WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors. Date published : 2021-07-07 https://jvn.jp/en/vu/JVNVU94260088/index.html https://www.elecom.co.jp/news/security/20210706-01/
WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors. Date published : 2021-07-07 https://jvn.jp/en/vu/JVNVU94260088/index.html https://www.elecom.co.jp/news/security/20210706-01/
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Date published : 2021-07-07 https://www.ibm.com/support/pages/node/6469407 https://exchange.xforce.ibmcloud.com/vulnerabilities/196945
IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks...
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to...
IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217. Date published : 2021-07-07 https://www.ibm.com/support/pages/node/6469691 https://exchange.xforce.ibmcloud.com/vulnerabilities/196217
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711. Date published : 2021-07-07 https://www.ibm.com/support/pages/node/6469407 https://exchange.xforce.ibmcloud.com/vulnerabilities/195711
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709. Date published :...
Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. Date published : 2021-07-07 https://ashketchum.medium.com/cross-site-scripting-xss-in-webmail-calender-in-icewarp-webclient-cve-2020-25925-67e1cbc40bd9
Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service). Date published : 2021-07-07 https://docs.pexip.com/admin/security_bulletins.htm#CVE-2020-25868 https://docs.pexip.com/admin/security_bulletins.htm
Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in a secondline_import_initialize action to the secondlinepodcastimport page. Date published : 2021-07-07 https://github.com/secwx/research/blob/main/cve/CVE-2020-24149.md Podcast Importer SecondLine
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action. Date published : 2021-07-07 https://github.com/secwx/research/blob/main/cve/CVE-2020-24148.md Import XML and RSS Feeds
Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field. Date published : 2021-07-07 https://github.com/secwx/research/blob/main/cve/CVE-2020-24147.md WP Smart Import : Import any XML File to WordPress
Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot...