Monthly Archive: August 2020

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services. IBM X-Force ID: 179163....

IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174406....

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this...

wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged...

An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the...

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs...

An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and...

MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite. Date published : 2020-08-24 https://github.com/theart42/cves/blob/master/cve-2020-24364/CVE-2020-24364.md https://minetime.ai

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action....

DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcmsmodmod.editor.php $_POST[‘updatefile’] is filename and $_POST[‘tinymce_content’] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability...

DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcmsmodmod.editor.php $_GET[‘file’] is filename,and as there is no filter function for security, you can read any file’s content. Date published : 2020-08-24 https://github.com/fragrant10/cve/tree/master/dbhcms1.2.0#15

DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. Date published : 2020-08-24 https://github.com/fragrant10/cve/tree/master/dbhcms1.2.0#11

DBHcms v1.2.0 has an unauthorized operation vulnerability because there’s no access control at line 175 of dbhcmspage.php for empty cache operation. This vulnerability can be exploited to empty a table. Date published : 2020-08-24...

DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for ‘$_POST[‘pageparam_insert_description’]’ variable in dbhcmsmodmod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users....