Weekly Update: a new vulnerability is published on the National Vulnerability Database (51 items)

New vulnerabilities from the NVD: CVE-2020-25411 Projectworlds Online Examination System 1.0 is vulnerable to CSRF, which allows a remote attacker to delete the existing user. Published at: May 24, 2021 at 04:15PM View on website May 24, 2021 at 05:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-25409 Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters. Published at: May 24, 2021 at 04:15PM View on website May 24, 2021 at 05:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-25408 A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data. Published at: May 24, 2021 at 04:15PM View on website May 24, 2021 at 05:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-12348 An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter. Published at: May 24, 2021 at 07:15PM View on website May 24, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-21041 Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service Published at: May 24, 2021 at 09:15PM View on website May 24, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-20907 MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php. Published at: May 24, 2021 at 09:15PM View on website May 24, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-20178 A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. Published at: May 24, 2021 at 10:15PM View on website May 24, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-13603 Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45 Published at: May 25, 2021 at 08:15PM View on website May 25, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-13602 Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh Published at: May 25, 2021 at 08:15PM View on website May 25, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-13601 Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44 Published at: May 25, 2021 at 08:15PM View on website May 25, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-13600 Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr Published at: May 25, 2021 at 08:15PM View on website May 25, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-13599 Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q Published at: May 25, 2021 at 08:15PM View on website May 25, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-13598 FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h Published at: May 25, 2021 at 08:15PM View on website May 25, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-10072 Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc Published at: May 25, 2021 at 08:15PM View on website May 25, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-10069 Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-f6vh-7v4x-8fjp Published at: May 25, 2021 at 08:15PM View on website May 25, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-10066 Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1.14.2, >= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr Published at: May 25, 2021 at 08:15PM View on website May 25, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-10065 Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c Published at: May 25, 2021 at 08:15PM View on website May 25, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-10064 Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7 Published at: May 25, 2021 at 08:15PM View on website May 25, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-20451 Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c. Published at: May 25, 2021 at 10:15PM View on website May 25, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-20450 FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service. Published at: May 25, 2021 at 10:15PM View on website May 25, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-20448 FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. Published at: May 25, 2021 at 09:15PM View on website May 25, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-20446 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. Published at: May 25, 2021 at 09:15PM View on website May 25, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-20445 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. Published at: May 25, 2021 at 09:15PM View on website May 25, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-20453 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service Published at: May 25, 2021 at 11:15PM View on website May 26, 2021 at 01:36AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-20011 libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync. Published at: May 26, 2021 at 12:15AM View on website May 26, 2021 at 01:36AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-14836 3scale dev portal login form does not verify CSRF token, and so does not protect against login CSRF. Published at: May 26, 2021 at 03:15PM View on website May 26, 2021 at 05:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-18221 Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula. Published at: May 26, 2021 at 06:15PM View on website May 26, 2021 at 07:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-4588 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. Published at: May 26, 2021 at 08:15PM View on website May 26, 2021 at 09:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-25030 In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cracking. Attackers can generate and use precomputed hashes for all possible password character combinations (commonly referred to as "rainbow tables") relatively quickly. The use of adaptive hashing algorithms such asscryptorbcryptor Key-Derivation Functions (i.e.PBKDF2) to hash passwords make generation of such rainbow tables computationally infeasible. Published at: May 26, 2021 at 10:15PM View on website May 26, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2019-25029 In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation. Published at: May 26, 2021 at 10:15PM View on website May 26, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16499 In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher suites also violates the Data Protection TSR (Technical Security Requirements). Published at: May 26, 2021 at 10:15PM View on website May 26, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16498 In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores. Published at: May 26, 2021 at 10:15PM View on website May 26, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16497 In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are members of the versa group. Published at: May 26, 2021 at 10:15PM View on website May 26, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16496 In Versa Director, the un-authentication request found. Published at: May 26, 2021 at 10:15PM View on website May 26, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16495 In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with. Published at: May 26, 2021 at 10:15PM View on website May 26, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-16494 In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers. Published at: May 26, 2021 at 10:15PM View on website May 26, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-10868 It has been discovered that redhat-certification does not properly limit the number of recursive definitions of entities in XML documents while parsing the status of a host. A remote attacker could use this vulnerability to consume all the memory of the server and cause a Denial of Service. This flaw affects redhat-certification version 7. Published at: May 26, 2021 at 10:15PM View on website May 26, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-10867 It has been discovered that redhat-certification does not restrict file access in the /update/results page. A remote attacker could use this vulnerability to remove any file accessible by the user which is running httpd. This flaw affects redhat-certification version 7. Published at: May 26, 2021 at 10:15PM View on website May 26, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-10866 It has been discovered that redhat-certification does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him. This flaw affects redhat-certification version 7. Published at: May 26, 2021 at 10:15PM View on website May 26, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-10865 It has been discovered that redhat-certification does not perform an authorization check and allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system. An attacker could use this flaw to send requests to port 8009 of any host or to keep restarting the RHCertD daemon on a host of another customer. This flaw affects redhat-certification version 7. Published at: May 26, 2021 at 10:15PM View on website May 26, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-10863 It has been discovered that redhat-certification is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information. This flaw affects redhat-certification version 7. Published at: May 26, 2021 at 10:15PM View on website May 26, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2009-3721 Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments. Published at: May 27, 2021 at 01:15AM View on website May 27, 2021 at 03:36AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2008-5509 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:CVE-2008-5508. Reason: This candidate is a duplicate of CVE-2008-5508. Notes: All CVE users should reference CVE-2008-5508 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Published at: May 27, 2021 at 01:15AM View on website May 27, 2021 at 03:36AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2008-5085 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Published at: May 27, 2021 at 01:15AM View on website May 27, 2021 at 03:36AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2008-5084 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Published at: May 27, 2021 at 01:15AM View on website May 27, 2021 at 03:36AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2008-3523 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Published at: May 27, 2021 at 01:15AM View on website May 27, 2021 at 03:36AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2008-2544 Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise. Published at: May 27, 2021 at 04:15PM View on website May 27, 2021 at 06:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-10688 A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack. Published at: May 27, 2021 at 10:15PM View on website May 27, 2021 at 11:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2020-10145 The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability. Published at: May 28, 2021 at 12:15AM View on website May 28, 2021 at 01:36AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2010-3843 The gtkui_conf_read function in src/interfaces/gtk/ec_gtk_conf.c in Ettercap 0.7.3, when the GTK interface is used, does not ensure that the contents of the .ettercap_gtk file are controlled by the root user, which allows local users to conduct stack-based buffer overflow attacks and possibly execute arbitrary code, cause a denial of service (memory consumption), or possibly have unspecified other impact via crafted lines in this file. Published at: May 28, 2021 at 04:15PM View on website May 28, 2021 at 05:36PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-4536 An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Published at: May 28, 2021 at 08:15PM View on website May 28, 2021 at 09:36PM via National Vulnerability Database