Monthly Archive: September 2020

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine...

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to...

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run. Date published : 2020-09-30 https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E http://www.openwall.com/lists/oss-security/2021/04/27/3

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including...

Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack. Date published : 2020-09-30 http://packetstormsecurity.com/files/160186/Apache-OpenMeetings-5.0.0-Denial-Of-Service.html https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E

An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature. Date published : 2020-09-30 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13336.json https://gitlab.com/gitlab-org/gitlab/-/issues/215970

RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page. Date published : 2020-09-30 https://github.com/bzyo/cve-pocs/tree/master/CVE-2020-12870 https://www.pacsone.net/download.htm

RainbowFish PacsOne Server 6.8.4 allows XSS. Date published : 2020-09-30 https://github.com/bzyo/cve-pocs/tree/master/CVE-2020-12869 https://www.pacsone.net/download.htm

RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. Date published : 2020-09-30 https://github.com/bzyo/cve-pocs/tree/master/CVE-2020-12715 https://www.pacsone.net/download.htm

Improper Authentication vulnerability in WAGO 750-8XX series with FW version

Improper Authentication vulnerability in WAGO 750-8XX series with FW version

The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not...

The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a...

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability. Date published...