New vulnerabilities from the NVD: CVE-2020-21133 | |
SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid. Published at: July 12, 2021 at 04:15PM View on website July 12, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21132 | | |
New vulnerabilities from the NVD: CVE-2020-21131 | | SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage. Published at: July 12, 2021 at 04:15PM View on website July 12, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18980 | | Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. Published at: July 12, 2021 at 06:15PM View on website July 12, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18979 | | Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via theX-forwarded-for Header parameter. Published at: July 12, 2021 at 06:15PM View on website July 12, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19204 | | Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 is affected by: Cross Site Scripting (XSS). The impact is: Session Hijacking (local). The component is: Affected at Routing configuration via the "Remark" text box or "remark" parameter. The attack vector is: Attacker need to craft the malicious javascript code. Published at: July 12, 2021 at 07:15PM View on website July 12, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19203 | | Netgate pfSense Community Edition 2.4.4 - p2 (arm64) is affected by: Cross Site Scripting (XSS). The impact is: Session Hijacking, Information Leakage (local). The component is: pfSense Dashboard, Work-on-LAN Service configuration. The attack vector is: Inject the malicious JavaScript code in Description text box or parameter. Published at: July 12, 2021 at 07:15PM View on website July 12, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19201 | | Netgate pfSense 2.4.4 - p2 is affected by: Cross Site Scripting (XSS). The impact is: Authenticated Stored XSS in NAT Configuration (local). The component is: Description Text box, Status/Reload Filter Page. The attack vector is: An attacker get access to the victim's session by performing the CSRF and gather the cookie and session ids or possibly can change the victims NAT configuration using this Stored XSS. This attack can possibly spoof the victim's informations. Published at: July 12, 2021 at 07:15PM View on website July 12, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19038 | | |
New vulnerabilities from the NVD: CVE-2020-19037 | | Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. Published at: July 12, 2021 at 08:15PM View on website July 12, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18982 | | |
New vulnerabilities from the NVD: CVE-2020-19907 | | A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service. Published at: July 12, 2021 at 11:15PM View on website July 13, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18544 | | SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php". Published at: July 12, 2021 at 11:15PM View on website July 13, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11307 | | Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables Published at: July 13, 2021 at 09:15AM View on website July 13, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20250 | | Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference. Published at: July 13, 2021 at 03:15PM View on website July 13, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20252 | | Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). Published at: July 13, 2021 at 09:15PM View on website July 13, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19722 | | An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS). Published at: July 14, 2021 at 01:15AM View on website July 14, 2021 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19721 | | A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS). Published at: July 14, 2021 at 01:15AM View on website July 14, 2021 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19720 | | An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). Published at: July 14, 2021 at 01:15AM View on website July 14, 2021 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19719 | | A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (DOS). Published at: July 14, 2021 at 01:15AM View on website July 14, 2021 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19718 | | An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). Published at: July 14, 2021 at 01:15AM View on website July 14, 2021 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19717 | | An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). Published at: July 14, 2021 at 01:15AM View on website July 14, 2021 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19716 | | A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). Published at: July 14, 2021 at 01:15AM View on website July 14, 2021 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19715 | | An integer overflow vulnerability in the getUShort function of Exiv2 0.27.1 results in segmentation faults within the application, leading to a denial of service (DOS). Published at: July 14, 2021 at 01:15AM View on website July 14, 2021 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0417 | | In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-154319182 Published at: July 14, 2021 at 05:15PM View on website July 14, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-11098 | | Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. Published at: July 14, 2021 at 05:15PM View on website July 14, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18144 | | SQL Injection Vulnerability in ECTouch v2 via the integral_min parameter in index.php. Published at: July 14, 2021 at 08:15PM View on website July 14, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18151 | | Cross Site Request Forgerly (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account. Published at: July 14, 2021 at 10:15PM View on website July 14, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18145 | | Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php. Published at: July 14, 2021 at 09:15PM View on website July 14, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18155 | | SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection. Published at: July 14, 2021 at 11:15PM View on website July 15, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-15496 | | Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions. Published at: July 15, 2021 at 05:15PM View on website July 15, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-15495 | | Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration. Published at: July 15, 2021 at 06:15PM View on website July 15, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12731 | | The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications. Published at: July 15, 2021 at 06:15PM View on website July 15, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12730 | | MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. Published at: July 15, 2021 at 06:15PM View on website July 15, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12729 | | MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors. Published at: July 15, 2021 at 06:15PM View on website July 15, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12734 | | DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Default settings. Published at: July 15, 2021 at 07:15PM View on website July 15, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12733 | | Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account. Published at: July 15, 2021 at 07:15PM View on website July 15, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12732 | | DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678. Published at: July 15, 2021 at 07:15PM View on website July 15, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11633 | | The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges. Published at: July 15, 2021 at 09:15PM View on website July 15, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11634 | | The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context. Published at: July 15, 2021 at 11:15PM View on website July 16, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11632 | | The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges. Published at: July 15, 2021 at 11:15PM View on website July 16, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-3752 | | Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request. Published at: July 17, 2021 at 01:15AM View on website July 17, 2021 at 03:36AM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар