petl before 1.68, in some configurations, allows resolution of entities in an XML document. Date published : 2020-11-26 https://github.com/nvn1729/advisories/blob/master/cve-2020-29128.md https://github.com/petl-developers/petl/compare/v1.6.7…v1.6.8
An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an...
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code. Date published...
In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.). Date published : 2020-11-26 https://github.com/glpi-project/glpi/security/advisories/GHSA-pqfv-4pvr-55r4
In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.). Date published : 2020-11-26 https://github.com/glpi-project/glpi/security/advisories/GHSA-wq38-gwxp-8p5p
Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute...
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack. Date published : 2020-11-26 https://my.cloudera.com/knowledge/TSB-2020-447-Cross-Site-Request-Forgery-vulnerability-in-CDE?id=304992 https://docs.cloudera.com/data-engineering/cloud/overview/topics/cde-service-overview.html
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal. Date published : 2020-11-26 https://github.com/lucxssouza/CVE-2020-13886 https://lucxs.medium.com/cve-2020-13886-lfi-voip-intelbras-d30f27a39b22
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS. Date published : 2020-11-26 https://blog.skullsec.com.br/CVE-2020-12262/ https://lucxs.medium.com/cve-2020-12262-xss-voip-intelbras-d5697e31fbf6
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. Date published : 2020-11-25 https://www.debian.org/security/2020/dsa-4799 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZL6NQTNK5PT63D2JX5YVV5OLUL76S5C/
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters. Date published : 2020-11-25 https://forums.oscommerce.com/forum/17-news-and-announcements/ https://github.com/aslanemre/cve-2020-29070/blob/main/CVE-2020-29070
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive...
A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition...
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution. Date published...