Monthly Archive: August 2020

A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are delivered with a 3rd party component (BIRT) that contains a remote...

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary...

ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links. Date published : 2020-08-13 http://www.abbyydownloads.com/fc12/r3/ReleaseNotes_FC12_R3_U1_1299.39_build_12.0.3.2634.pdf https://support.abbyy.com/hc/en-us/articles/360008536920-FineReader-15-Change-Log

Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character,...

An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in...

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID:...

njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface....

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c. Date published : 2020-08-13 https://security.netapp.com/advisory/ntap-20200918-0001/ https://github.com/nginx/njs/issues/322

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. Date published : 2020-08-13 https://security.netapp.com/advisory/ntap-20200918-0001/ https://github.com/nginx/njs/issues/323

njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. Date published : 2020-08-13 https://security.netapp.com/advisory/ntap-20200918-0001/ https://github.com/nginx/njs/issues/325

** DISPUTED ** JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the –stack-limit option. Date published : 2020-08-13 https://github.com/jerryscript-project/jerryscript/issues/3977

JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read. Date published : 2020-08-13 https://github.com/jerryscript-project/jerryscript/issues/3976

Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c. Date published : 2020-08-13 https://github.com/ccxvii/mujs/issues/136

Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. Date published : 2020-08-13 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QA5Q5MDQMTGXRQO3PAQ4EZFTYWJXZM5N/ http://lua-users.org/lists/lua-l/2020-07/msg00052.html