New vulnerabilities from the NVD: CVE-2020-10666 | |
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command. Published at: May 31, 2021 at 03:15PM View on website May 31, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4730 | | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533. Published at: June 01, 2021 at 05:15PM View on website June 01, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4724 | | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130. Published at: June 01, 2021 at 05:15PM View on website June 01, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4723 | | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129. Published at: June 01, 2021 at 05:15PM View on website June 01, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4722 | | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128. Published at: June 01, 2021 at 05:15PM View on website June 01, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4653 | | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170964. Published at: June 01, 2021 at 05:15PM View on website June 01, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4471 | | IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780. Published at: June 01, 2021 at 05:15PM View on website June 01, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10743 | | It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking. Published at: June 02, 2021 at 02:15PM View on website June 02, 2021 at 03:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10742 | | A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability. Published at: June 02, 2021 at 02:15PM View on website June 02, 2021 at 03:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14388 | | A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission. Published at: June 02, 2021 at 04:15PM View on website June 02, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14380 | | An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite. Published at: June 02, 2021 at 04:15PM View on website June 02, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14371 | | A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite. Published at: June 02, 2021 at 04:15PM View on website June 02, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14340 | | A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final. Published at: June 02, 2021 at 04:15PM View on website June 02, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14336 | | A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability. Published at: June 02, 2021 at 03:15PM View on website June 02, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14335 | | A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability. Published at: June 02, 2021 at 03:15PM View on website June 02, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14326 | | A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service. Published at: June 02, 2021 at 03:15PM View on website June 02, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14317 | | It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root. Published at: June 02, 2021 at 03:15PM View on website June 02, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10771 | | A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack. Published at: June 02, 2021 at 03:15PM View on website June 02, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-12067 | | The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. Published at: June 02, 2021 at 06:15PM View on website June 02, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-10195 | | lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. Published at: June 02, 2021 at 05:15PM View on website June 02, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-8761 | | In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected. Published at: June 02, 2021 at 05:15PM View on website June 02, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-1877 | | The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file. Published at: June 02, 2021 at 08:15PM View on website June 02, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2011-3656 | | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing. Published at: June 02, 2021 at 08:15PM View on website June 02, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2009-0948 | | Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02. Published at: June 02, 2021 at 07:15PM View on website June 02, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2009-0947 | | Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02. Published at: June 02, 2021 at 07:15PM View on website June 02, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21005 | | WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell. Published at: June 03, 2021 at 05:15PM View on website June 03, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21003 | | |
New vulnerabilities from the NVD: CVE-2019-14584 | | Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. Published at: June 03, 2021 at 11:15PM View on website June 04, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-15077 | | OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. Published at: June 04, 2021 at 02:15PM View on website June 04, 2021 at 03:36PM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар