Monthly Archive: July 2020

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after...

An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component. Date published...

Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device. Date published : 2020-07-27 https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01

This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js. Date published : 2020-07-25 https://snyk.io/vuln/SNYK-JS-FASTHTTP-572892

This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function. Date published : 2020-07-25 https://snyk.io/vuln/SNYK-JS-ROLLUPPLUGINDEVSERVER-590124

This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function. Date published : 2020-07-25 https://snyk.io/vuln/SNYK-JS-ROLLUPPLUGINSERVER-590123

This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js. Date published : 2020-07-25 https://snyk.io/vuln/SNYK-JS-MARKEDTREE-590121

This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js. Date published : 2020-07-25 https://snyk.io/vuln/SNYK-JS-MARSCODE-590122

An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. Date published : 2020-07-24 https://iknow.lenovo.com.cn/detail/dc_190088.html

A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. Date published : 2020-07-24 https://iknow.lenovo.com.cn/detail/dc_190088.html

Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. Date published : 2020-07-24 https://support.citrix.com/article/CTX277662

Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image. Date published : 2020-07-24 https://hackerone.com/reports/842462

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. Date published : 2020-07-24 https://security.netapp.com/advisory/ntap-20201023-0003/ https://security.gentoo.org/glsa/202101-07

Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of...