New vulnerabilities from the NVD: CVE-2020-12781 | | Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. Published at: August 10, 2020 at 06:15AM View on website August 10, 2020 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12780 | | A security misconfiguration exists in Combodo iTop, which can expose sensitive information. Published at: August 10, 2020 at 06:15AM View on website August 10, 2020 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12779 | | Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. Published at: August 10, 2020 at 06:15AM View on website August 10, 2020 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12778 | | Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. Published at: August 10, 2020 at 06:15AM View on website August 10, 2020 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12777 | | A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. Published at: August 10, 2020 at 06:15AM View on website August 10, 2020 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13295 | | For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. Published at: August 10, 2020 at 05:15PM View on website August 10, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13294 | | In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. Published at: August 10, 2020 at 05:15PM View on website August 10, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13293 | | In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. Published at: August 10, 2020 at 05:15PM View on website August 10, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13292 | | In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. Published at: August 10, 2020 at 05:15PM View on website August 10, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14325 | | Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator. Published at: August 11, 2020 at 04:15PM View on website August 11, 2020 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10783 | | Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files. Published at: August 11, 2020 at 04:15PM View on website August 11, 2020 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10779 | | Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms. Published at: August 11, 2020 at 04:15PM View on website August 11, 2020 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10778 | | In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior. Published at: August 11, 2020 at 04:15PM View on website August 11, 2020 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10777 | | A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Published at: August 11, 2020 at 04:15PM View on website August 11, 2020 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14324 | | A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker to execute arbitrary commands on CloudForms server. Published at: August 11, 2020 at 05:15PM View on website August 11, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14313 | | An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace. Published at: August 11, 2020 at 05:15PM View on website August 11, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14296 | | Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible. Published at: August 11, 2020 at 05:15PM View on website August 11, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10780 | | Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities. Published at: August 11, 2020 at 05:15PM View on website August 11, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13124 | | SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system. Published at: August 11, 2020 at 07:15PM View on website August 11, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11552 | | An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \windows\system32, cmd.exe can be launched as a SYSTEM. Published at: August 11, 2020 at 07:15PM View on website August 11, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13179 | | Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure. Published at: August 11, 2020 at 10:15PM View on website August 11, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13178 | | A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process. Published at: August 11, 2020 at 09:15PM View on website August 11, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13177 | | The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path. Published at: August 11, 2020 at 09:15PM View on website August 11, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13176 | | The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application. Published at: August 11, 2020 at 09:15PM View on website August 11, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13175 | | The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request. Published at: August 11, 2020 at 09:15PM View on website August 11, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13174 | | The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking. Published at: August 11, 2020 at 09:15PM View on website August 11, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11976 | | By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5 Published at: August 11, 2020 at 10:15PM View on website August 11, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0260 | | There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0259 | | In android_verity_ctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157941353References: N/A Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0258 | | In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0257 | | In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-156741968 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0256 | | In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0254 | | There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0253 | | There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0252 | | There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152236803 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0251 | | There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0250 | | In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there is a missing permission check. This could lead to local information disclosure of location data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154934934 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0249 | | In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154719656 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0248 | | In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154627439 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0247 | | In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0243 | | In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-151644303 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0242 | | In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0241 | | In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0240 | | In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150706594 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0239 | | In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file (eg. a photo) containing location metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-151095863 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0238 | | In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150946634 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0108 | | In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-140108616 Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-17339 | | The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below. Published at: August 11, 2020 at 11:15PM View on website August 12, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0555 | | Improper input validation for some Intel(R) Wireless Bluetooth(R) products may allow an authenticated user to potentially enable escalation of privilege via local access. Published at: August 13, 2020 at 07:15AM View on website August 13, 2020 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0554 | | Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local access. Published at: August 13, 2020 at 07:15AM View on website August 13, 2020 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0553 | | Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access. Published at: August 13, 2020 at 07:15AM View on website August 13, 2020 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0513 | | Out of bounds write for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access. Published at: August 13, 2020 at 07:15AM View on website August 13, 2020 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0512 | | Uncaught exception in the system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. Published at: August 13, 2020 at 07:15AM View on website August 13, 2020 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0510 | | Out of bounds read in some Intel(R) Graphics Drivers before versions 15.45.31.5127 and 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access. Published at: August 13, 2020 at 07:15AM View on website August 13, 2020 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14630 | | Reliance on untrusted inputs in a security decision in some Intel(R) Thunderbolt(TM) controllers may allow unauthenticated user to potentially enable information disclosure via physical access. Published at: August 13, 2020 at 06:15AM View on website August 13, 2020 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14620 | | Insufficient control flow management for some Intel(R) Wireless Bluetooth(R) products may allow an unprivileged user to potentially enable denial of service via adjacent access. Published at: August 13, 2020 at 07:15AM View on website August 13, 2020 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4582 | | IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288. Published at: August 13, 2020 at 03:15PM View on website August 13, 2020 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-16374 | | Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control. Published at: August 13, 2020 at 04:15PM View on website August 13, 2020 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0261 | | In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146059841 Published at: August 13, 2020 at 07:15PM View on website August 13, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-20383 | | ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links. Published at: August 14, 2020 at 02:15AM View on website August 14, 2020 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-7410 | | There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field). Published at: August 14, 2020 at 05:15PM View on website August 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-6112 | | A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field). Published at: August 14, 2020 at 05:15PM View on website August 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19643 | | |
New vulnerabilities from the NVD: CVE-2019-5591 | | A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. Published at: August 14, 2020 at 07:15PM View on website August 14, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-8033 | | In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. Published at: August 14, 2020 at 10:15PM View on website August 14, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-8032 | | |
New vulnerabilities from the NVD: CVE-2020-0255 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Published at: August 14, 2020 at 11:15PM View on website August 15, 2020 at 01:36AM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар