New vulnerabilities from the NVD: CVE-2020-13529 | |
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. Published at: May 10, 2021 at 07:15PM View on website May 10, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18102 | | Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php". Published at: May 10, 2021 at 11:15PM View on website May 11, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20267 | | Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. Published at: May 11, 2021 at 06:15PM View on website May 11, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20265 | | Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet. Published at: May 11, 2021 at 06:15PM View on website May 11, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18964 | | Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges. Published at: May 11, 2021 at 10:15PM View on website May 11, 2021 at 11:39PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-13873 | | A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and execute remote code on the operating system.) Published at: May 12, 2021 at 03:15PM View on website May 12, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-19276 | | A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 4). Specially crafted packets sent to port 161/udp can cause the SNMP service of affected devices to crash. A manual restart of the device is required to resume operation of the service. Published at: May 12, 2021 at 05:15PM View on website May 12, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19274 | | A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 in guestbook via the message board, which could let a remote malicious user execute arbitrary code. Published at: May 12, 2021 at 08:15PM View on website May 12, 2021 at 09:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19275 | | An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path. Published at: May 12, 2021 at 09:15PM View on website May 12, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18165 | | Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu". Published at: May 12, 2021 at 09:15PM View on website May 12, 2021 at 11:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12967 | | The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor. Published at: May 13, 2021 at 03:15PM View on website May 13, 2021 at 05:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-25713 | | A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. Published at: May 13, 2021 at 06:15PM View on website May 13, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-21342 | | Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php. Published at: May 13, 2021 at 06:15PM View on website May 13, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20092 | | File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code. Published at: May 13, 2021 at 06:15PM View on website May 13, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-14354 | | A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability. Published at: May 13, 2021 at 05:15PM View on website May 13, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-12526 | | TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs. Published at: May 13, 2021 at 05:15PM View on website May 13, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23996 | | A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data. Published at: May 13, 2021 at 11:15PM View on website May 14, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23995 | | An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload. Published at: May 13, 2021 at 11:15PM View on website May 14, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-10062 | | The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via (for example) JavaScript code in an attribute of various other elements. An attacker might also exploit a bug in how the SCRIPT string is processed by splitting and nesting them for example. Published at: May 14, 2021 at 12:15AM View on website May 14, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23691 | | YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php. Published at: May 14, 2021 at 06:15PM View on website May 14, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23689 | | In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page. Published at: May 14, 2021 at 05:15PM View on website May 14, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18167 | | Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu". Published at: May 14, 2021 at 05:15PM View on website May 14, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-18166 | | Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc". Published at: May 14, 2021 at 05:15PM View on website May 14, 2021 at 07:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-17891 | | TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 EU has a XSS vulnerability allowing a remote attacker to execute arbitrary code. Published at: May 14, 2021 at 11:15PM View on website May 15, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-25044 | | The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. Published at: May 15, 2021 at 02:15AM View on website May 15, 2021 at 03:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-16632 | | A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter. Published at: May 15, 2021 at 03:15AM View on website May 15, 2021 at 08:36AM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар