Weekly Update: a new vulnerability is published on the National Vulnerability Database (74 items)

New vulnerabilities from the NVD: CVE-2021-24303 The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues Published at: September 06, 2021 at 02:15PM View on website September 06, 2021 at 03:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-15939 An improper access control vulnerability (CWE-284) in FortiSandbox versions 3.2.1 and below and 3.1.4 and below may allow an authenticated, unprivileged attacker to download the device configuration file via the recovery URL. Published at: September 06, 2021 at 07:15PM View on website September 06, 2021 at 09:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-7877 A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command. Published at: September 07, 2021 at 03:15PM View on website September 07, 2021 at 05:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-5318 A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability. Published at: September 07, 2021 at 04:15PM View on website September 07, 2021 at 05:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-7865 A vulnerability(improper input validation) in the ExECM CoreB2B solution allows an unauthenticated attacker to download and execute an arbitrary file via httpDownload function. A successful exploit could allow the attacker to hijack vulnerable system. Published at: September 07, 2021 at 06:15PM View on website September 07, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-7832 A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832) Published at: September 07, 2021 at 06:15PM View on website September 07, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-7819 A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. Published at: September 07, 2021 at 06:15PM View on website September 07, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19131 Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". Published at: September 07, 2021 at 06:15PM View on website September 07, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19752 The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference. Published at: September 07, 2021 at 11:15PM View on website September 08, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19751 An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read. Published at: September 07, 2021 at 11:15PM View on website September 08, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19750 An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read. Published at: September 07, 2021 at 11:15PM View on website September 08, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19769 A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script. Published at: September 08, 2021 at 01:15AM View on website September 08, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19768 A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script. Published at: September 08, 2021 at 01:15AM View on website September 08, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19767 A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script. Published at: September 08, 2021 at 01:15AM View on website September 08, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19766 The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application. Published at: September 08, 2021 at 01:15AM View on website September 08, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19765 An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack. Published at: September 08, 2021 at 01:15AM View on website September 08, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19855 phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php. Published at: September 08, 2021 at 03:15AM View on website September 08, 2021 at 08:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19853 BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php. Published at: September 08, 2021 at 03:15AM View on website September 08, 2021 at 08:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-23404 This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack. Published at: September 08, 2021 at 02:15PM View on website September 08, 2021 at 03:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-29012 An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks) Published at: September 08, 2021 at 02:15PM View on website September 08, 2021 at 03:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1972 Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Published at: September 08, 2021 at 03:15PM View on website September 08, 2021 at 05:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1930 Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile Published at: September 08, 2021 at 03:15PM View on website September 08, 2021 at 05:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1929 Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables Published at: September 08, 2021 at 03:15PM View on website September 08, 2021 at 05:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1928 Buffer over read could occur due to incorrect check of buffer size while flashing emmc devices in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Published at: September 08, 2021 at 03:15PM View on website September 08, 2021 at 05:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1923 Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT Published at: September 08, 2021 at 03:15PM View on website September 08, 2021 at 05:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1920 Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables Published at: September 08, 2021 at 03:15PM View on website September 08, 2021 at 05:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1919 Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables Published at: September 08, 2021 at 03:15PM View on website September 08, 2021 at 05:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1916 Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables Published at: September 08, 2021 at 03:15PM View on website September 08, 2021 at 05:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1914 Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables Published at: September 08, 2021 at 03:15PM View on website September 08, 2021 at 05:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1904 Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Published at: September 08, 2021 at 03:15PM View on website September 08, 2021 at 05:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-11301 Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Published at: September 08, 2021 at 03:15PM View on website September 08, 2021 at 05:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-11264 Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music Published at: September 08, 2021 at 03:15PM View on website September 08, 2021 at 05:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1809 A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory. Published at: September 08, 2021 at 06:15PM View on website September 08, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1808 A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory. Published at: September 08, 2021 at 06:15PM View on website September 08, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1807 A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4. A local user may be able to write arbitrary files. Published at: September 08, 2021 at 06:15PM View on website September 08, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1784 A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to modify protected parts of the file system. Published at: September 08, 2021 at 06:15PM View on website September 08, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1770 A buffer overflow may result in arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A logic issue was addressed with improved state management. Published at: September 08, 2021 at 06:15PM View on website September 08, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1762 An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. Published at: September 08, 2021 at 06:15PM View on website September 08, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1740 A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system. Published at: September 08, 2021 at 06:15PM View on website September 08, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2021-1739 A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system. Published at: September 08, 2021 at 06:15PM View on website September 08, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-27942 A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing a maliciously crafted font file may lead to arbitrary code execution. Published at: September 08, 2021 at 06:15PM View on website September 08, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-27940 This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. An attacker with file system access may modify scripts used by the app. Published at: September 08, 2021 at 06:15PM View on website September 08, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-24672 A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: . Published at: September 08, 2021 at 07:15PM View on website September 08, 2021 at 09:55PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-26772 Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the 'AjaxRun()' function. Published at: September 09, 2021 at 12:15AM View on website September 09, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19138 Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java". Published at: September 09, 2021 at 12:15AM View on website September 09, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19137 Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10". Published at: September 09, 2021 at 12:15AM View on website September 09, 2021 at 01:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-26300 systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix. Published at: September 09, 2021 at 04:15AM View on website September 09, 2021 at 08:34AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-7874 Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension. Published at: September 09, 2021 at 04:15PM View on website September 09, 2021 at 05:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-7873 Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution. Published at: September 09, 2021 at 04:15PM View on website September 09, 2021 at 05:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19515 qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php. Published at: September 09, 2021 at 06:15PM View on website September 09, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19144 Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'. Published at: September 09, 2021 at 06:15PM View on website September 09, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19143 Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'. Published at: September 09, 2021 at 06:15PM View on website September 09, 2021 at 07:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19268 A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users. Published at: September 09, 2021 at 09:15PM View on website September 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19267 An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. Published at: September 09, 2021 at 09:15PM View on website September 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19266 A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML. Published at: September 09, 2021 at 09:15PM View on website September 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19265 A stored cross-site scripting (XSS) vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML. Published at: September 09, 2021 at 09:15PM View on website September 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19264 A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd. Published at: September 09, 2021 at 09:15PM View on website September 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19263 A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit. Published at: September 09, 2021 at 09:15PM View on website September 09, 2021 at 11:33PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19294 A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section. Published at: September 10, 2021 at 02:15AM View on website September 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19293 A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article. Published at: September 10, 2021 at 02:15AM View on website September 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19292 A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question. Published at: September 10, 2021 at 02:15AM View on website September 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19291 A stored cross-site scripting (XSS) vulnerability in the /weibo/publishdata component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted Weibo. Published at: September 10, 2021 at 02:15AM View on website September 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19290 A stored cross-site scripting (XSS) vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section. Published at: September 10, 2021 at 02:15AM View on website September 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19289 A stored cross-site scripting (XSS) vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab. Published at: September 10, 2021 at 02:15AM View on website September 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19288 A stored cross-site scripting (XSS) vulnerability in the /localhost/u component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a private message. Published at: September 10, 2021 at 02:15AM View on website September 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19287 A stored cross-site scripting (XSS) vulnerability in the /group/post component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title. Published at: September 10, 2021 at 02:15AM View on website September 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19286 A stored cross-site scripting (XSS) vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor. Published at: September 10, 2021 at 02:15AM View on website September 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19285 A stored cross-site scripting (XSS) vulnerability in the /group/apply component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name text field. Published at: September 10, 2021 at 02:15AM View on website September 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19284 A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field. Published at: September 10, 2021 at 02:15AM View on website September 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19283 A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. Published at: September 10, 2021 at 02:15AM View on website September 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19282 A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. Published at: September 10, 2021 at 02:15AM View on website September 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19281 A stored cross-site scripting (XSS) vulnerability in the /manage/loginusername component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username field. Published at: September 10, 2021 at 02:15AM View on website September 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-19280 Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations. Published at: September 10, 2021 at 02:15AM View on website September 10, 2021 at 03:33AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-19957 A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS 4.5.4.1715 build 20210630 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 build 20210809 and later Published at: September 10, 2021 at 07:15AM View on website September 10, 2021 at 08:33AM via National Vulnerability Database