Monthly Archive: April 2020

Grafana version < 6.7.3 is vulnerable for annotation popup XSS. Date published : 2020-04-27 https://community.grafana.com/t/release-notes-v6-7-x/27119 https://security.netapp.com/advisory/ntap-20200511-0001/

An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery. Date published : 2020-04-27 http://packetstormsecurity.com/files/157476/Open-AudIT-3.2.2-Command-Injection-SQL-Injection.html https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v3.3.0

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the...

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure –> user access groups page. Thus, an attacker can inject malicious script to steal all users’ valuable data. Date published :...

In Rukovoditel 2.5.2, users’ passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them. Date published : 2020-04-27 https://fatihhcelik.blogspot.com/2020/01/rukovoditel-password-hash-in-cookie-url.html

In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specific...

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim’s peer-id. Normally such packets are dropped, but if this packet arrives before...

UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that reference files and by doing this achieve access to files...

An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext. Date published :...

Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when –history is passed at run time, this...

An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected. Date published : 2020-04-27 https://www.percona.com/blog/2020/04/20/cve-2020-10996-percona-xtradb-cluster-sst-script-static-key/ https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.28-31.41.2.html

The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference. Date published : 2020-04-27 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-10664

Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies. Date published : 2020-04-26 https://github.com/croogo/croogo/compare/3.0.6…3.0.7 https://github.com/croogo/croogo/issues/940

** DISPUTED ** React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the...