четвъртък, 16 март 2023 г.

Weekly Digest: a new vulnerability is published on the National Vulnerability Database (33 items)


New vulnerabilities from the NVD: CVE-2020-26008

The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.
Published at: March 21, 2022 at 12:15AM
View on website

March 21, 2022 at 02:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-26007

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
Published at: March 21, 2022 at 12:15AM
View on website

March 21, 2022 at 02:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24772

In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking).
Published at: March 21, 2022 at 05:15PM
View on website

March 21, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-25019

The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
Published at: March 21, 2022 at 09:15PM
View on website

March 21, 2022 at 10:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-24905

The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users.
Published at: March 21, 2022 at 09:15PM
View on website

March 21, 2022 at 10:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-33961

A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter.
Published at: March 22, 2022 at 11:15PM
View on website

March 23, 2022 at 12:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-25220

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.
Published at: March 23, 2022 at 03:15PM
View on website

March 23, 2022 at 04:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-38772

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.
Published at: March 23, 2022 at 09:15PM
View on website

March 23, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-38278

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.
Published at: March 23, 2022 at 09:15PM
View on website

March 23, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-27466

A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
Published at: March 23, 2022 at 10:15PM
View on website

March 24, 2022 at 12:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-27464

The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.
Published at: March 23, 2022 at 10:15PM
View on website

March 24, 2022 at 12:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-27462

A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
Published at: March 23, 2022 at 10:15PM
View on website

March 24, 2022 at 12:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-27460

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines.
Published at: March 23, 2022 at 10:15PM
View on website

March 24, 2022 at 12:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-27456

Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.
Published at: March 23, 2022 at 10:15PM
View on website

March 24, 2022 at 12:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-27430

GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.
Published at: March 23, 2022 at 10:15PM
View on website

March 24, 2022 at 12:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-27428

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool â€" Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10.
Published at: March 23, 2022 at 10:15PM
View on website

March 24, 2022 at 12:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-27426

GE UR IED firmware versions prior to version 8.1x with “Basic� security variant does not allow the disabling of the “Factory Mode,� which is used for servicing the IED by a “Factory� user.
Published at: March 23, 2022 at 10:15PM
View on website

March 24, 2022 at 12:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-27424

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed� MODBUS register can be used to gain unauthorized information.
Published at: March 23, 2022 at 10:15PM
View on website

March 24, 2022 at 12:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-27422

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication.
Published at: March 23, 2022 at 10:15PM
View on website

March 24, 2022 at 12:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-27420

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.
Published at: March 23, 2022 at 10:15PM
View on website

March 24, 2022 at 12:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-27418

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings.
Published at: March 23, 2022 at 10:15PM
View on website

March 24, 2022 at 12:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20096

Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.
Published at: March 24, 2022 at 12:15AM
View on website

March 24, 2022 at 02:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20095

iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.
Published at: March 24, 2022 at 12:15AM
View on website

March 24, 2022 at 02:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20094

Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages
Published at: March 24, 2022 at 12:15AM
View on website

March 24, 2022 at 02:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20093

The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.
Published at: March 24, 2022 at 12:15AM
View on website

March 24, 2022 at 02:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-25032

zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Published at: March 25, 2022 at 11:15AM
View on website

March 25, 2022 at 12:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21554

A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms.
Published at: March 25, 2022 at 06:15PM
View on website

March 25, 2022 at 08:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-26622

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.
Published at: March 25, 2022 at 09:15PM
View on website

March 25, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-26621

An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter values to memory through the strcpy() function.
Published at: March 25, 2022 at 09:15PM
View on website

March 25, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-26620

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords.
Published at: March 25, 2022 at 09:15PM
View on website

March 25, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-22100

In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or manage apps.
Published at: March 25, 2022 at 09:15PM
View on website

March 25, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-20323

A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
Published at: March 25, 2022 at 09:15PM
View on website

March 25, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-20290

An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.
Published at: March 25, 2022 at 09:15PM
View on website

March 25, 2022 at 10:33PM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар