New vulnerabilities from the NVD: CVE-2019-13633 | | Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed. Published at: October 19, 2020 at 11:15PM View on website October 20, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4680 | | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171733. Published at: October 20, 2020 at 06:15PM View on website October 20, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-9080 | | |
New vulnerabilities from the NVD: CVE-2020-14736 | | Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Public Synonym privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Vault accessible data as well as unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). Published at: October 21, 2020 at 06:15PM View on website October 21, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14735 | | Vulnerability in the Scheduler component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Scheduler executes to compromise Scheduler. While the vulnerability is in Scheduler, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Scheduler. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Published at: October 21, 2020 at 06:15PM View on website October 21, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14734 | | Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in takeover of Oracle Text. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Published at: October 21, 2020 at 06:15PM View on website October 21, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14732 | | Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). Published at: October 21, 2020 at 06:15PM View on website October 21, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14731 | | Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 18.0 and 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). Published at: October 21, 2020 at 06:15PM View on website October 21, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14672 | | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Published at: October 21, 2020 at 06:15PM View on website October 21, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10140 | | Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis. Published at: October 21, 2020 at 05:15PM View on website October 21, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10139 | | Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. Published at: October 21, 2020 at 05:15PM View on website October 21, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10138 | | Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. Published at: October 21, 2020 at 05:15PM View on website October 21, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-11764 | | Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured. Published at: October 21, 2020 at 10:15PM View on website October 21, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-16129 | | Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2). Published at: October 22, 2020 at 10:15PM View on website October 22, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-16127 | | |
New vulnerabilities from the NVD: CVE-2020-13327 | | An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments Published at: October 23, 2020 at 12:15AM View on website October 23, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11853 | | An arbitrary code execution vulnerability exists in Micro Focus Operation Bridge Manager 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. The vulnerability could allow remote attackers to execute arbitrary code. Published at: October 23, 2020 at 12:15AM View on website October 23, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10721 | | A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAML configuration file on the local machine executing the maven plug-in could allow for deserialization of untrusted data resulting in arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Published at: October 22, 2020 at 11:15PM View on website October 23, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-17007 | | In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. Published at: October 23, 2020 at 12:15AM View on website October 23, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-17006 | | In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. Published at: October 23, 2020 at 12:15AM View on website October 23, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-16128 | | Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2). Published at: October 22, 2020 at 11:15PM View on website October 23, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-18508 | | In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. Published at: October 23, 2020 at 12:15AM View on website October 23, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-21267 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: October 23, 2020 at 01:15AM View on website October 23, 2020 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-21266 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: October 23, 2020 at 01:15AM View on website October 23, 2020 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14719 | | Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager. Published at: October 23, 2020 at 08:15AM View on website October 23, 2020 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14718 | | Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation. Published at: October 23, 2020 at 08:15AM View on website October 23, 2020 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14717 | | Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call. Published at: October 23, 2020 at 08:15AM View on website October 23, 2020 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14716 | | Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out). Published at: October 23, 2020 at 08:15AM View on website October 23, 2020 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14715 | | Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation. Published at: October 23, 2020 at 08:15AM View on website October 23, 2020 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14713 | | Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages. Published at: October 23, 2020 at 08:15AM View on website October 23, 2020 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14712 | | Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation. Published at: October 23, 2020 at 08:15AM View on website October 23, 2020 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14711 | | Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass. Published at: October 23, 2020 at 08:15AM View on website October 23, 2020 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-8062 | | A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service. Published at: October 23, 2020 at 08:15AM View on website October 23, 2020 at 01:36PM via National Vulnerability Database |