Monthly Archive: December 2020

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is...

In AnyView (network police) network monitoring software 4.6.0.1, there is a local denial of service vulnerability in AnyView, attackers can use a constructed program to cause a computer crash (BSOD). Date published : 2020-12-03...

In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges. Date published : 2020-12-03 http://www.drivergenius.com/ https://github.com/y5s5k5/CVE-2020-23740

There is a local denial of service vulnerability in Advanced SystemCare 13 PRO 13.5.0.174. Attackers can use a constructed program to cause a computer crash (BSOD) Date published : 2020-12-03 HOME https://github.com/y5s5k5/CVE-2020-23738

There is a local denial of service vulnerability in DaDa accelerator 5.6.19.816,, attackers can use constructed programs to cause computer crashes (BSOD). Date published : 2020-12-03 http://www.dadajiasu.net https://github.com/y5s5k5/CVE-2020-23736

In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Attackers can use the constructed program to increase user privileges Date published : 2020-12-03 http://www.saibo.com https://github.com/y5s5k5/CVE-2020-23735

There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD). Date published : 2020-12-03 https://github.com/y5s5k5/CVE-2020-23727 https://github.com/y5s5k5/POCtemp3

There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD). Date published : 2020-12-03 https://github.com/y5s5k5/CVE-2020-23726 https://github.com/y5s5k5/POCtemp1

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Date published : 2020-12-03 https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-2146 http://www.openwall.com/lists/oss-security/2020/12/03/2

Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions....

Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. Date published : 2020-12-03 https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-2109%20%281%29...

A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project. Date published : 2020-12-03 https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-2108 http://www.openwall.com/lists/oss-security/2020/12/03/2

Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. Date published : 2020-12-03 https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-1856 http://www.openwall.com/lists/oss-security/2020/12/03/2

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an...