New vulnerabilities from the NVD: CVE-2020-14184 | |
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1. Published at: October 12, 2020 at 07:15AM View on website October 12, 2020 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13943 | | If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. Published at: October 12, 2020 at 05:15PM View on website October 12, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13341 | | An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions. Published at: October 12, 2020 at 05:15PM View on website October 12, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13903 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-12254. Reason: This candidate is a reservation duplicate of CVE-2020-12254. Notes: All CVE users should reference CVE-2020-12254 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Published at: October 12, 2020 at 08:15PM View on website October 12, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12670 | | XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email. Published at: October 12, 2020 at 07:15PM View on website October 12, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-15012 | | A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk (that the user running nxrm also has access to). Published at: October 13, 2020 at 12:15AM View on website October 13, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-17444 | | Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0. Published at: October 13, 2020 at 01:15AM View on website October 13, 2020 at 04:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-16124 | | Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue affects: OpenRobotics ros_comm communications packages Noetic and prior versions. Fixed in https://github.com/ros/ros_comm/pull/2065. Published at: October 13, 2020 at 06:15PM View on website October 13, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-17411 | | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11190. Published at: October 13, 2020 at 08:15PM View on website October 13, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-17410 | | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11135. Published at: October 13, 2020 at 08:15PM View on website October 13, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-17409 | | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754. Published at: October 13, 2020 at 08:15PM View on website October 13, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-17407 | | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of authentication headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10596. Published at: October 13, 2020 at 08:15PM View on website October 13, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-17406 | | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10595. Published at: October 13, 2020 at 08:15PM View on website October 13, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-15797 | | A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Improper Access Control could allow an unauthenticated attacker to escape from the restricted environment (“kiosk mode�) and access the underlying operating system. Successful exploitation requires direct physical access to the system. Published at: October 13, 2020 at 07:15PM View on website October 13, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-15251 | | In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. Published at: October 13, 2020 at 09:15PM View on website October 13, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13957 | | Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. Published at: October 13, 2020 at 10:15PM View on website October 13, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-20243 | | The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629. Published at: October 13, 2020 at 10:15PM View on website October 13, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12933 | | A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account. Published at: October 14, 2020 at 01:15AM View on website October 14, 2020 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12928 | | A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system. Published at: October 14, 2020 at 01:15AM View on website October 14, 2020 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12911 | | A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account. Published at: October 14, 2020 at 01:15AM View on website October 14, 2020 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-2194 | | In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-137284057 Published at: October 14, 2020 at 04:15PM View on website October 14, 2020 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0423 | | In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0422 | | In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161718556 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0421 | | In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161894517 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0420 | | In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162383705 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0419 | | In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-142125338 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0416 | | In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-155288585 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0415 | | In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-156020795 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0414 | | In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157708122 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0413 | | In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-158778659 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0412 | | In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-160390416 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0411 | | In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-142641801 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0410 | | In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-156021269 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0408 | | In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-156999009 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0400 | | In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-153356561 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0398 | | In updateMwi of NotificationMgr.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-154323381 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0378 | | In onWnmFrameReceived of PasspointManager.java, there is a missing permission check. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-157748906 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0377 | | In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-158833854 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0376 | | There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163003156 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0371 | | There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008256 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0367 | | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0339 | | There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980705 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0283 | | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-0246 | | In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missing permission check. This could lead to local information disclosure of EID data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-159062405 Published at: October 14, 2020 at 05:15PM View on website October 14, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4552 | | IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960. Published at: October 15, 2020 at 04:15PM View on website October 15, 2020 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11643 | | An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains. Published at: October 15, 2020 at 06:15PM View on website October 15, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11642 | | The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances. Published at: October 15, 2020 at 06:15PM View on website October 15, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11641 | | A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances. Published at: October 15, 2020 at 06:15PM View on website October 15, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11637 | | A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition. Published at: October 15, 2020 at 07:15PM View on website October 15, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-12411 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Published at: October 15, 2020 at 07:15PM View on website October 15, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-17640 | | In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory. Published at: October 16, 2020 at 12:15AM View on website October 16, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19885 | | In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0. Published at: October 16, 2020 at 04:15PM View on website October 16, 2020 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19513 | | The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service. Published at: October 16, 2020 at 04:15PM View on website October 16, 2020 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18796 | | The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive. Published at: October 16, 2020 at 04:15PM View on website October 16, 2020 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18795 | | The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile out of bounds read vulnerability via a crafted .wav file. An attacker can exploit this issues to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service. Published at: October 16, 2020 at 04:15PM View on website October 16, 2020 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18794 | | The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Use after Free vulnerability via a crafted .ogg file. An attacker can exploit this to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service. Published at: October 16, 2020 at 04:15PM View on website October 16, 2020 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-12305 | | In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash can be cracked to access the administration panel of the device. Published at: October 16, 2020 at 11:15PM View on website October 17, 2020 at 01:36AM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар