четвъртък, 16 март 2023 г.

Weekly Digest: a new vulnerability is published on the National Vulnerability Database (39 items)


New vulnerabilities from the NVD: CVE-2021-0660

In ccu, there is a possible out of bounds read due to incorrect error handling. This could lead to information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827145; Issue ID: ALPS05827145.
Published at: September 27, 2021 at 03:15PM
View on website

September 27, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-0612

In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425834.
Published at: September 27, 2021 at 03:15PM
View on website

September 27, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-0611

In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425810.
Published at: September 27, 2021 at 03:15PM
View on website

September 27, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-0610

In memory management driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05411456.
Published at: September 27, 2021 at 03:15PM
View on website

September 27, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-0425

In memory management driver, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05400059.
Published at: September 27, 2021 at 03:15PM
View on website

September 27, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-0424

In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05393787.
Published at: September 27, 2021 at 03:15PM
View on website

September 27, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-0423

In memory management driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05385714.
Published at: September 27, 2021 at 03:15PM
View on website

September 27, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-0422

In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381071.
Published at: September 27, 2021 at 03:15PM
View on website

September 27, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-0421

In memory management driver, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381235.
Published at: September 27, 2021 at 03:15PM
View on website

September 27, 2021 at 05:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24930

Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.
Published at: September 28, 2021 at 12:15AM
View on website

September 28, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20696

A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.
Published at: September 28, 2021 at 01:15AM
View on website

September 28, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20695

A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
Published at: September 28, 2021 at 01:15AM
View on website

September 28, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20693

A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
Published at: September 28, 2021 at 01:15AM
View on website

September 28, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20692

GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
Published at: September 28, 2021 at 01:15AM
View on website

September 28, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20691

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
Published at: September 28, 2021 at 01:15AM
View on website

September 28, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20125

EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability in espcms_web\espcms_load.php.
Published at: September 29, 2021 at 02:15AM
View on website

September 29, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20124

Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.
Published at: September 29, 2021 at 02:15AM
View on website

September 29, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20122

Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.
Published at: September 29, 2021 at 02:15AM
View on website

September 29, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20120

ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.
Published at: September 29, 2021 at 02:15AM
View on website

September 29, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12030

There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway.
Published at: September 29, 2021 at 11:15PM
View on website

September 30, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20781

A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.
Published at: September 30, 2021 at 02:15AM
View on website

September 30, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20131

LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module.
Published at: September 30, 2021 at 01:15AM
View on website

September 30, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20129

LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor.
Published at: September 30, 2021 at 01:15AM
View on website

September 30, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20128

LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers.
Published at: September 30, 2021 at 01:15AM
View on website

September 30, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18685

Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs.
Published at: September 30, 2021 at 05:15AM
View on website

September 30, 2021 at 08:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18684

Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number.
Published at: September 30, 2021 at 05:15AM
View on website

September 30, 2021 at 08:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18683

Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling.
Published at: September 30, 2021 at 05:15AM
View on website

September 30, 2021 at 08:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20665

rudp v0.6 was discovered to contain a memory leak in the component main.c.
Published at: September 30, 2021 at 08:15PM
View on website

September 30, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20664

libiec_iccp_mod v1.5 contains a segmentation violation in the component server_example1.c.
Published at: September 30, 2021 at 08:15PM
View on website

September 30, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20663

libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_connection.c.
Published at: September 30, 2021 at 08:15PM
View on website

September 30, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20662

libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_example1.c.
Published at: September 30, 2021 at 08:15PM
View on website

September 30, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20746

A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.
Published at: October 01, 2021 at 12:15AM
View on website

October 01, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20799

JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter.
Published at: October 01, 2021 at 01:15AM
View on website

October 01, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20797

FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php.
Published at: October 01, 2021 at 01:15AM
View on website

October 01, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20796

FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter.
Published at: October 01, 2021 at 01:15AM
View on website

October 01, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21014

emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.
Published at: October 01, 2021 at 10:15PM
View on website

October 01, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21013

emlog v6.0.0 contains a SQL injection via /admin/comment.php.
Published at: October 01, 2021 at 10:15PM
View on website

October 01, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21012

Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.
Published at: October 01, 2021 at 10:15PM
View on website

October 01, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21228

JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
Published at: October 02, 2021 at 12:15AM
View on website

October 02, 2021 at 01:33AM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар