Monthly Archive: June 2020

Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check. Date published :...

The Ignition page before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. Date published : 2020-06-07 https://github.com/facade/ignition/compare/2.0.4…2.0.5 https://github.com/facade/ignition/releases/tag/2.0.5

FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. Date...

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. Date published : 2020-06-07 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20920

HESK before 3.1.10 allows reflected XSS. Date published : 2020-06-06 https://www.hesk.com/demo/docs/changelog.html

Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve...

handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field. Date published : 2020-06-06 https://github.com/kbgsft/vuln-dext5editor/wiki/File-Download-vulnerability-in-DEXT5Editor-3.5.1402961-by-xcuter

The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard. Date published : 2020-06-06 https://jizen0x01.blogspot.com/2020/06/neon-dashboard-xss.html

showAlert() in the administration panel in Bludit 3.12.0 allows XSS. Date published : 2020-06-06 https://github.com/bludit/bludit/issues/1205

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. Date published :...

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. Date published : 2020-06-06 https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0 https://github.com/kravietz/pam_tacplus/issues/149

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. Date published : 2020-06-06 https://security.netapp.com/advisory/ntap-20200619-0002/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BN32AGQPMHZRNM6P6L5GZPETOWTGXOKP/

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able...

Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This...