събота, 31 октомври 2020 г.

Weekly Update: New diabetes clinical trial (23 items)


New diabetes clinical trial: The DAPA-MEMRI Trial

Published on: October 19, 2020 at 07:00PM
Conditions:   Heart Failure;   Diabetic Cardiomyopathies
Interventions:   Drug: Dapagliflozin 10 milligrams [Farxiga];   Drug: Placebo
Sponsors:   University of Edinburgh;   AstraZeneca;   NHS Lothian
Recruiting
https://clinicaltrials.gov/ct2/show/NCT04591639?term=diabetes&sfpd_d=14 October 19, 2020 at 04:24PM

via ClinicalTrials.gov


New diabetes clinical trial: The Efficacy, Safety, and Immunogenicity Study Comparing an Insulin Glargine Biosimilar Sansulin Log-G to Lantus

Published on: October 19, 2020 at 07:00PM
Condition:   Diabetes Mellitus
Interventions:   Drug: Insulin Glargine Sansulin;   Drug: Insulin Glargine Pen Injector [Lantus]
Sponsor:   Indonesia University
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04591457?term=diabetes&sfpd_d=14 October 19, 2020 at 04:24PM

via ClinicalTrials.gov


New diabetes clinical trial: The Effect of COVID-19 on Diabetes Mellitus

Published on: October 19, 2020 at 07:00PM
Conditions:   Diabetes Mellitus;   Covid19
Intervention:  
Sponsor:   Uşak University
Recruiting
https://clinicaltrials.gov/ct2/show/NCT04592055?term=diabetes&sfpd_d=14 October 19, 2020 at 04:24PM

via ClinicalTrials.gov


New diabetes clinical trial: A Study of Dulaglutide (LY2189265) in Chinese Participants With Type 2 Diabetes

Published on: October 19, 2020 at 07:00PM
Condition:   Type 2 Diabetes Mellitus
Interventions:   Drug: Dulaglutide;   Drug: Placebo;   Drug: Insulin Glargine
Sponsor:   Eli Lilly and Company
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04591626?term=diabetes&sfpd_d=14 October 19, 2020 at 04:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Research Study to Compare a New Medicine "Fast-acting Insulin Aspart" to Another Medicine "Insulin Aspart" in Chinese People With Diabetes

Published on: October 15, 2020 at 07:00PM
Conditions:   Diabetes Mellitus, Type 1;   Diabetes Mellitus, Type 2
Interventions:   Drug: Faster aspart;   Drug: Insulin aspart;   Drug: Insulin degludec
Sponsor:   Novo Nordisk A/S
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04588259?term=diabetes&sfpd_d=14 October 19, 2020 at 04:24PM

via ClinicalTrials.gov


New diabetes clinical trial: An Immunotherapy Vaccine (PIpepTolDC) for the Treatment of Patients With Type 1 Diabetes

Published on: October 16, 2020 at 07:00PM
Condition:   Type 1 Diabetes Mellitus
Intervention:   Biological: Tolerogenic Dendritic Cell Vaccine
Sponsor:   City of Hope Medical Center
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04590872?term=diabetes&sfpd_d=14 October 19, 2020 at 04:24PM

via ClinicalTrials.gov


New diabetes clinical trial: The Effect of Diabetes Mellitus on the Prognosis of Patients With COVID-19

Published on: October 19, 2020 at 07:00PM
Conditions:   Covid19;   Diabetes Mellitus
Intervention:   Other: hospitalisation, necessity of ICU, mortality rate, lung involvement
Sponsor:   Uşak University
Recruiting
https://clinicaltrials.gov/ct2/show/NCT04591704?term=diabetes&sfpd_d=14 October 19, 2020 at 04:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Insul-In This Together Program

Published on: October 15, 2020 at 07:00PM
Condition:   Type 1 Diabetes
Intervention:   Behavioral: Insul-In This Together
Sponsors:   Stanford University;   National Institutes of Health (NIH);   National Institute of Diabetes and Digestive and Kidney Diseases (NIDDK)
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04589689?term=diabetes&sfpd_d=14 October 19, 2020 at 04:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Ixekizumab Diabetes Intervention Trial (I-DIT)

Published on: October 15, 2020 at 07:00PM
Condition:   Type1 Diabetes Mellitus
Interventions:   Drug: Ixekizumab;   Drug: Placebo
Sponsors:   Vastra Gotaland Region;   Eli Lilly and Company;   Gothia Forum - Center for Clinical Trial;   Statistiska konsultgruppen;   Karolinska University Laboratory
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04589325?term=diabetes&sfpd_d=14 October 19, 2020 at 04:24PM

via ClinicalTrials.gov


New diabetes clinical trial: MANAGEMENT OF PATIENTS WITH TYPE 2 DIABETES MELLITUS HOSPITALIZED IN INTERNAL MEDICINE UNITS (MINDER Study)

Published on: October 15, 2020 at 07:00PM
Condition:   Diabetes Mellitus, Type 2
Intervention:   Other: educational program
Sponsor:   Fadoi Foundation, Italy
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04589533?term=diabetes&sfpd_d=14 October 19, 2020 at 04:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Kidney Fat in Type 2 Diabetes and the Effects of Ezetimibe

Published on: October 15, 2020 at 07:00PM
Conditions:   Diabetes Mellitus, Type 2;   Diabetic Kidney Disease
Interventions:   Drug: Ezetimibe 10mg;   Drug: Placebo
Sponsors:   Steno Diabetes Center Copenhagen;   Department of Clinical Physiology, Nuclear Medicine and PET at Rigshospitalet Glostrup, Valdemar Hansens Vej 1-23, 2600 Glostrup, Denmark;   Aase Handberg, professor, dr.med., Department of Clinical Biochemistry, Aalborg University Hospital;   Capital Region's Pharmacy (Region Hovedstadens Apotek), Marielundvej 25, 2730 Herlev, Denmark;   Alessia Fornoni, MD PhD, Professor of Medicine, Chief, Katz Family Division of Nephrology and Hypertension
Active, not recruiting
https://clinicaltrials.gov/ct2/show/NCT04589351?term=diabetes&sfpd_d=14 October 19, 2020 at 04:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Patient Centered Care in Diabetes in Ecuador

Published on: October 19, 2020 at 07:00PM
Conditions:   Patient Satisfaction;   Patient Engagement;   Patient Empowerment;   Health Literacy;   Patient Experience
Intervention:   Other: EPD Questionnaire
Sponsors:   Universidad Miguel Hernandez de Elche;   Universidad Catolica Santiago de Guayaquil;   Fundación para el Fomento de la Investigación Sanitaria y Biomédica de la Comunitat Valenciana
Active, not recruiting
https://clinicaltrials.gov/ct2/show/NCT04592263?term=diabetes&sfpd_d=14 October 19, 2020 at 04:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Dulce Digital-COVID Aware (DD-CA) Discharge Texting Platform for US/Mexico Border Hispanics With Diabetes + COVID-19

Published on: October 16, 2020 at 07:00PM
Conditions:   Diabetes Mellitus, Type 2;   Covid19
Interventions:   Behavioral: Hospital: DD-CA;   Behavioral: Hospital: Usual Care (UC)
Sponsors:   Scripps Whittier Diabetes Institute;   National Institute of Diabetes and Digestive and Kidney Diseases (NIDDK)
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04591015?term=diabetes&sfpd_d=14 October 19, 2020 at 04:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Prevalence of NAFLD and Advanced Fibrosis in Patients With Type 1 Diabetes

Published on: October 20, 2020 at 07:00PM
Conditions:   Nonalcoholic Fatty Liver;   Nonalcoholic Steatohepatitis;   Fibrosis, Liver;   Type 1 Diabetes;   Cirrhosis, Liver
Intervention:   Device: Transient Elastography
Sponsor:   Joslin Diabetes Center
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04595474?term=diabetes&sfpd_d=14 October 20, 2020 at 03:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Efficacy of Multigrain Supplementation in Type II Diabetes Mellitus

Published on: October 21, 2020 at 07:00PM
Condition:   Type2 Diabetes
Intervention:   Dietary Supplement: Instant multigrain supplement
Sponsor:   Universiti Sains Malaysia
Recruiting
https://clinicaltrials.gov/ct2/show/NCT04597229?term=diabetes&sfpd_d=14 October 22, 2020 at 02:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Intravenous Insulin vs Subcutaneous Insulin Infusion in Intrapartum Management of Type 1 Diabetes Mellitus

Published on: October 22, 2020 at 07:00PM
Conditions:   Type 1 Diabetes;   Pregnancy, High Risk
Intervention:   Drug: Insulin
Sponsor:   Gianna Wilkie
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04599075?term=diabetes&sfpd_d=14 October 22, 2020 at 02:24PM

via ClinicalTrials.gov


New diabetes clinical trial: A Research Study to Compare a New Medicine Oral Semaglutide to a Dummy Medicine in Children and Teenagers With Type 2 Diabetes

Published on: October 21, 2020 at 07:00PM
Condition:   Diabetes Mellitus, Type 2
Interventions:   Drug: Oral semaglutide;   Drug: Placebo (semaglutide)
Sponsor:   Novo Nordisk A/S
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04596631?term=diabetes&sfpd_d=14 October 22, 2020 at 02:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Recent-Onset Type 1 Diabetes Extension Study Evaluating the Long-Term Safety of Teplizumab

Published on: October 22, 2020 at 07:00PM
Condition:   Type 1 Diabetes Mellitus
Interventions:   Biological: Teplizumab;   Other: Placebo
Sponsor:   Provention Bio, Inc.
Enrolling by invitation
https://clinicaltrials.gov/ct2/show/NCT04598893?term=diabetes&sfpd_d=14 October 22, 2020 at 02:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Electrical Vestibular Stimulation (VeNS) Compared to Sham Control as a Means of Improving Glycemic Control in Adults With Type 2 Diabetes Mellitus

Published on: October 21, 2020 at 07:00PM
Condition:   Type 2 Diabetes
Interventions:   Device: Vestal DM active device;   Behavioral: Hypo-caloric diet;   Device: Sham device
Sponsor:   Neurovalens Ltd.
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04595968?term=diabetes&sfpd_d=14 October 22, 2020 at 02:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Preventive Treatment Of Latent Tuberculosis Infection In People With Diabetes Mellitus

Published on: October 23, 2020 at 07:00PM
Conditions:   Diabetes Mellitus;   Tuberculosis
Interventions:   Drug: Isoniazid and Rifapentine (INH-RPT);   Drug: Placebo
Sponsors:   Dr. Nyanda Elias Ntinginya;   Stichting Katholieke Universiteit- Radboudumc (RUMC), Netherlands;   Otago University, New Zealand;   Makerere University;   St George's, University of London, United Kingdom;   Kilimanjaro Christian Medical University College (KCMUCo), Tanzania;   Uganda Martyrs Hospital Lubaga, Uganda;   King's College London
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04600167?term=diabetes&sfpd_d=14 October 23, 2020 at 02:24PM

via ClinicalTrials.gov


New diabetes clinical trial: A Guided Self-determination Intervention Versus Attention Control for People With Type 2 Diabetes in Outpatient Clinics

Published on: October 23, 2020 at 07:00PM
Condition:   Type 2 Diabetes
Interventions:   Behavioral: Guided self-determination;   Behavioral: Personal support in goal-pursuing
Sponsors:   Rigshospitalet, Denmark;   Odense University Hospital;   Copenhagen Trial Unit, Center for Clinical Intervention Research;   Copenhagen University Hospital, Denmark
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04601311?term=diabetes&sfpd_d=14 October 23, 2020 at 02:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Effect of Type 1 Diabetes on Sleep Fractionation

Published on: October 23, 2020 at 07:00PM
Condition:   Type 1 Diabetes
Intervention:   Other: Cross-sectional observational study
Sponsor:   University Hospital, Grenoble
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04601519?term=diabetes&sfpd_d=14 October 23, 2020 at 02:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Adapting and Assessing the Feasibility of a Diabetes Self-management Telehealth Intervention

Published on: October 23, 2020 at 07:00PM
Condition:   Diabete Mellitus
Interventions:   Behavioral: Rural Diabetes One-Day Education and Care program (R-D1D);   Behavioral: Diabetes Education Materials
Sponsors:   University of Utah;   University of Colorado, Denver
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04600622?term=diabetes&sfpd_d=14 October 23, 2020 at 02:24PM

via ClinicalTrials.gov


петък, 30 октомври 2020 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (33 items)

New vulnerabilities from the NVD: CVE-2019-13633

Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed.
Published at: October 19, 2020 at 11:15PM
View on website

October 20, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4680

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171733.
Published at: October 20, 2020 at 06:15PM
View on website

October 20, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-9080

DomainMOD before 4.14.0 uses MD5 without a salt for password storage.
Published at: October 20, 2020 at 11:15PM
View on website

October 21, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14736

Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Public Synonym privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Vault accessible data as well as unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).
Published at: October 21, 2020 at 06:15PM
View on website

October 21, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14735

Vulnerability in the Scheduler component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Scheduler executes to compromise Scheduler. While the vulnerability is in Scheduler, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Scheduler. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Published at: October 21, 2020 at 06:15PM
View on website

October 21, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14734

Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in takeover of Oracle Text. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published at: October 21, 2020 at 06:15PM
View on website

October 21, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14732

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).
Published at: October 21, 2020 at 06:15PM
View on website

October 21, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14731

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 18.0 and 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).
Published at: October 21, 2020 at 06:15PM
View on website

October 21, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14672

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published at: October 21, 2020 at 06:15PM
View on website

October 21, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10140

Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis.
Published at: October 21, 2020 at 05:15PM
View on website

October 21, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10139

Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
Published at: October 21, 2020 at 05:15PM
View on website

October 21, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10138

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
Published at: October 21, 2020 at 05:15PM
View on website

October 21, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-11764

Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.
Published at: October 21, 2020 at 10:15PM
View on website

October 21, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-16129

Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).
Published at: October 22, 2020 at 10:15PM
View on website

October 22, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-16127

Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.
Published at: October 22, 2020 at 10:15PM
View on website

October 22, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13327

An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments
Published at: October 23, 2020 at 12:15AM
View on website

October 23, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11853

An arbitrary code execution vulnerability exists in Micro Focus Operation Bridge Manager 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. The vulnerability could allow remote attackers to execute arbitrary code.
Published at: October 23, 2020 at 12:15AM
View on website

October 23, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10721

A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAML configuration file on the local machine executing the maven plug-in could allow for deserialization of untrusted data resulting in arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Published at: October 22, 2020 at 11:15PM
View on website

October 23, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-17007

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
Published at: October 23, 2020 at 12:15AM
View on website

October 23, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-17006

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
Published at: October 23, 2020 at 12:15AM
View on website

October 23, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-16128

Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2).
Published at: October 22, 2020 at 11:15PM
View on website

October 23, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-18508

In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
Published at: October 23, 2020 at 12:15AM
View on website

October 23, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21267

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: October 23, 2020 at 01:15AM
View on website

October 23, 2020 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21266

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: October 23, 2020 at 01:15AM
View on website

October 23, 2020 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14719

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.
Published at: October 23, 2020 at 08:15AM
View on website

October 23, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14718

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.
Published at: October 23, 2020 at 08:15AM
View on website

October 23, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14717

Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call.
Published at: October 23, 2020 at 08:15AM
View on website

October 23, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14716

Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out).
Published at: October 23, 2020 at 08:15AM
View on website

October 23, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14715

Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation.
Published at: October 23, 2020 at 08:15AM
View on website

October 23, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14713

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages.
Published at: October 23, 2020 at 08:15AM
View on website

October 23, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14712

Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation.
Published at: October 23, 2020 at 08:15AM
View on website

October 23, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14711

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.
Published at: October 23, 2020 at 08:15AM
View on website

October 23, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-8062

A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service.
Published at: October 23, 2020 at 08:15AM
View on website

October 23, 2020 at 01:36PM

via National Vulnerability Database