четвъртък, 29 юли 2021 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (8 items)


New vulnerabilities from the NVD: CVE-2020-28593

A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
Published at: April 15, 2021 at 05:15PM
View on website

April 15, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-28592

A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
Published at: April 15, 2021 at 05:15PM
View on website

April 15, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-27239

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.
Published at: April 15, 2021 at 05:15PM
View on website

April 15, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-27238

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Published at: April 15, 2021 at 05:15PM
View on website

April 15, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-27237

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Published at: April 15, 2021 at 05:15PM
View on website

April 15, 2021 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-28898

In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL parameters causes a server error in script execution due to insufficient input validation.
Published at: April 15, 2021 at 10:15PM
View on website

April 15, 2021 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-19942

A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QTS 4.5.1.1456 build 20201015 (and later) QTS 4.3.6.1446 build 20200929 (and later) QTS 4.3.4.1463 build 20201006 (and later) QTS 4.3.3.1432 build 20201006 (and later) QTS 4.2.6 build 20210327 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.4.1601 build 20210309 (and later) QuTScloud c4.5.3.1454 build 20201013 (and later)
Published at: April 16, 2021 at 04:15AM
View on website

April 16, 2021 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-2509

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later
Published at: April 17, 2021 at 07:15AM
View on website

April 17, 2021 at 08:36AM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар

Етикети

имена (151) Ски (140) уеб камери (128) Право (121) документи (111) Grand Tour (102) video (100) Ski (97) webcams (93) skiing weather (83) ski resort information (82) банки (66) ски курорти (60) Маркетинг (45) Рила (40) snow reports (37) икономика (35) София (34) Боровец (33) Borovets (27) Родопи (27) история (27) Банско (26) Пампорово (23) проекти (23) здраве (21) интернет (21) планини (21) смях (21) екипировка (20) карта (20) Pamporovo (19) Rila (19) Time (19) health (19) море (19) Bansko (17) лифт (17) resort information (16) eco (15) раница (15) цени (15) язовир (15) Стара Планина (14) връзки (14) деца (14) пътувания (14) хижа (14) Marketing (13) bike (13) Витоша (13) Пирин (13) snow forecast (12) буква С (12) данъци (12) лавини (12) магазини (12) Алеко (11) буква В (11) буква М (11) freeskiing (10) Маршрути (10) буква А (10) ski abroad (9) Пловдив (9) буква Д (9) отбрана (9) празник (9) първа помощ (9) ски чужбина (9) термини (9) map ski area (8) буква Б (8) буква К (8) календар (8) old applications (7) Чепеларе (7) архитектура (7) буква Г (7) буква Н (7) поддръжка на ски (7) сняг (7) футбол (7) буква Е (6) буква Л (6) буква П (6) буква Т (6) видео (6) годишнини (6) град (6) именни дни (6) къщи (6) трафик (6) хидро (6) Rodopy (5) Skype (5) Sofia (5) YouTube (5) vlog (5) буква И (5) буква Х (5) влог (5) кино (5) литература (5) очила (5) село (5) снимка (5) спорт (5) EU projects (4) Ski Bindings (4) boots (4) gsm (4) smart phone (4) Нотариус (4) буква З (4) буква Ф (4) енергетика (4) ски учител (4) слама (4) състезание (4) туризъм (4) упражнения (4) Aleko (3) Maliovitsa (3) Physics (3) Tyrolia (3) brand (3) climb (3) mass (3) sexy (3) shoe size (3) Безбог (3) Мальовица (3) Узана (3) автомобил (3) безопастност (3) буква Ц (3) буква Ш (3) влак (3) времето в момента (3) докторантури (3) недвижими имоти (3) поща (3) пропаганда (3) пълномощно (3) статистика (3) строителство (3) теснолинейка (3) DIN (2) NASA (2) Release Setting (2) Rossignol (2) Vitosha (2) clothes sizes (2) file hosting (2) franchaise (2) relativity (2) replace (2) search (2) БАССЕС (2) Благоевград (2) Добринище (2) Здравец (2) Лале (2) Мусала (2) Осогово (2) Средна гора (2) бедствие (2) буква Ж (2) буква Й (2) буква О (2) буква У (2) буква Ч (2) буква Щ (2) буква Я (2) геометрия (2) гора (2) еко (2) екология (2) електроенергия (2) космос (2) магистрала (2) местност (2) очи (2) парк (2) плакат (2) планиране (2) световно (2) технологии (2) упътвания (2) явление (2) F1 (1) FIS (1) Fieberbrunn (1) Hamlet (1) Hopfgarten (1) Kirchberg (1) Macedonia (1) Norway (1) Reit im Winkl (1) Scheffau (1) Shakespeare (1) Solomon (1) St Johann (1) Söll (1) Tirol (1) Walchsee (1) Zahmer Kaiser (1) apple (1) drone (1) h Pleven (1) hypnosis (1) ibooks (1) ipad (1) iphone (1) ipod (1) mathematic (1) skate (1) tablet (1) telemark (1) trekking (1) Бачево (1) Беклемето (1) Бяла Черква (1) ВЕИ (1) Вежен (1) Ветровал (1) Гела (1) Горна Оряховица (1) Добрила (1) Информация за фирми (1) Камчатка (1) Карлово (1) Картала (1) Кицбюел (1) Ком (1) Копривки (1) Копривщица (1) Леденото езеро (1) Мерцедес (1) Михаел Шумахер (1) Норвегия (1) Офелиите (1) Панагюрище (1) Предела (1) Румъния (1) Русия (1) САЩ (1) Самоков (1) Студенец (1) Формула 1 (1) Църна Могила (1) Черни Връх (1) Япония (1) автомати (1) биатлон (1) био (1) буква Р (1) буква Ъ (1) буква Ь (1) буква Ю (1) великия пост (1) гра (1) градоустройство (1) дрехи (1) дърво (1) запалка (1) култура (1) ландшафт (1) математика (1) мода (1) музей (1) мъдрости (1) олимпиада (1) поддръжка (1) потребители (1) програма (1) реклама (1) синя зона (1) фото (1) х. Дерменка (1) храна (1)