Monthly Archive: November 2020

CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads...

A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to...

A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet....

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number...

All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails – for example, –@————————————————————————————————————————!. Date published : 2020-11-26 https://snyk.io/vuln/SNYK-JS-DJVALIDATOR-1018709

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. Date published : 2020-11-26 https://gist.github.com/EffectRenan/b434438938eed0b21b376cedf5c81e80 https://github.com/sebhildebrandt/systeminformation/blob/master/lib/internet.js

In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU...

In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases,...

cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577). Date published : 2020-11-26 https://docs.cpanel.net/changelogs/90-change-log/

In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). Date published : 2020-11-26 cPanel TSR-2020-0007 Full Disclosure https://docs.cpanel.net/changelogs/90-change-log/

cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567). Date published : 2020-11-26 https://docs.cpanel.net/changelogs/90-change-log/

jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter. Date published : 2020-11-26 https://github.com/fa1c0n1/fa1c0n-vim/blob/master/temp/core_tmp.md

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. Date published : 2020-11-26 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/45S5IHSWYITJKMRT23HCHJQDI674AMTQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPCOHDEONMHH6QPJZKRLLCNRGRYODG7X/

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. Date published : 2020-11-26 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/45S5IHSWYITJKMRT23HCHJQDI674AMTQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPCOHDEONMHH6QPJZKRLLCNRGRYODG7X/