New vulnerabilities from the NVD: CVE-2019-12503 | | Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. Published at: December 02, 2019 at 07:15PM View on website December 03, 2019 at 04:49PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-12394 | | Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication. Published at: December 02, 2019 at 07:15PM View on website December 03, 2019 at 04:49PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-12393 | | Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests. Published at: December 02, 2019 at 07:15PM View on website December 03, 2019 at 04:49PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-12392 | | |
New vulnerabilities from the NVD: CVE-2019-12391 | | The Anviz Management System for access control has insufficient logging for device events such as door open requests. Published at: December 02, 2019 at 07:15PM View on website December 03, 2019 at 04:49PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-12390 | | Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010. Published at: December 02, 2019 at 07:15PM View on website December 03, 2019 at 04:49PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-12389 | | Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010. Published at: December 02, 2019 at 07:15PM View on website December 03, 2019 at 04:49PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-12388 | | Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010. Published at: December 02, 2019 at 07:15PM View on website December 03, 2019 at 04:49PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-4457 (cloudera_manager) | | Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors. Published at: November 26, 2019 at 05:15PM View on website December 03, 2019 at 04:49PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-3406 | | The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors. Published at: November 29, 2019 at 11:15PM View on website December 03, 2019 at 04:49PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-2060 | | cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash. Published at: November 29, 2019 at 11:15PM View on website December 03, 2019 at 04:49PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-1855 | | verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters. Published at: November 29, 2019 at 11:15PM View on website December 03, 2019 at 04:49PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-0837 | | The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack." Published at: November 30, 2019 at 12:15AM View on website December 03, 2019 at 04:49PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2014-9356 | | Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile. Published at: December 02, 2019 at 08:15PM View on website December 03, 2019 at 04:49PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2014-3591 | | Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. Published at: November 30, 2019 at 12:15AM View on website December 03, 2019 at 04:49PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-7484 | | |
New vulnerabilities from the NVD: CVE-2013-4410 | | |
New vulnerabilities from the NVD: CVE-2012-5562 | | |
New vulnerabilities from the NVD: CVE-2012-4576 | | |
New vulnerabilities from the NVD: CVE-2012-4526 | | |
New vulnerabilities from the NVD: CVE-2012-4525 | | |
New vulnerabilities from the NVD: CVE-2012-4480 | | |
New vulnerabilities from the NVD: CVE-2012-4428 | | |
New vulnerabilities from the NVD: CVE-2013-2228 | | |
New vulnerabilities from the NVD: CVE-2013-2106 | | |
New vulnerabilities from the NVD: CVE-2013-2103 | | |
New vulnerabilities from the NVD: CVE-2013-2101 | | |
New vulnerabilities from the NVD: CVE-2013-4486 | | |
New vulnerabilities from the NVD: CVE-2013-4411 | | |
New vulnerabilities from the NVD: CVE-2013-4235 | | shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees Published at: December 03, 2019 at 05:15PM View on website December 03, 2019 at 08:49PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-7325 | | An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball. Published at: December 04, 2019 at 01:15AM View on website December 04, 2019 at 04:49AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-1104 | | A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed. Published at: December 05, 2019 at 08:15PM View on website December 05, 2019 at 11:05PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-1105 | | An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner. Published at: December 05, 2019 at 09:15PM View on website December 06, 2019 at 01:05AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-1592 | | A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. Published at: December 05, 2019 at 11:15PM View on website December 06, 2019 at 03:05AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-1115 | | A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php. Published at: December 05, 2019 at 11:15PM View on website December 06, 2019 at 03:05AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-1114 | | A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php. Published at: December 05, 2019 at 11:15PM View on website December 06, 2019 at 03:05AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-1615 | | A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file. Published at: December 06, 2019 at 06:15PM View on website December 06, 2019 at 09:05PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-2148 | | An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies Published at: December 06, 2019 at 08:15PM View on website December 06, 2019 at 11:05PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-2130 | | A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. Published at: December 06, 2019 at 08:15PM View on website December 06, 2019 at 11:05PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-2092 | | A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature. Published at: December 06, 2019 at 07:15PM View on website December 06, 2019 at 11:05PM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар