New vulnerabilities from the NVD: CVE-2020-15303 | |
Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564. Published at: June 28, 2021 at 04:15PM View on website June 28, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-1138 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: Assigned as a duplicate of CVE-2019-14827. Published at: June 28, 2021 at 03:15PM View on website June 28, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20640 | | Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability. Published at: June 28, 2021 at 09:15PM View on website June 28, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21142 | | Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi. Published at: June 28, 2021 at 11:15PM View on website June 29, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21394 | | SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php. Published at: June 29, 2021 at 08:15PM View on website June 29, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18066 | | Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment. Published at: June 29, 2021 at 09:15PM View on website June 29, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18906 | | A Use of Password Hash Instead of Password for Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4. Published at: June 30, 2021 at 12:15PM View on website June 30, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-36407 | | libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid. Published at: July 01, 2021 at 06:15AM View on website July 01, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-36406 | | uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). Published at: July 01, 2021 at 06:15AM View on website July 01, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-36405 | | |
New vulnerabilities from the NVD: CVE-2020-36404 | | Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl. Published at: July 01, 2021 at 06:15AM View on website July 01, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-36403 | | HTSlib 1.10 through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read). Published at: July 01, 2021 at 06:15AM View on website July 01, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-36402 | | Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change. Published at: July 01, 2021 at 06:15AM View on website July 01, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-36401 | | mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free). Published at: July 01, 2021 at 06:15AM View on website July 01, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-36400 | | ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235. Published at: July 01, 2021 at 06:15AM View on website July 01, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-36196 | | A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0. Published at: July 01, 2021 at 05:15AM View on website July 01, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-36194 | | An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414. This issue does not affect: QNAP Systems Inc. QTS 4.5.3. Published at: July 01, 2021 at 05:15AM View on website July 01, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-25049 | | LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx). Published at: July 01, 2021 at 06:15AM View on website July 01, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-25048 | | LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print). Published at: July 01, 2021 at 06:15AM View on website July 01, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-25018 | | UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext. Published at: July 01, 2021 at 06:15AM View on website July 01, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-25017 | | RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in TableLookUp::setTable. Published at: July 01, 2021 at 06:15AM View on website July 01, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-20006 | | UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile). Published at: July 01, 2021 at 06:15AM View on website July 01, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-27362 | | An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges. Published at: July 01, 2021 at 07:15PM View on website July 01, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-27361 | | An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories. Published at: July 01, 2021 at 07:15PM View on website July 01, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23219 | | Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module. Published at: July 02, 2021 at 12:15AM View on website July 02, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23217 | | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module. Published at: July 02, 2021 at 12:15AM View on website July 02, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23214 | | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module. Published at: July 02, 2021 at 12:15AM View on website July 02, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23209 | | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module. Published at: July 02, 2021 at 12:15AM View on website July 02, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23208 | | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module. Published at: July 02, 2021 at 12:15AM View on website July 02, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23207 | | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module. Published at: July 02, 2021 at 12:15AM View on website July 02, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23205 | | A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module. Published at: July 02, 2021 at 12:15AM View on website July 02, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23194 | | A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. Published at: July 02, 2021 at 09:15PM View on website July 02, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23192 | | A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module. Published at: July 02, 2021 at 09:15PM View on website July 02, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23190 | | A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. Published at: July 02, 2021 at 09:15PM View on website July 02, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23185 | | A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. Published at: July 02, 2021 at 09:15PM View on website July 02, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23184 | | A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field. Published at: July 02, 2021 at 09:15PM View on website July 02, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23182 | | The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel. Published at: July 02, 2021 at 09:15PM View on website July 02, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23181 | | A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field. Published at: July 02, 2021 at 09:15PM View on website July 02, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23179 | | A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site footer" field. Published at: July 02, 2021 at 09:15PM View on website July 02, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23178 | | An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user. Published at: July 02, 2021 at 09:15PM View on website July 02, 2021 at 11:36PM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар