π¨ CVE-2020-19417
Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application.
π@cveNotify
Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application.
π@cveNotify
Packetstormsecurity
Emerson Smart Wireless Gateway 1420 4.6.59 Privilege Escalation β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¨ CVE-2020-13977
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.
π@cveNotify
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.
π@cveNotify
Blog Simple
Nagios Core 4.4.5 β URL Injection (CVE-2020-13977)
π¨ CVE-2020-14989
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended.
π@cveNotify
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended.
π@cveNotify
tvrbk
Bloomreach Experience Manager 14.2.2
Bloomreach Experience Manager (brXM) was vulnerable to (CVE-2020-14988) cross-site scripting, (CVE-2020-14989) cross-site request forgery and (CVE-2020-14987) remote code execution. Details were shared with Bloomreach whereafter the CVEs were reserved.
π¨ CVE-2020-19419
Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication.
π@cveNotify
Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication.
π@cveNotify
Packetstormsecurity
Emerson Smart Wireless Gateway 1420 4.6.59 Missing Authentication β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¨ CVE-2020-0595
Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
π@cveNotify
Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
π@cveNotify
Netapp
Intel SA-00295 AMT Vulnerabilities in NetApp Products | NetApp Product Security
Multiple NetApp products incorporate Intel technology. Intel Active Management Technology versions prior to 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and 14.5.12 are susceptible to vulnerabilities which when successfully exploited could leadβ¦
π¨ CVE-2020-0594
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
π@cveNotify
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
π@cveNotify
Netapp
Intel SA-00295 AMT Vulnerabilities in NetApp Products | NetApp Product Security
Multiple NetApp products incorporate Intel technology. Intel Active Management Technology versions prior to 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and 14.5.12 are susceptible to vulnerabilities which when successfully exploited could leadβ¦
π¨ CVE-2020-0597
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.
π@cveNotify
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.
π@cveNotify
Netapp
Intel SA-00295 AMT Vulnerabilities in NetApp Products | NetApp Product Security
Multiple NetApp products incorporate Intel technology. Intel Active Management Technology versions prior to 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and 14.5.12 are susceptible to vulnerabilities which when successfully exploited could leadβ¦
π¨ CVE-2019-10172
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
π@cveNotify
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
π@cveNotify
π¨ CVE-2019-10202
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
π@cveNotify
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
π@cveNotify
π¨ CVE-2020-8674
Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.
π@cveNotify
Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.
π@cveNotify
Netapp
Intel SA-00295 AMT Vulnerabilities in NetApp Products | NetApp Product Security
Multiple NetApp products incorporate Intel technology. Intel Active Management Technology versions prior to 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and 14.5.12 are susceptible to vulnerabilities which when successfully exploited could leadβ¦
π¨ CVE-2021-24129
Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation.
π@cveNotify
Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation.
π@cveNotify
π¨ CVE-2021-24133
Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account.
π@cveNotify
Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account.
π@cveNotify
Wpscan
WPScan: WordPress Security
A WordPress vulnerability database for WordPress core security vulnerabilities, plugin vulnerabilities and theme vulnerabilities.
π¨ CVE-2021-24139
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.
π@cveNotify
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.
π@cveNotify
WPScan
Photo Gallery by 10Web < 1.5.55 - Unauthenticated SQL Injection
See details on Photo Gallery by 10Web < 1.5.55 - Unauthenticated SQL Injection CVE 2021-24139. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2021-24145
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
π@cveNotify
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
π@cveNotify
WPScan
Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE
See details on Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE CVE 2021-24145. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2021-24136
Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters:
- Author
- Job Title
- Location
- Company
- Email
- URL
π@cveNotify
Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters:
- Author
- Job Title
- Location
- Company
- URL
π@cveNotify
Wpscan
WPScan: WordPress Security
A WordPress vulnerability database for WordPress core security vulnerabilities, plugin vulnerabilities and theme vulnerabilities.
π¨ CVE-2021-24138
Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.
π@cveNotify
Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.
π@cveNotify
π¨ CVE-2021-28373
The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in production. Semantic version numbers such as 21.03 appear to exist, but are automatically generated from the year and month. They are not releases.
π@cveNotify
The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in production. Semantic version numbers such as 21.03 appear to exist, but are automatically generated from the year and month. They are not releases.
π@cveNotify
π¨ CVE-2021-3407
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
π@cveNotify
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
π@cveNotify
π¨ CVE-2021-21265
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to an October CMS instance) the potential exists for Host Header Poisoning attacks to succeed. This has been addressed in version 1.1.2 by adding a feature to allow a set of trusted hosts to be specified in the application. As a workaround one may set the configuration setting cms.linkPolicy to force.
π@cveNotify
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to an October CMS instance) the potential exists for Host Header Poisoning attacks to succeed. This has been addressed in version 1.1.2 by adding a feature to allow a set of trusted hosts to be specified in the application. As a workaround one may set the configuration setting cms.linkPolicy to force.
π@cveNotify
GitHub
Add trusted hosts support to library (#549) Β· octobercms/library@f86fcbc
Adds support for a new configuration value app.trustedHosts that defines the allowed hosts for the application. This allows a developer to prevent host header poisoning.
Possible values:
true: Tr...
Possible values:
true: Tr...
π¨ CVE-2021-23354
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity.
π@cveNotify
The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex string /\%(?:\(([\w_.]+)\)|([1-9]\d*)\$)?([0 +\-\]*)(\*|\d+)?(\.)?(\*|\d+)?[hlL]?([\%bscdeEfFgGioOuxX])/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity.
π@cveNotify
GitHub
ReDoS in printf Β· Issue #31 Β· adaltas/node-printf
Hi, I would like to report two Regular Expression Denial of Service (REDoS) vulnerability in printf. It allows cause a denial of service when using crafted invalid formats. You can execute the code...