неделя, 18 октомври 2020 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (59 items)

New vulnerabilities from the NVD: CVE-2019-12033

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12032

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12031

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12030

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12029

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12028

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12027

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12026

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12025

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12024

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12023

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12022

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12021

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12020

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12019

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12018

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12016

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12015

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12014

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12013

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12012

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12011

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12010

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12009

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12008

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12007

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12006

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12005

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12004

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-12003

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
Published at: June 01, 2020 at 06:15PM
View on website

June 01, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-9702

system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request.
Published at: June 01, 2020 at 08:15PM
View on website

June 01, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-8945

admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.
Published at: June 01, 2020 at 08:15PM
View on website

June 01, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-8944

Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.
Published at: June 01, 2020 at 08:15PM
View on website

June 01, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-8943

Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.
Published at: June 01, 2020 at 08:15PM
View on website

June 01, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-8942

Lexiglot through 2014-11-20 allows CSRF.
Published at: June 01, 2020 at 08:15PM
View on website

June 01, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-8941

Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.
Published at: June 01, 2020 at 08:15PM
View on website

June 01, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-8940

Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI.
Published at: June 01, 2020 at 08:15PM
View on website

June 01, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-8939

Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.
Published at: June 01, 2020 at 08:15PM
View on website

June 01, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-8938

Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line.
Published at: June 01, 2020 at 08:15PM
View on website

June 01, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-8937

Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.
Published at: June 01, 2020 at 08:15PM
View on website

June 01, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-7175

FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php.
Published at: June 01, 2020 at 08:15PM
View on website

June 01, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-7174

FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature.
Published at: June 01, 2020 at 08:15PM
View on website

June 01, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-7173

FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php.
Published at: June 01, 2020 at 08:15PM
View on website

June 01, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-11843

The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS).
Published at: June 02, 2020 at 08:15PM
View on website

June 02, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-18625

Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
Published at: June 02, 2020 at 08:15PM
View on website

June 02, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-18624

Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
Published at: June 02, 2020 at 08:15PM
View on website

June 02, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-18623

Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
Published at: June 02, 2020 at 08:15PM
View on website

June 02, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2011-2863

Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Published at: June 04, 2020 at 02:15AM
View on website

June 04, 2020 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2011-1805

Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Published at: June 04, 2020 at 02:15AM
View on website

June 04, 2020 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21244

An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029.
Published at: June 04, 2020 at 08:15PM
View on website

June 04, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21243

An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used.
Published at: June 04, 2020 at 08:15PM
View on website

June 04, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21242

An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action.
Published at: June 04, 2020 at 08:15PM
View on website

June 04, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21241

An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code.
Published at: June 04, 2020 at 08:15PM
View on website

June 04, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21240

An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.
Published at: June 04, 2020 at 08:15PM
View on website

June 04, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21239

An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.
Published at: June 04, 2020 at 08:15PM
View on website

June 04, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21238

An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.
Published at: June 04, 2020 at 08:15PM
View on website

June 04, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21237

An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action.
Published at: June 04, 2020 at 08:15PM
View on website

June 04, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21236

An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference.
Published at: June 04, 2020 at 08:15PM
View on website

June 04, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-21235

An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer.
Published at: June 04, 2020 at 08:15PM
View on website

June 04, 2020 at 09:36PM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар