Monthly Archive: December 2020

Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair,...

Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption...

Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector. Date published : 2020-12-03 https://jvn.jp/en/jp/JVN24457594/index.html https://www.ec-cube.net/info/weakness/

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended...

Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. Date published : 2020-12-03 https://github.com/weseek/growi https://hub.docker.com/r/weseek/growi/

Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. Date published : 2020-12-03 https://github.com/weseek/growi https://hub.docker.com/r/weseek/growi/

GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors. Date published : 2020-12-03 https://github.com/weseek/growi https://hub.docker.com/r/weseek/growi/

Cross-site scripting vulnerability in desknet’s NEO (desknet’s NEO Small License V5.5 R1.5 and earlier, and desknet’s NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors. Date...

An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94. Date...

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0. Date published : 2020-12-03...

OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary...

OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users. Date published : 2020-12-03 https://labs.bishopfox.com/advisories/openclinic-version-0.8.2

OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient’s medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application,...

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0...