Monthly Archive: July 2020

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into...

An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On...

CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. Date published : 2020-07-22 https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download= https://www.codesys.com

In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked...

In Goobi Viewer Core before version 4.8.3, a path traversal vulnerability allows for remote attackers to access files on the server via the application. This is limited to files accessible to the application server...

D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command. Date published : 2020-07-22 https://www.twcert.org.tw/tw/cp-132-3802-27204-1.html

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The...

A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage Date published : 2020-07-21 https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6 https://lf.lc/CVE-2016-7064.txt

A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation. Date published : 2020-07-21 https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6 https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6,

Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request. Date published...

LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. Date published : 2020-07-21 https://github.com/LuaJIT/LuaJIT/issues/601 https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html

Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. Date published : 2020-07-21 http://lua-users.org/lists/lua-l/2020-07/msg00078.html http://lua-users.org/lists/lua-l/2020-12/msg00157.html

Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. Date published : 2020-07-21 http://lua-users.org/lists/lua-l/2020-07/msg00053.html http://lua-users.org/lists/lua-l/2020-07/msg00054.html

Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16). Date...