Monthly Archive: April 2020

Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you’re running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website, they could...

In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail...

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account. Date published...

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module. Date published : 2020-04-14 Security...

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler. Date published : 2020-04-14 Security Advice

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names....

Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper validation of host header values....

An issue was discovered in Cypress (formerly Broadcom) WICED Studio 6.2 CYW20735B1 and CYW20819A1. As a Bluetooth Low Energy (BLE) packet is received, it is copied into a Heap (ThreadX Block) buffer. The buffer...

The pc-kernel snap build process hardcoded the –allow-insecure-repositories and –allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build...

An issue was discovered in Rubrik 5.0.3-2296. An OS command injection vulnerability allows an authenticated attacker to remotely execute arbitrary code on Rubrik-managed systems. Date published : 2020-04-13 https://www.rubrik.com/en/advisories/rbk20200316s0012 https://www.rubrik.com

Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string. Date published : 2020-04-13...

UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key...

Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents. Date published : 2020-04-13 https://www.debian.org/security/2020/dsa-4714 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/

Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Date published : 2020-04-13 https://www.debian.org/security/2020/dsa-4714 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD/