New vulnerabilities from the NVD: CVE-2020-13922 | |
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface. Published at: January 11, 2021 at 12:15PM View on website January 11, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11995 | | A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored in HasMap will be executed after a series of program calls, however, those special functions may cause remote command execution. For example, the hashCode() function of the EqualsBean class in rome-1.7.0.jar will cause the remotely load malicious classes and execute malicious code by constructing a malicious request. This issue was fixed in Apache Dubbo 2.6.9 and 2.7.8. Published at: January 11, 2021 at 12:15PM View on website January 11, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-3405 | | In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deauth frame by constructing and sending a specific illegal 802.11 Null Data Frame, which will cause other wireless terminals connected to disconnect from the wireless, so as to attack the router wireless by DoS. At present, the vulnerability has been effectively handled, and users can fix the vulnerability after updating the firmware version. Published at: January 11, 2021 at 06:15PM View on website January 11, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-9333 | | K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe. Published at: January 11, 2021 at 06:15PM View on website January 11, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-9332 | | K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). Published at: January 11, 2021 at 06:15PM View on website January 11, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-8726 | | K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe. Published at: January 11, 2021 at 06:15PM View on website January 11, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-8725 | | K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe. Published at: January 11, 2021 at 06:15PM View on website January 11, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-8724 | | K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). The component is: K7TSMngr.exe. Published at: January 11, 2021 at 06:15PM View on website January 11, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-8044 | | K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution (local). The component is: K7Sentry.sys. Published at: January 11, 2021 at 06:15PM View on website January 11, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-11246 | | |
New vulnerabilities from the NVD: CVE-2018-11010 | | |
New vulnerabilities from the NVD: CVE-2018-11009 | | |
New vulnerabilities from the NVD: CVE-2018-11008 | | An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. Published at: January 11, 2021 at 06:15PM View on website January 11, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-11007 | | |
New vulnerabilities from the NVD: CVE-2018-11006 | | An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. Published at: January 11, 2021 at 06:15PM View on website January 11, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-11005 | | |
New vulnerabilities from the NVD: CVE-2020-13116 | | OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy creation. Published at: January 12, 2021 at 09:15PM View on website January 12, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-15221 | | Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0. Published at: January 13, 2021 at 07:15PM View on website January 13, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-15220 | | Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, two cookies are created for the same session, which leads to a possibility to steal user session. This is fixed in versions 2.7.2 and 3.0.0. Published at: January 13, 2021 at 07:15PM View on website January 13, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-15219 | | Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is fixed in versions 2.7.2 and 3.0.0. Published at: January 13, 2021 at 07:15PM View on website January 13, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-15218 | | Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0. Published at: January 13, 2021 at 07:15PM View on website January 13, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4702 | | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. Published at: January 13, 2021 at 08:15PM View on website January 13, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4687 | | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 171823. Published at: January 13, 2021 at 08:15PM View on website January 13, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4160 | | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577. Published at: January 13, 2021 at 08:15PM View on website January 13, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14102 | | There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. Published at: January 14, 2021 at 01:15AM View on website January 14, 2021 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14101 | | The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. Published at: January 14, 2021 at 01:15AM View on website January 14, 2021 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14098 | | The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. Published at: January 14, 2021 at 01:15AM View on website January 14, 2021 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14097 | | Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version < 1.0.18. Published at: January 14, 2021 at 01:15AM View on website January 14, 2021 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-1053 | | In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. An attacker could use this vulnerability to recover usernames and passwords from the file. This issue affects version 1.0.0-0ubuntu3 and prior versions. Published at: January 14, 2021 at 01:15AM View on website January 14, 2021 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-16961 | | |
Няма коментари:
Публикуване на коментар