Monthly Archive: November 2020

A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. Date published...

Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. Date published : 2020-11-18 https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM https://security.netapp.com/advisory/ntap-20201202-0004/

Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. Date published : 2020-11-18 https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM https://security.netapp.com/advisory/ntap-20201202-0004/

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. Date published : 2020-11-18 https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI https://security.netapp.com/advisory/ntap-20201202-0004/

Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the...

cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php. Date published : 2020-11-18 https://github.com/cbkhwx/cxuucmsv3/issues/1 http://packetstormsecurity.com/files/160129/xuucms-3-SQL-Injection.html

httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed...

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to...

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of...

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the...

A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic...

Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may...

RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the...

REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message. Date published : 2020-11-18 http://packetstormsecurity.com/files/160077/MailDepot-2033-2.3.3022-Cross-Site-Scripting.html https://www.syss.de/pentest-blog/syss-2020-037-persistent-cross-site-scripting-schwachstelle-in-reddoxx-maildepot