New vulnerabilities from the NVD: CVE-2019-20898 | | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0. Published at: July 13, 2020 at 04:15AM View on website July 13, 2020 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-20897 | | The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1. Published at: July 13, 2020 at 04:15AM View on website July 13, 2020 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19338 | | A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability. Published at: July 13, 2020 at 08:15PM View on website July 13, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-15886 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. Published at: July 14, 2020 at 09:15PM View on website July 14, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-15885 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. Published at: July 14, 2020 at 09:15PM View on website July 14, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-15884 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. Published at: July 14, 2020 at 09:15PM View on website July 14, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-15883 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. Published at: July 14, 2020 at 09:15PM View on website July 14, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-15882 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. Published at: July 14, 2020 at 09:15PM View on website July 14, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-15881 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. Published at: July 14, 2020 at 09:15PM View on website July 14, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-12784 | | An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site. Published at: July 14, 2020 at 11:15PM View on website July 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-12783 | | An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site. Published at: July 14, 2020 at 11:15PM View on website July 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-12773 | | An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link. Published at: July 14, 2020 at 11:15PM View on website July 15, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4748 | | IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174. Published at: July 16, 2020 at 06:15PM View on website July 16, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4747 | | IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887. Published at: July 16, 2020 at 06:15PM View on website July 16, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-20915 | | An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c. Published at: July 16, 2020 at 09:15PM View on website July 16, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-20914 | | An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec. Published at: July 16, 2020 at 09:15PM View on website July 16, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-20913 | | An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec. Published at: July 16, 2020 at 09:15PM View on website July 16, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-20912 | | An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF. Published at: July 16, 2020 at 09:15PM View on website July 16, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-20911 | | An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop. Published at: July 16, 2020 at 09:15PM View on website July 16, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-20910 | | An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011. Published at: July 16, 2020 at 09:15PM View on website July 16, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-20909 | | An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec. Published at: July 16, 2020 at 09:15PM View on website July 16, 2020 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-4090 | | "HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field." Published at: July 17, 2020 at 11:15PM View on website July 18, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-12000 | | HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the HPE MSE Messaging Gateway Configuration and Operations Guide. Published at: July 18, 2020 at 01:15AM View on website July 18, 2020 at 08:36AM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар