2021 at 04:15PM
View on website

September 09, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-7873

Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution.
Published at: September 09, 2021 at 04:15PM
View on website

September 09, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19515

qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.
Published at: September 09, 2021 at 06:15PM
View on website

September 09, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19144

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.
Published at: September 09, 2021 at 06:15PM
View on website

September 09, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19143

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'.
Published at: September 09, 2021 at 06:15PM
View on website

September 09, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19268

A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users.
Published at: September 09, 2021 at 09:15PM
View on website

September 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19267

An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.
Published at: September 09, 2021 at 09:15PM
View on website

September 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19266

A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML.
Published at: September 09, 2021 at 09:15PM
View on website

September 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19265

A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML.
Published at: September 09, 2021 at 09:15PM
View on website

September 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19264

A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.
Published at: September 09, 2021 at 09:15PM
View on website

September 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19263

A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit.
Published at: September 09, 2021 at 09:15PM
View on website

September 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19294

A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19293

A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19292

A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19291

A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19290

A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19289

A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19288

A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19287

A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19286

A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19285

A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19284

A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19283

A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19282

A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19281

A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19280

Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations.
Published at: September 10, 2021 at 02:15AM
View on website

September 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19957

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS 4.5.4.1715 build 20210630 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 build 20210809 and later
Published at: September 10, 2021 at 07:15AM
View on website

September 10, 2021 at 08:33AM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар