понеделник, 7 юни 2021 г.

Weekly Digest: a new vulnerability is published on the National Vulnerability Database (73 items)

New vulnerabilities from the NVD: CVE-2020-25579

In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes.
Published at: March 26, 2021 at 11:15PM
View on website

March 29, 2021 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25578

In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems.
Published at: March 26, 2021 at 11:15PM
View on website

March 29, 2021 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19626 (craft_cms)

Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
Published at: March 26, 2021 at 05:15PM
View on website

March 29, 2021 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19625

Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.
Published at: March 26, 2021 at 05:15PM
View on website

March 29, 2021 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25579

In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes.
Published at: March 26, 2021 at 11:15PM
View on website

March 29, 2021 at 06:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25578

In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems.
Published at: March 26, 2021 at 11:15PM
View on website

March 29, 2021 at 06:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19626 (craft_cms)

Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
Published at: March 26, 2021 at 05:15PM
View on website

March 29, 2021 at 06:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19625

Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.
Published at: March 26, 2021 at 05:15PM
View on website

March 29, 2021 at 06:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24994

Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.14.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.
Published at: March 23, 2021 at 10:15PM
View on website

March 29, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13612

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: March 24, 2021 at 01:15AM
View on website

March 29, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13611

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: March 24, 2021 at 01:15AM
View on website

March 29, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13610

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: March 24, 2021 at 01:15AM
View on website

March 29, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13609

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: March 24, 2021 at 01:15AM
View on website

March 29, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13608

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: March 24, 2021 at 01:15AM
View on website

March 29, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13607

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: March 24, 2021 at 01:15AM
View on website

March 29, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13606

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: March 24, 2021 at 01:15AM
View on website

March 29, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13605

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: March 24, 2021 at 01:15AM
View on website

March 29, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13604

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: March 24, 2021 at 01:15AM
View on website

March 29, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12483

The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.
Published at: March 23, 2021 at 07:15PM
View on website

March 29, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-19343

A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.
Published at: March 23, 2021 at 11:15PM
View on website

March 29, 2021 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-35508

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.
Published at: March 26, 2021 at 07:15PM
View on website

March 29, 2021 at 03:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-28695

Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root.
Published at: March 26, 2021 at 08:15PM
View on website

March 29, 2021 at 03:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-27829

A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45.
Published at: March 26, 2021 at 07:15PM
View on website

March 29, 2021 at 03:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25840

Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction.
Published at: March 26, 2021 at 04:15PM
View on website

March 29, 2021 at 03:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25582

In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed.
Published at: March 26, 2021 at 11:15PM
View on website

March 29, 2021 at 03:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25581

In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes.
Published at: March 26, 2021 at 11:15PM
View on website

March 29, 2021 at 03:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25580

In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored.
Published at: March 26, 2021 at 11:15PM
View on website

March 29, 2021 at 03:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25579

In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes.
Published at: March 26, 2021 at 11:15PM
View on website

March 29, 2021 at 03:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25578

In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems.
Published at: March 26, 2021 at 11:15PM
View on website

March 29, 2021 at 03:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19626 (craft_cms)

Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
Published at: March 26, 2021 at 05:15PM
View on website

March 29, 2021 at 03:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19625

Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.
Published at: March 26, 2021 at 05:15PM
View on website

March 29, 2021 at 03:37PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25218

Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.
Published at: March 29, 2021 at 08:15PM
View on website

March 29, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25217

Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.
Published at: March 29, 2021 at 08:15PM
View on website

March 29, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-5317

A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
Published at: March 29, 2021 at 07:15PM
View on website

March 29, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25583

In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer.
Published at: March 29, 2021 at 11:15PM
View on website

March 30, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25577

In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow.
Published at: March 29, 2021 at 11:15PM
View on website

March 30, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24636

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
Published at: March 29, 2021 at 11:15PM
View on website

March 30, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24635

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
Published at: March 29, 2021 at 11:15PM
View on website

March 30, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20545

Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Collaboration System V6.1SP1, via the 'method' parameter to 'seeyon/hrSalary.do'.
Published at: March 30, 2021 at 06:15AM
View on website

March 30, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19643

Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page.
Published at: March 30, 2021 at 06:15AM
View on website

March 30, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19642

An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker can execute arbitrary code via editing the 'recdata.db' file to call a specially crafted GoAhead ASP-file on the SD card.
Published at: March 30, 2021 at 06:15AM
View on website

March 30, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19641

An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with the "Operator" Privilege can gain admin privileges via a crafted request to '/goform/formUserMng'.
Published at: March 30, 2021 at 06:15AM
View on website

March 30, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19640

An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. An unauthenticated attacker can reboot the device causing a Denial of Service, via a hidden reboot command to '/media/?action=cmd'.
Published at: March 30, 2021 at 06:15AM
View on website

March 30, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19639

Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI.
Published at: March 30, 2021 at 06:15AM
View on website

March 30, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-5319

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
Published at: March 30, 2021 at 05:15AM
View on website

March 30, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-1110

A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service.
Published at: March 30, 2021 at 05:15AM
View on website

March 30, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-1109

A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.
Published at: March 30, 2021 at 05:15AM
View on website

March 30, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-1107

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.
Published at: March 30, 2021 at 05:15AM
View on website

March 30, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-15075

OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
Published at: March 30, 2021 at 05:15PM
View on website

March 30, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24391

mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.
Published at: March 31, 2021 at 12:15AM
View on website

March 31, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24995

Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).
Published at: March 31, 2021 at 01:15AM
View on website

March 31, 2021 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-28172

A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus gaining access to the website administrative panel.
Published at: March 31, 2021 at 04:15PM
View on website

March 31, 2021 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24550

An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL.
Published at: April 01, 2021 at 01:15AM
View on website

April 01, 2021 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-36286

The membersOf of JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field.
Published at: April 01, 2021 at 06:15AM
View on website

April 01, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-36238

The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.
Published at: April 01, 2021 at 06:15AM
View on website

April 01, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19617

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.
Published at: April 01, 2021 at 10:15PM
View on website

April 01, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19616

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.
Published at: April 01, 2021 at 10:15PM
View on website

April 01, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19613

Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.
Published at: April 01, 2021 at 10:15PM
View on website

April 01, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19619

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.
Published at: April 01, 2021 at 11:15PM
View on website

April 02, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-19618

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.
Published at: April 01, 2021 at 11:15PM
View on website

April 02, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11925

An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model.
Published at: April 02, 2021 at 07:15PM
View on website

April 02, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11922

An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.)
Published at: April 02, 2021 at 07:15PM
View on website

April 02, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20466

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device.
Published at: April 02, 2021 at 07:15PM
View on website

April 02, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20465

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. It is possible (using TELNET without a password) to control the camera's pan/zoom/tilt functionality.
Published at: April 02, 2021 at 07:15PM
View on website

April 02, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20464

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating.
Published at: April 02, 2021 at 07:15PM
View on website

April 02, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20463

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by the Nikto vulnerability scanner. For example, sending the 111111 string to UDP port 20188 causes a reboot. To deny service for a long time period, the crafted IP traffic may be sent periodically.
Published at: April 02, 2021 at 07:15PM
View on website

April 02, 2021 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11924

An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device.
Published at: April 02, 2021 at 10:15PM
View on website

April 02, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11923

An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged.
Published at: April 02, 2021 at 10:15PM
View on website

April 02, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10015

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.
Published at: April 02, 2021 at 09:15PM
View on website

April 02, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10008

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.0.1. A malicious application with root privileges may be able to access private information.
Published at: April 02, 2021 at 09:15PM
View on website

April 02, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10001

An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory.
Published at: April 02, 2021 at 09:15PM
View on website

April 02, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21588

Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a denial or service (crash) via a long string in the Setup->Users->Username editbox.
Published at: April 02, 2021 at 11:15PM
View on website

April 03, 2021 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21585

Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.
Published at: April 02, 2021 at 11:15PM
View on website

April 03, 2021 at 01:36AM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар

Етикети

имена (151) Ски (140) уеб камери (128) Право (121) документи (111) Grand Tour (102) video (100) Ski (97) webcams (93) skiing weather (83) ski resort information (82) банки (66) ски курорти (60) Маркетинг (45) Рила (40) snow reports (37) икономика (35) София (34) Боровец (33) Borovets (27) Родопи (27) история (27) Банско (26) Пампорово (23) проекти (23) здраве (21) интернет (21) планини (21) смях (21) екипировка (20) карта (20) Pamporovo (19) Rila (19) Time (19) health (19) море (19) Bansko (17) лифт (17) resort information (16) eco (15) раница (15) цени (15) язовир (15) Стара Планина (14) връзки (14) деца (14) пътувания (14) хижа (14) Marketing (13) bike (13) Витоша (13) Пирин (13) snow forecast (12) буква С (12) данъци (12) лавини (12) магазини (12) Алеко (11) буква В (11) буква М (11) freeskiing (10) Маршрути (10) буква А (10) ski abroad (9) Пловдив (9) буква Д (9) отбрана (9) празник (9) първа помощ (9) ски чужбина (9) термини (9) map ski area (8) буква Б (8) буква К (8) календар (8) old applications (7) Чепеларе (7) архитектура (7) буква Г (7) буква Н (7) поддръжка на ски (7) сняг (7) футбол (7) буква Е (6) буква Л (6) буква П (6) буква Т (6) видео (6) годишнини (6) град (6) именни дни (6) къщи (6) трафик (6) хидро (6) Rodopy (5) Skype (5) Sofia (5) YouTube (5) vlog (5) буква И (5) буква Х (5) влог (5) кино (5) литература (5) очила (5) село (5) снимка (5) спорт (5) EU projects (4) Ski Bindings (4) boots (4) gsm (4) smart phone (4) Нотариус (4) буква З (4) буква Ф (4) енергетика (4) ски учител (4) слама (4) състезание (4) туризъм (4) упражнения (4) Aleko (3) Maliovitsa (3) Physics (3) Tyrolia (3) brand (3) climb (3) mass (3) sexy (3) shoe size (3) Безбог (3) Мальовица (3) Узана (3) автомобил (3) безопастност (3) буква Ц (3) буква Ш (3) влак (3) времето в момента (3) докторантури (3) недвижими имоти (3) поща (3) пропаганда (3) пълномощно (3) статистика (3) строителство (3) теснолинейка (3) DIN (2) NASA (2) Release Setting (2) Rossignol (2) Vitosha (2) clothes sizes (2) file hosting (2) franchaise (2) relativity (2) replace (2) search (2) БАССЕС (2) Благоевград (2) Добринище (2) Здравец (2) Лале (2) Мусала (2) Осогово (2) Средна гора (2) бедствие (2) буква Ж (2) буква Й (2) буква О (2) буква У (2) буква Ч (2) буква Щ (2) буква Я (2) геометрия (2) гора (2) еко (2) екология (2) електроенергия (2) космос (2) магистрала (2) местност (2) очи (2) парк (2) плакат (2) планиране (2) световно (2) технологии (2) упътвания (2) явление (2) F1 (1) FIS (1) Fieberbrunn (1) Hamlet (1) Hopfgarten (1) Kirchberg (1) Macedonia (1) Norway (1) Reit im Winkl (1) Scheffau (1) Shakespeare (1) Solomon (1) St Johann (1) Söll (1) Tirol (1) Walchsee (1) Zahmer Kaiser (1) apple (1) drone (1) h Pleven (1) hypnosis (1) ibooks (1) ipad (1) iphone (1) ipod (1) mathematic (1) skate (1) tablet (1) telemark (1) trekking (1) Бачево (1) Беклемето (1) Бяла Черква (1) ВЕИ (1) Вежен (1) Ветровал (1) Гела (1) Горна Оряховица (1) Добрила (1) Информация за фирми (1) Камчатка (1) Карлово (1) Картала (1) Кицбюел (1) Ком (1) Копривки (1) Копривщица (1) Леденото езеро (1) Мерцедес (1) Михаел Шумахер (1) Норвегия (1) Офелиите (1) Панагюрище (1) Предела (1) Румъния (1) Русия (1) САЩ (1) Самоков (1) Студенец (1) Формула 1 (1) Църна Могила (1) Черни Връх (1) Япония (1) автомати (1) биатлон (1) био (1) буква Р (1) буква Ъ (1) буква Ь (1) буква Ю (1) великия пост (1) гра (1) градоустройство (1) дрехи (1) дърво (1) запалка (1) култура (1) ландшафт (1) математика (1) мода (1) музей (1) мъдрости (1) олимпиада (1) поддръжка (1) потребители (1) програма (1) реклама (1) синя зона (1) фото (1) х. Дерменка (1) храна (1)