четвъртък, 16 март 2023 г.

Weekly Digest: a new vulnerability is published on the National Vulnerability Database (41 items)



New vulnerabilities from the NVD: CVE-2021-25026

The Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Published at: March 14, 2022 at 05:15PM
View on website

March 14, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-25007

The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection
Published at: March 14, 2022 at 05:15PM
View on website

March 14, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-25006

The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
Published at: March 14, 2022 at 05:15PM
View on website

March 14, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-25003

The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE
Published at: March 14, 2022 at 05:15PM
View on website

March 14, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-24996

The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting
Published at: March 14, 2022 at 05:15PM
View on website

March 14, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-24995

The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Published at: March 14, 2022 at 05:15PM
View on website

March 14, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-24982

The Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard
Published at: March 14, 2022 at 05:15PM
View on website

March 14, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-24966

The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
Published at: March 14, 2022 at 05:15PM
View on website

March 14, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-24959

The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks.
Published at: March 14, 2022 at 05:15PM
View on website

March 14, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-24958

The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site Scripting payloads in them
Published at: March 14, 2022 at 05:15PM
View on website

March 14, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-24950

The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attacks
Published at: March 14, 2022 at 05:15PM
View on website

March 14, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-24940

The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue
Published at: March 14, 2022 at 05:15PM
View on website

March 14, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-24897

The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks
Published at: March 14, 2022 at 05:15PM
View on website

March 14, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-24895

The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Published at: March 14, 2022 at 05:15PM
View on website

March 14, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-24692

The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector.
Published at: March 14, 2022 at 05:15PM
View on website

March 14, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-4989

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707.
Published at: March 15, 2022 at 07:15PM
View on website

March 15, 2022 at 08:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-36519

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)
Published at: March 16, 2022 at 02:15AM
View on website

March 16, 2022 at 07:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-23165

A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
Published at: March 16, 2022 at 05:15PM
View on website

March 16, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-23158

A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service.
Published at: March 16, 2022 at 05:15PM
View on website

March 16, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-20299

A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Published at: March 16, 2022 at 05:15PM
View on website

March 16, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-20257

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Published at: March 16, 2022 at 05:15PM
View on website

March 16, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-20180

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
Published at: March 16, 2022 at 05:15PM
View on website

March 16, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-0957

In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193149550
Published at: March 16, 2022 at 05:15PM
View on website

March 16, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25721

Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.
Published at: March 16, 2022 at 05:15PM
View on website

March 16, 2022 at 06:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-23648

The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.
Published at: March 16, 2022 at 06:15PM
View on website

March 16, 2022 at 08:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-23771

This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878).
Published at: March 17, 2022 at 02:15PM
View on website

March 17, 2022 at 04:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-23632

All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js var Git = require("git").Git; var repo = new Git("repo-test"); var user_input = "version; date"; repo.git(user_input, function(err, result) { console.log(result); }) 2. In the same directory as exploit.js, run npm install git. 3. Run exploit.js: node exploit.js. You should see the outputs of both the git version and date command-lines. Note that the repo-test Git repository does not need to be present to make this PoC work.
Published at: March 17, 2022 at 02:15PM
View on website

March 17, 2022 at 04:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-23556

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. **Note:** Exploitation requires the user to have installed another malicious program that will be able to send dbus signals or run terminal commands.
Published at: March 17, 2022 at 02:15PM
View on website

March 17, 2022 at 04:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15591

fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution).
Published at: March 17, 2022 at 06:15PM
View on website

March 17, 2022 at 08:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-22571

A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.
Published at: March 18, 2022 at 01:15PM
View on website

March 18, 2022 at 02:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-23209

Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP â€" Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32).
Published at: March 18, 2022 at 08:15PM
View on website

March 18, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2021-23150

Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP â€" Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.31).
Published at: March 18, 2022 at 08:15PM
View on website

March 18, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25197

A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system.
Published at: March 18, 2022 at 08:15PM
View on website

March 18, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25193

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.
Published at: March 18, 2022 at 08:15PM
View on website

March 18, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25184

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure.
Published at: March 18, 2022 at 08:15PM
View on website

March 18, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25182

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.
Published at: March 18, 2022 at 08:15PM
View on website

March 18, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25180

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.
Published at: March 18, 2022 at 08:15PM
View on website

March 18, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25178

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.
Published at: March 18, 2022 at 08:15PM
View on website

March 18, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25176

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.
Published at: March 18, 2022 at 08:15PM
View on website

March 18, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16232

In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file.
Published at: March 18, 2022 at 08:15PM
View on website

March 18, 2022 at 10:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15388

A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.
Published at: March 18, 2022 at 08:15PM
View on website

March 18, 2022 at 10:33PM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар