New vulnerabilities from the NVD: CVE-2019-16959 | | SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. Published at: December 21, 2020 at 06:15PM View on website December 21, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11717 | | An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities. Published at: December 21, 2020 at 11:15PM View on website December 22, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-7580 | | Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub. Published at: December 21, 2020 at 11:15PM View on website December 22, 2020 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-11786 | | Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements. Published at: December 22, 2020 at 07:15PM View on website December 22, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-11785 | | Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages. Published at: December 22, 2020 at 07:15PM View on website December 22, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-11784 | | Improper access control in mail module (notifications) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to. Published at: December 22, 2020 at 07:15PM View on website December 22, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-11783 | | Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited. Published at: December 22, 2020 at 07:15PM View on website December 22, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-11782 | | Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading to privilege escalation. Published at: December 22, 2020 at 07:15PM View on website December 22, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-11781 | | Improper input validation in portal component in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier, allows remote attackers to trick victims into modifying their account via crafted links, leading to privilege escalation. Published at: December 22, 2020 at 07:15PM View on website December 22, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-15645 | | Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation. Published at: December 22, 2020 at 07:15PM View on website December 22, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-15641 | | Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in the browser of a victim via crafted calendar event attributes. Published at: December 22, 2020 at 07:15PM View on website December 22, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-15638 | | Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names. Published at: December 22, 2020 at 07:15PM View on website December 22, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-15634 | | Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link. Published at: December 22, 2020 at 07:15PM View on website December 22, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-15633 | | Cross-site scripting (XSS) issue in "document" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted attachment filenames. Published at: December 22, 2020 at 07:15PM View on website December 22, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-15632 | | Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials. Published at: December 22, 2020 at 07:15PM View on website December 22, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11720 | | An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the account admin and password 0000. After the installation, users/admins are not prompted to change this password. Published at: December 23, 2020 at 06:15PM View on website December 23, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11718 | | An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-update packages are downloaded via cleartext HTTP. Published at: December 23, 2020 at 06:15PM View on website December 23, 2020 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11719 | | An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. It relies on broken encryption with a weak and guessable static encryption key. Published at: December 23, 2020 at 07:15PM View on website December 23, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-1000893 | | Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when deserializing transactions. Published at: December 23, 2020 at 07:15PM View on website December 23, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-1000892 | | Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving sendheaders messages. Published at: December 23, 2020 at 07:15PM View on website December 23, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-1000891 | | Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving messages with invalid checksums. Published at: December 23, 2020 at 07:15PM View on website December 23, 2020 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11093 | | Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the ledger. Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. A malicious DID with no particular role can ask an update for another DID (but cannot modify its verkey or role). This is bad because 1) Any DID can write a nym transaction to the ledger (i.e., any DID can spam the ledger with nym transactions), 2) Any DID can change any other DID's alias, 3) The update transaction modifies the ledger metadata associated with a DID. Published at: December 24, 2020 at 10:15PM View on website December 24, 2020 at 11:36PM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар