MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request. Date published : 2020-12-21 https://packetstormsecurity.com/files/160470/MiniWeb-HTTP-Server-0.8.19-Buffer-Overflow.html https://securityforeveryone.com/blog/miniweb-http-server-vulnerability-0-day-cve-2020-29596
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Date published :...
Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a...
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file Date published : 2020-12-21 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json https://security.gentoo.org/glsa/202101-12
Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go’s `os/exec` for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system...
async-h1 is an asynchronous HTTP/1.1 parser for Rust (crates.io). There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all...
DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target....
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability...
tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS#1 v1.5 decryption...
Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution. Date published : 2020-12-21 https://hardik-solanki.medium.com/html-injection-stored-which-ultimately-resulted-into-a-cve-2020-26049-61c1a47dc2e8
The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation....
SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. Date published : 2020-12-21 https://github.com/hackxf/cms_vul/blob/master/SeacmsSQL.md
SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter. Date published : 2020-12-21 https://gitee.com/yunyecms/yunyecms/issues/I15J32?from=project-issue
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site...