Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. Date published : 2020-05-18 https://gitlab.com/eLeN3Re/CVE-2020-13154 https://www.manageengine.com/products/service-desk/on-premises/readme.html
app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view. Date published : 2020-05-18 https://github.com/MISP/MISP/commit/2989aa05225aa9b3a592ca50cbf8350ef256909c https://github.com/MISP/MISP/compare/v2.4.125…v2.4.126
Weak permissions on the "%PROGRAMDATA%MSIDragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is...
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info" feature. Date published : 2020-05-18 https://stark0de.com/2020/05/17/openedx-vulnerabilities.html
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS. Date published : 2020-05-18 https://stark0de.com/2020/05/17/openedx-vulnerabilities.html
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the...
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal ‘’ value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. Date published...
D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. Date published : 2020-05-18 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172
D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy. Date published : 2020-05-18 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172
An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string, which...
Dolibarr before 11.0.4 allows XSS. Date published : 2020-05-18 http://packetstormsecurity.com/files/157752/Dolibarr-11.0.3-Cross-Site-Scripting.html https://github.com/Dolibarr/dolibarr/blob/11.0.4/ChangeLog
COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a...
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models...
Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons. Date published : 2020-05-18 https://docs.google.com/document/d/1u5a5ersKBH6eG362atALrzuXo3zuZ70qrGomWVEC27U/edit?usp=sharing...