Monthly Archive: March 2020

mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors. Date published : 2020-03-24 https://jvn.jp/en/jp/JVN77634892/index.html

Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2020-03-24 https://jvn.jp/en/jp/JVN85942151/index.html

Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure...

IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. IBM X-Force ID: 177080. Date published : 2020-03-24 https://www.ibm.com/support/pages/node/6116032 https://exchange.xforce.ibmcloud.com/vulnerabilities/177080

IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559. Date published : 2020-03-24 https://www.ibm.com/support/pages/node/6116020 https://exchange.xforce.ibmcloud.com/vulnerabilities/175559

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader...

A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent...

In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. Date published : 2020-03-24 https://security.netapp.com/advisory/ntap-20200403-0003/ https://www.debian.org/security/2020/dsa-4667

Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. Date published : 2020-03-24 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WD6OSOLLAR2AVPJAMGUKWRXN6477IHHV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JPE2HFBDJF3UBT6Q4VWLKNKCVCMX25J/

GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. Date published : 2020-03-24 https://www.debian.org/security/2020/dsa-4675 https://sourceforge.net/p/graphicsmagick/code/ci/5b4dd7c6674140a115ec9424c8d19c6a458fac3e/

Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. Date published : 2020-03-24 http://jvn.jp/en/jp/JVN56890693/index.html https://www.acyba.com/acymailing/68-acymailing-changelog.html?Itemid=329

Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. Date published : 2020-03-24 https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305 https://github.com/memcached/memcached/issues/629

An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppTray. The Samsung ID is SVE-2019-16192 (January 2020). Date published : 2020-03-24 https://security.samsungmobile.com/securityUpdate.smsb

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Kernel stack addresses are leaked to userspace. The Samsung ID is SVE-2019-16161 (January 2020). Date published : 2020-03-24 https://security.samsungmobile.com/securityUpdate.smsb