New vulnerabilities from the NVD: CVE-2019-11823 | | CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. Published at: May 04, 2020 at 01:15PM View on website May 04, 2020 at 04:22PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-17557 | | It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string. Published at: May 04, 2020 at 04:15PM View on website May 04, 2020 at 06:24PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-13285 | | |
New vulnerabilities from the NVD: CVE-2019-12864 | | SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter. Published at: May 04, 2020 at 05:15PM View on website May 04, 2020 at 08:26PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-21233 | | TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc. Published at: May 04, 2020 at 06:15PM View on website May 04, 2020 at 08:26PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-18774 | | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48. Published at: May 04, 2020 at 07:15PM View on website May 04, 2020 at 09:29PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-18771 | | Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. Published at: May 04, 2020 at 07:15PM View on website May 04, 2020 at 09:29PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-18760 | | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104. Published at: May 04, 2020 at 07:15PM View on website May 04, 2020 at 09:29PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-18753 | | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects: D6220, running firmware versions prior to 1.0.0.40 D8500, running firmware versions prior to 1.0.3.39 EX3700, running firmware versions prior to 1.0.0.70 EX3800, running firmware versions prior to 1.0.0.70 EX6000, running firmware versions prior to 1.0.0.30 EX6100, running firmware versions prior to 1.0.2.22 EX6120, running firmware versions prior to 1.0.0.40 EX6130, running firmware versions prior to 1.0.0.22 EX6150v1, running firmware versions prior to 1.0.0.42 EX6200, running firmware versions prior to 1.0.3.88 EX7000, running firmware versions prior to 1.0.0.66 R6300v2, running firmware versions prior to 1.0.4.18 R6400, running firmware versions prior to 1.0.1.24 R6400v2, running firmware versions prior to 1.0.2.32 R6700, running firmware versions prior to 1.0.1.22 R6700v3, running firmware versions prior to 1.0.2.32 R6900, running firmware versions prior to 1.0.1.22 R7000, running firmware versions prior to 1.0.9.6 R6900P, running firmware versions prior to 1.0.0.56 R7000P, running firmware versions prior to 1.0.0.56 R7100LG, running firmware versions prior to 1.0.0.42 R7300DST, running firmware versions prior to 1.0.0.54 R7900, running firmware versions prior to 1.0.1.26 R8300, running firmware versions prior to 1.0.2.106 R8500, running firmware versions prior to 1.0.2.106 WN2500RPv2, running firmware versions prior to 1.0.1.54 WNR3500Lv2, running firmware versions prior to 1.2.0.46 Published at: May 04, 2020 at 07:15PM View on website May 04, 2020 at 09:29PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-18867 | | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48. Published at: May 05, 2020 at 05:15PM View on website May 05, 2020 at 08:26PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-18866 | | Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. Published at: May 05, 2020 at 05:15PM View on website May 05, 2020 at 08:26PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-18865 | | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104. Published at: May 05, 2020 at 05:15PM View on website May 05, 2020 at 08:26PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-18864 | | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R6900P before 1.0.0.56, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7900 before 1.0.1.18, R8300 before 1.0.2.104, and R8500 before 1.0.2.104. Published at: May 05, 2020 at 05:15PM View on website May 05, 2020 at 08:26PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19515 | | Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireless settings. Published at: May 05, 2020 at 08:15PM View on website May 05, 2020 at 09:29PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19514 | | Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic repeater settings via an SSID. Published at: May 05, 2020 at 08:15PM View on website May 05, 2020 at 09:29PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19517 | | Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process. Published at: May 05, 2020 at 09:15PM View on website May 05, 2020 at 11:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10634 | | SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible. Published at: May 06, 2020 at 12:15AM View on website May 06, 2020 at 01:43AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-10630 | | SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users. Published at: May 06, 2020 at 12:15AM View on website May 06, 2020 at 01:43AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-20768 | | ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do. Published at: May 06, 2020 at 01:15AM View on website May 06, 2020 at 03:43AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19169 | | Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. Published at: May 06, 2020 at 04:15PM View on website May 06, 2020 at 05:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19168 | | Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. Published at: May 06, 2020 at 04:15PM View on website May 06, 2020 at 05:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19167 | | Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution. Published at: May 06, 2020 at 04:15PM View on website May 06, 2020 at 05:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19166 | | Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability that can load unauthorized DLL files. It allows attacker to cause remote code execution. Published at: May 06, 2020 at 04:15PM View on website May 06, 2020 at 05:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4266 | | IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160199. Published at: May 06, 2020 at 05:15PM View on website May 06, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-8956 | | ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker. Published at: May 06, 2020 at 10:15PM View on website May 06, 2020 at 11:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18868 | | Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak. Published at: May 07, 2020 at 04:15PM View on website May 07, 2020 at 05:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18867 | | Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/. Published at: May 07, 2020 at 04:15PM View on website May 07, 2020 at 05:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18865 | | Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames. Published at: May 07, 2020 at 04:15PM View on website May 07, 2020 at 05:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-5493 | | ATTO FibreBridge 7500N firmware versions prior to 2.90 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause Denial of Service (DoS). Published at: May 07, 2020 at 04:15PM View on website May 07, 2020 at 05:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18872 | | Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234). Published at: May 07, 2020 at 05:15PM View on website May 07, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18871 | | A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution. Published at: May 07, 2020 at 05:15PM View on website May 07, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18870 | | A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine. Published at: May 07, 2020 at 05:15PM View on website May 07, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18869 | | Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17. Published at: May 07, 2020 at 05:15PM View on website May 07, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18866 | | Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database. Published at: May 07, 2020 at 05:15PM View on website May 07, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18864 | | /server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine. Published at: May 07, 2020 at 05:15PM View on website May 07, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19164 | | dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection. Published at: May 07, 2020 at 09:15PM View on website May 07, 2020 at 11:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2015-7946 | | Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1. Published at: May 08, 2020 at 02:15AM View on website May 08, 2020 at 03:43AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2014-1423 | | signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information. Published at: May 08, 2020 at 02:15AM View on website May 08, 2020 at 03:43AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-0953 | | A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53. Published at: May 08, 2020 at 04:15AM View on website May 08, 2020 at 08:43AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-0952 | | A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.53. Published at: May 08, 2020 at 04:15AM View on website May 08, 2020 at 08:43AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-14898 | | The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls. Published at: May 08, 2020 at 05:15PM View on website May 08, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-10170 | | A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user. Published at: May 08, 2020 at 05:15PM View on website May 08, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-10169 | | A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application. Published at: May 08, 2020 at 05:15PM View on website May 08, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-5491 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: May 08, 2020 at 06:15PM View on website May 08, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-5480 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: May 08, 2020 at 06:15PM View on website May 08, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-15514 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: May 08, 2020 at 06:15PM View on website May 08, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-13657 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: May 08, 2020 at 06:15PM View on website May 08, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-13656 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: May 08, 2020 at 06:15PM View on website May 08, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-13655 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: May 08, 2020 at 06:15PM View on website May 08, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-13651 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: May 08, 2020 at 06:15PM View on website May 08, 2020 at 07:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-5484 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: May 08, 2020 at 07:15PM View on website May 08, 2020 at 09:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-13654 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: May 08, 2020 at 07:15PM View on website May 08, 2020 at 09:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-13653 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Published at: May 08, 2020 at 07:15PM View on website May 08, 2020 at 09:43PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-20225 | | An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). Published at: May 08, 2020 at 09:15PM View on website May 08, 2020 at 11:36PM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар