New vulnerabilities from the NVD: CVE-2017-18924 | | ** DISPUTED ** oauth2-server (aka node-oauth2-server) through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not misleading and I also therefore wouldn't describe this as a "vulnerability" with the library per se.' Published at: October 04, 2020 at 08:15AM View on website October 04, 2020 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12302 | | Improper permissions in the Intel(R) Driver & Support Assistant before version 20.7.26.7 may allow an authenticated user to potentially enable escalation of privilege via local access. Published at: October 05, 2020 at 05:15PM View on website October 05, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0571 | | Improper conditions check in BIOS firmware for 8th Generation Intel(R) Core(TM) Processors and Intel(R) Pentium(R) Silver Processor Series may allow an authenticated user to potentially enable information disclosure via local access. Published at: October 05, 2020 at 05:15PM View on website October 05, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14558 | | Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access. Published at: October 05, 2020 at 05:15PM View on website October 05, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14557 | | Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable elevation of privilege or denial of service via adjacent access. Published at: October 05, 2020 at 05:15PM View on website October 05, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14556 | | Improper initialization in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow a privileged user to potentially enable denial of service via local access. Published at: October 05, 2020 at 05:15PM View on website October 05, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-1999-0199 | | manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999. Published at: October 06, 2020 at 04:15PM View on website October 06, 2020 at 05:38PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19200 | | REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access the mailboxes of other users. Published at: October 06, 2020 at 06:15PM View on website October 06, 2020 at 07:38PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4725 | | IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131. Published at: October 06, 2020 at 07:15PM View on website October 06, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13345 | | An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes Published at: October 06, 2020 at 10:15PM View on website October 06, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13343 | | An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template Published at: October 06, 2020 at 10:15PM View on website October 06, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13333 | | A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage. Published at: October 06, 2020 at 10:15PM View on website October 06, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4326 | | "HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header." Published at: October 06, 2020 at 09:15PM View on website October 06, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4325 | | "HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details." Published at: October 06, 2020 at 09:15PM View on website October 06, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14183 | | Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers. The affected versions are before version 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before 8.12.1. Published at: October 07, 2020 at 02:15AM View on website October 07, 2020 at 03:38AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13347 | | A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable. Published at: October 07, 2020 at 05:15PM View on website October 07, 2020 at 07:38PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13346 | | Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. Published at: October 07, 2020 at 05:15PM View on website October 07, 2020 at 07:38PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13335 | | Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. Published at: October 07, 2020 at 05:15PM View on website October 07, 2020 at 07:38PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13334 | | In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query Published at: October 07, 2020 at 05:15PM View on website October 07, 2020 at 07:38PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13332 | | Improper access expiration date validation in GitLab version >=8.11.0-rc6+ allows user to have access to projects with expiration. Published at: October 07, 2020 at 05:15PM View on website October 07, 2020 at 07:38PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13342 | | An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email Published at: October 07, 2020 at 07:15PM View on website October 07, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11800 | | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. Published at: October 07, 2020 at 07:15PM View on website October 07, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-16160 | | An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service. Published at: October 07, 2020 at 07:15PM View on website October 07, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-7380 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: October 08, 2020 at 01:15AM View on website October 08, 2020 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-7379 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Published at: October 08, 2020 at 01:15AM View on website October 08, 2020 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13344 | | An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis Published at: October 08, 2020 at 05:15PM View on website October 08, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13340 | | An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log Published at: October 08, 2020 at 05:15PM View on website October 08, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13339 | | An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted. Published at: October 08, 2020 at 05:15PM View on website October 08, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12401 | | During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. Published at: October 08, 2020 at 05:15PM View on website October 08, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12400 | | When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80. Published at: October 08, 2020 at 05:15PM View on website October 08, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4545 | | IBM QRadar SIEM 7.3 and 7.4 when configured to use Active Directory Authentication may be susceptible to spoofing attacks. IBM X-Force ID: 165877. Published at: October 08, 2020 at 05:15PM View on website October 08, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10816 | | Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet. Published at: October 08, 2020 at 08:15PM View on website October 08, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19115 | | An escalation of privilege vulnerability in Nahimic APO Software Component Driver 1.4.2, 1.5.0, 1.5.1, 1.6.1 and 1.6.2 allows an attacker to execute code with SYSTEM privileges. Published at: October 09, 2020 at 01:15AM View on website October 09, 2020 at 03:36AM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар