A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container...
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it...
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php. Date published : 2020-03-19 http://dev.cmsmadesimple.org/bug/view/12274
In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges. Date published : 2020-03-19 https://github.com/OctopusDeploy/Issues/issues/6258
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call. Date published : 2020-03-19 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KUHKDQSEYJNROA66OMN6AAQMGAAN6WI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4C7PV6KEUUM76V4B2J5IFN2U6LEOWB67/
The Canon Oce Colorwave 500 4.0.0.0 printer’s web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE:...
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version. Date...
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device’s web interface can get...
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version. Date published...
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version. Date published...
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration. Date published :...
Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from...
In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files....
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter. Date published : 2020-03-18 https://www.netsparker.com/web-applications-advisories/ns-19-015-reflected-cross-site-scripting-in-openfire/