Monthly Archive: August 2020

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. Date published : 2020-08-30 https://github.com/trentm/json/issues/144 https://github.com/trentm/json/pull/145

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical...

checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file. Date published : 2020-08-30 https://bugs.launchpad.net/ubuntu/+source/checkinstall/+bug/1861281

osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php. Date published : 2020-08-30 https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d https://github.com/osTicket/osTicket/compare/v1.14.2…v1.14.3

Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. Date published : 2020-08-30 http://packetstormsecurity.com/files/158728/Mara-CMS-7.5-Cross-Site-Scripting.html https://github.com/FreySolarEye/CVE/blob/master/Mara%20CMS%207.5%20-%20Cross%20Site%20Scripting

XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID, as demonstrated by the wireless.htm SET2 parameter....

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be...

A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due...

MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components. Date published : 2020-08-29 https://github.com/joniles/mpxj/pull/178/commits/c3e457f7a16facfe563eade82b0fa8736a8c96f9 https://www.oracle.com/security-alerts/cpujan2021.html

jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. Date published : 2020-08-29 https://github.com/jitsi/jitsi-meet-electron/commit/ca1eb702507fdc4400fe21c905a9f85702f92a14 https://github.com/jitsi/jitsi-meet-electron/releases/tag/v2.3.0

A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as...

The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can...

managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information. Date published : 2020-08-29 https://github.com/PreMiD/PreMiD/pull/501

The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter). Date published : 2020-08-29 https://stiltsoft.atlassian.net/browse/VD-1