New vulnerabilities from the NVD: CVE-2019-16651 | | An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. Because their SNMP commands have insufficient protection mechanisms, it is possible to use JavaScript and DNS rebinding to leak the WAN IP address of a user (if they are using certain VPN implementations, this would decloak them). Published at: September 20, 2021 at 05:15PM View on website September 20, 2021 at 07:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20898 | | Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. Published at: September 20, 2021 at 07:15PM View on website September 20, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20897 | | Buffer Overflow vulnerability in function filter_slice in libavfilter/vf_bm3d.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. Published at: September 20, 2021 at 07:15PM View on website September 20, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20896 | | An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference. Published at: September 20, 2021 at 07:15PM View on website September 20, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20895 | | Buffer Overflow vulnerability in function filter_vertically_##name in libavfilter/vf_avgblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. Published at: September 20, 2021 at 07:15PM View on website September 20, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20894 | | Buffer Overflow vulnerability in function gaussian_blur in libavfilter/vf_edgedetect.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. Published at: September 20, 2021 at 07:15PM View on website September 20, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20893 | | Buffer Overflow vulnerability in function activate in libavfilter/af_afade.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. Published at: September 20, 2021 at 07:15PM View on website September 20, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20892 | | An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero. Published at: September 20, 2021 at 07:15PM View on website September 20, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20891 | | Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. Published at: September 20, 2021 at 07:15PM View on website September 20, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19915 | | Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the [mailbox username in index.php. Published at: September 20, 2021 at 10:15PM View on website September 20, 2021 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-16630 | | TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that a victim mobile uses secure pairing to pair with a victim BLE device based on TI chips and generate an authenticated-and-MITM-protection LTK. If a fake mobile with the victim mobile’s MAC address uses Just Works and pairs with the victim device, the generated LTK still has the property of authenticated-and-MITM-protection. Therefore, the fake mobile can access attributes with the authenticated read/write permission. Published at: September 20, 2021 at 11:15PM View on website September 21, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19553 | | Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. Published at: September 21, 2021 at 10:15PM View on website September 21, 2021 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19551 | | Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong. Published at: September 21, 2021 at 10:15PM View on website September 21, 2021 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19554 | | Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. Published at: September 21, 2021 at 11:15PM View on website September 22, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23269 | | An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomedia/stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file. Published at: September 22, 2021 at 03:15AM View on website September 22, 2021 at 08:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23267 | | An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file Published at: September 22, 2021 at 03:15AM View on website September 22, 2021 at 08:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-23266 | | An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file. Published at: September 22, 2021 at 03:15AM View on website September 22, 2021 at 08:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-6288 | | Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI. Published at: September 22, 2021 at 08:15PM View on website September 22, 2021 at 09:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-24327 | | Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites. Published at: September 23, 2021 at 09:15PM View on website September 23, 2021 at 11:33PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19951 | | A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. Published at: September 23, 2021 at 11:15PM View on website September 24, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19950 | | A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. Published at: September 23, 2021 at 11:15PM View on website September 24, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-19949 | | A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. Published at: September 23, 2021 at 11:15PM View on website September 24, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-6556 | | OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016. Published at: September 25, 2021 at 12:15AM View on website September 25, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-6555 | | OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016. Published at: September 25, 2021 at 12:15AM View on website September 25, 2021 at 01:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20514 | | A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users. Published at: September 25, 2021 at 01:15AM View on website September 25, 2021 at 03:33AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-20508 | | Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field. Published at: September 25, 2021 at 01:15AM View on website September 25, 2021 at 03:33AM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар