събота, 31 юли 2021 г.

Weekly Update: New diabetes clinical trial (17 items)

New diabetes clinical trial: Chronic Passive Heating in Individuals With T2DM

Published on: April 26, 2021 at 07:00PM
Condition:   Type2 Diabetes
Intervention:   Procedure: Passive heating
Sponsors:   University of Portsmouth;   Portsmouth Hospitals NHS Trust
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04858321?term=diabetes&sfpd_d=14 April 26, 2021 at 03:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Glycemic Observation and Metabolic Outcomes in Mothers and Offspring

Published on: April 26, 2021 at 07:00PM
Conditions:   Gestational Diabetes;   Pregnancy Related
Intervention:   Other: Observational
Sponsors:   Northwestern University;   National Institute of Diabetes and Digestive and Kidney Diseases (NIDDK);   Yale University;   Women and Infants Hospital of Rhode Island;   University of Pittsburgh;   Massachusetts General Hospital;   Tufts Medical Center;   Columbia University;   Kaiser Permanente
Recruiting
https://clinicaltrials.gov/ct2/show/NCT04860336?term=diabetes&sfpd_d=14 April 26, 2021 at 03:24PM

via ClinicalTrials.gov


New diabetes clinical trial: The SUPPORT-Pro Online Platform for Healthcare Professionals Treating Individuals Living With T1D

Published on: April 26, 2021 at 07:00PM
Condition:   Educational Activities
Intervention:   Behavioral: Intervention
Sponsors:   McGill University;   Institut de Recherches Cliniques de Montreal
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04859205?term=diabetes&sfpd_d=14 April 26, 2021 at 03:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Effects of Antenatal Exercises on Clinical Outcomes in Pregnant Females With Gestational Diabetes Mellitus

Published on: April 26, 2021 at 07:00PM
Condition:   Gestational Diabetes
Interventions:   Other: routine physical therapy;   Other: routine physical therapy and antenatal exercises
Sponsor:   University of Lahore
Completed
https://clinicaltrials.gov/ct2/show/NCT04859348?term=diabetes&sfpd_d=14 April 26, 2021 at 03:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Effects of a Lifestyle Intervention on Gestational Diabetes Management

Published on: April 27, 2021 at 07:00PM
Conditions:   Gestational Diabetes;   Obesity;   Nutritional and Metabolic Disease
Intervention:   Behavioral: Dietary Intervention
Sponsor:   University of Nevada, Las Vegas
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04861324?term=diabetes&sfpd_d=14 April 27, 2021 at 03:24PM

via ClinicalTrials.gov


New diabetes clinical trial: SMOKING INTERVENTION AMONG PATIENTS WITH DIABETES

Published on: April 28, 2021 at 07:00PM
Conditions:   Smoking Cessation;   Diabete Mellitus
Intervention:   Behavioral: Brief smoking cessation advise
Sponsor:   Kansaa A.Ibrahim
Completed
https://clinicaltrials.gov/ct2/show/NCT04864327?term=diabetes&sfpd_d=14 April 28, 2021 at 03:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Change of Lifestyle in Elderly Patients With Type 2 Diabetes and Systemic Arterial Hypertension

Published on: April 28, 2021 at 07:00PM
Conditions:   Diabetes;   Hypertension
Interventions:   Behavioral: DASH;   Behavioral: DASHPED
Sponsors:   Hospital de Clinicas de Porto Alegre;   Federal University of Health Science of Porto Alegre
Completed
https://clinicaltrials.gov/ct2/show/NCT04863755?term=diabetes&sfpd_d=14 April 28, 2021 at 03:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Incidence of Hypoglycemia in Pregnant Ladies With or Without Gestational Diabetes Fasting Ramadan

Published on: April 28, 2021 at 07:00PM
Condition:   Pregnancy in Diabetic
Intervention:   Device: Continuous glucose monitoring
Sponsor:   King Abdullah International Medical Research Center
Recruiting
https://clinicaltrials.gov/ct2/show/NCT04862390?term=diabetes&sfpd_d=14 April 28, 2021 at 03:24PM

via ClinicalTrials.gov


New diabetes clinical trial: A Research Study Looking at How Oral Semaglutide Works in People With Type 2 Diabetes in the United Kingdom, as Part of Local Clinical Practice

Published on: April 28, 2021 at 07:00PM
Condition:   Diabetes Mellitus, Type 2
Intervention:   Drug: Oral semaglutide
Sponsor:   Novo Nordisk A/S
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04862923?term=diabetes&sfpd_d=14 April 28, 2021 at 03:24PM

via ClinicalTrials.gov


New diabetes clinical trial: A Research Study to Find Out How Semaglutide Works in the Kidneys Compared to Placebo, in People With Type 2 Diabetes and Chronic Kidney Disease (the REMODEL Trial)

Published on: April 29, 2021 at 07:00PM
Conditions:   Diabetes Mellitus, Type 2;   Chronic Kidney Disease
Interventions:   Drug: Semaglutide;   Drug: Placebo (Semaglutide)
Sponsor:   Novo Nordisk A/S
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04865770?term=diabetes&sfpd_d=14 April 29, 2021 at 01:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Use of Ozonized Water With Toothpaste and Mousse in Non Surgical Periodontal Therapy for Patients With Diabetes Mellitus Type 1: a Randomized Clinical Trial.

Published on: April 29, 2021 at 07:00PM
Condition:   Diabetes Mellitus With Periodontal Disease
Interventions:   Other: Peribioma Toothpaste and Mousse;   Other: Standard toothpaste
Sponsor:   University of Pavia
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04865809?term=diabetes&sfpd_d=14 April 29, 2021 at 01:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Comparison of Manual Skills, Visual-Motor Integration and Participation of Children With and Without Type 1 Diabetes

Published on: April 29, 2021 at 07:00PM
Conditions:   Type 1 Diabetes;   Hand Skills;   Visual Motor Integration;   Participation
Interventions:   Behavioral: Beery- Buktenica Developmental Test of Visual Motor Integration;   Behavioral: Jebsen Taylor Hand Function Test;   Diagnostic Test: Participation and Environment Measure - Children and Youth
Sponsor:   Istanbul Medipol University Hospital
Active, not recruiting
https://clinicaltrials.gov/ct2/show/NCT04866212?term=diabetes&sfpd_d=14 April 29, 2021 at 01:24PM

via ClinicalTrials.gov


New diabetes clinical trial: A Study of A Novel Approach to Titrate Basal Insulin (LY2963016) in Participants With Type 2 Diabetes

Published on: April 29, 2021 at 07:00PM
Conditions:   Type 2 Diabetes;   Type 2 Diabetes Treated With Insulin
Intervention:   Drug: Basal Insulin
Sponsor:   Eli Lilly and Company
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04864977?term=diabetes&sfpd_d=14 April 29, 2021 at 01:24PM

via ClinicalTrials.gov


New diabetes clinical trial: A Transition of Care Model From Hospital to Community for Hispanic/Latino Adult Patients With Diabetes.

Published on: April 29, 2021 at 07:00PM
Condition:   Diabetes Mellitus
Intervention:   Other: Transition of Care Model
Sponsors:   Duke University;   National Institute of Diabetes and Digestive and Kidney Diseases (NIDDK)
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04864639?term=diabetes&sfpd_d=14 April 29, 2021 at 01:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Role of Neuraminidase Activity on Endothelial Dysfunction in Type 2 Diabetes

Published on: April 30, 2021 at 07:00PM
Condition:   Diabetes Mellitus, Type 2
Intervention:   Drug: Zanamivir
Sponsor:   University of Missouri-Columbia
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04867707?term=diabetes&sfpd_d=14 April 30, 2021 at 02:24PM

via ClinicalTrials.gov


New diabetes clinical trial: Observational Study of ASCVD Risks of Type 2 Diabetes in East China

Published on: April 30, 2021 at 07:00PM
Conditions:   Type 2 Diabetes Mellitus;   Arteriosclerotic Cardiovascular Disease;   Liraglutide
Intervention:  
Sponsors:   Zhejiang Provincial People's Hospital;   Zhejiang Provence Preventive Medicine Association;   Ningbo Medical Center Lihuili Hospital;   Affiliated Cixi Hospital of Wenzhou Medical University;   Putuo People's Hospital;   The Second People's Hospital of Yuhuan;   Wenling People's Hospital;   ShuGuang Hospital;   The First People's Hospital of Jiaxing;   Nanxun People's Hospital;   First People's Hospital Affiliated to Huzhou University;   Lishui Hospital of TCM;   Hangzhou hospital of Chinese Traditional Medicine;   Zhejiang Greentown Cardiovascular Hospital;   Red Cross Hospital of Hangzhou;   The Second School of Medicine,WMU;   The First People's Hospital of Xiaoshan;   Zhejiang Xiaoshan hospital;   Yiwu Central Hospital;   Quzhou Hospital;   Jinhua Hospital of TCM;   Shaoxing Central Hospital;   Shaoxinig Second Hospital;   Huamei hospital, University of Chinese Academy of Sciences
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04866667?term=diabetes&sfpd_d=14 April 30, 2021 at 02:24PM

via ClinicalTrials.gov


New diabetes clinical trial: A Study of LY3437943 in Participants With Type 2 Diabetes

Published on: April 30, 2021 at 07:00PM
Condition:   Type 2 Diabetes
Interventions:   Drug: LY3437943;   Drug: Dulaglutide;   Drug: Placebo
Sponsor:   Eli Lilly and Company
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04867785?term=diabetes&sfpd_d=14 April 30, 2021 at 02:24PM

via ClinicalTrials.gov


Weekly Update: a new vulnerability is published on the National Vulnerability Database (42 items)

New vulnerabilities from the NVD: CVE-2020-15078

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Published at: April 26, 2021 at 05:15PM
View on website

April 26, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-17517

The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users. This affected Apache Ozone prior to the 1.1.0 release. Improper Authorization vulnerability in __COMPONENT__ of Apache Ozone allows an attacker to __IMPACT__. This issue affects Apache Ozone Apache Ozone version 1.0.0 and prior versions.
Published at: April 27, 2021 at 12:15PM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25042

Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25041

Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25040

Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25039

Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25038

Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25037

Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25036

Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25035

Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25034

Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25033

Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25032

Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25031

Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.
Published at: April 27, 2021 at 09:15AM
View on website

April 27, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-35542

Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack.
Published at: April 27, 2021 at 02:15PM
View on website

April 27, 2021 at 03:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-22001

HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution.
Published at: April 27, 2021 at 09:15PM
View on website

April 27, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-22000

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function.
Published at: April 27, 2021 at 09:15PM
View on website

April 27, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21998

In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
Published at: April 27, 2021 at 09:15PM
View on website

April 27, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21989

HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
Published at: April 27, 2021 at 09:15PM
View on website

April 27, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21987

HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session.
Published at: April 27, 2021 at 09:15PM
View on website

April 27, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-36326

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation.
Published at: April 28, 2021 at 06:15AM
View on website

April 28, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21996

AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario.
Published at: April 28, 2021 at 06:15PM
View on website

April 28, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21994

AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.
Published at: April 28, 2021 at 06:15PM
View on website

April 28, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21993

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.
Published at: April 28, 2021 at 06:15PM
View on website

April 28, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21991

AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials.
Published at: April 28, 2021 at 05:15PM
View on website

April 28, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18020

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component.
Published at: April 28, 2021 at 05:15PM
View on website

April 28, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18019

SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the "typeid" variable of the "createfolderAjax" function in the "mode_worcAction.php" component.
Published at: April 28, 2021 at 05:15PM
View on website

April 28, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18022

Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component.
Published at: April 28, 2021 at 07:15PM
View on website

April 28, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-17999

Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to execute arbitrary code by injecting commands via a crafted HTTP request to the component "/mc-admin/post-edit.php".
Published at: April 28, 2021 at 07:15PM
View on website

April 28, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21997

Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control.
Published at: April 29, 2021 at 06:15PM
View on website

April 29, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21995

Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system.
Published at: April 29, 2021 at 06:15PM
View on website

April 29, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21992

Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place.
Published at: April 29, 2021 at 06:15PM
View on website

April 29, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21990

Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.
Published at: April 29, 2021 at 05:15PM
View on website

April 29, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21452

An issue was discovered in uniview ISC2500-S. This is an upload vulnerability where an attacker can upload malicious code via /Interface/DevManage/EC.php?cmd=upload
Published at: April 29, 2021 at 08:15PM
View on website

April 29, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21101

Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the 'Add Asset' page via manipulation of a 'URL' field, which could let a remote malicious user execute arbitrary code.
Published at: April 29, 2021 at 08:15PM
View on website

April 29, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18032

Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.
Published at: April 29, 2021 at 09:15PM
View on website

April 29, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15225

django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a `MaxValueValidator` with a a default `limit_value` of 1e50 to the form field used by `NumberFilter` instances. In addition, `NumberFilter` implements the new `get_max_validator()` which should return a configured validator instance to customise the limit, or else `None` to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade.
Published at: April 30, 2021 at 12:15AM
View on website

April 30, 2021 at 01:37AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18035

Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to execute arbitrary code by injecting commands into the "CKEditorFuncNum" parameter in the component "CkeditorUploadController.java".
Published at: April 30, 2021 at 02:15AM
View on website

April 30, 2021 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18070

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php".
Published at: April 30, 2021 at 03:15AM
View on website

April 30, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-1721

A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
Published at: April 30, 2021 at 03:15PM
View on website

April 30, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15153

Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch.
Published at: April 30, 2021 at 07:15PM
View on website

April 30, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18084

Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in.
Published at: May 01, 2021 at 12:15AM
View on website

May 01, 2021 at 01:36AM

via National Vulnerability Database