Monthly Archive: September 2020

An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder application. At a bare minimum,...

An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Radio application. At...

An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that...

An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject...

An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that...

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload. Date published : 2020-09-14 https://cwiki.apache.org/confluence/display/ww/s2-060 https://launchpad.support.sap.com/#/notes/2982840

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Date published : 2020-09-14 http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata. Date published : 2020-09-14 https://doc.dataiku.com/dss/latest/security/advisories/cve-2020-8817.html https://doc.dataiku.com/dss/latest/release_notes/6.0.htm

A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____...

An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints. Date published : 2020-09-14 https://rustsec.org/advisories/RUSTSEC-2019-0035.html

An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products...

An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop). Date published : 2020-09-14 https://github.com/hyperium/http/issues/352 https://rustsec.org/advisories/RUSTSEC-2019-0033.html

An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint. Date published : 2020-09-14 https://github.com/contain-rs/linked-hash-map/pull/100 https://rustsec.org/advisories/RUSTSEC-2020-0026.html

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter. Date published : 2020-09-14 http://packetstormsecurity.com/files/159177/ThinkAdmin-6-Arbitrary-File-Read.html https://github.com/zoujingli/ThinkAdmin/issues/244