Monthly Archive: February 2020

TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. Date published : 2020-02-05 https://github.com/theupdateframework/tuf/pull/974

Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename...

It’s been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution...

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected device. The vulnerability...

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The...

A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device,...

A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because...

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is...

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP...

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected...

Joomla! 1.7.1 has core information disclosure due to inadequate error checking. Date published : 2020-02-04 http://www.openwall.com/lists/oss-security/2012/03/02/1 http://www.openwall.com/lists/oss-security/2012/03/02/4

Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. Date published : 2020-02-04 https://developer.joomla.org/security/news/303-20090723-core-com-mailto-timeout-issue.html https://www.openwall.com/lists/oss-security/2011/12/25/9

Joomla! core 1.7.1 allows information disclosure due to weak encryption Date published : 2020-02-04 http://www.openwall.com/lists/oss-security/2012/03/02/4 http://www.openwall.com/lists/oss-security/2012/03/02/8

ZPanel 10.0.1 has insufficient entropy for its password reset process. Date published : 2020-02-04 http://www.securityfocus.com/bid/56400 https://exchange.xforce.ibmcloud.com/vulnerabilities/79841