| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. |
| Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. |
| MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. |
| In SilverStripe assets 4.0, there is broken access control on files. |
| In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. |
| In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. |
| Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escape. |
| In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user (in certain limited circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-ported to LTS 2019.6.5 as well as LTS 2019.3.7. |
| PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled. |
| OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php. |
| MetadataExtractor 2.1.0 allows stack consumption. |
| An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion. |
| On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. |
| On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. |
| The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988. |
| pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765. |
| A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints. |
| An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become "Administrator" (for example). |
| An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. One can bypass authentication and perform a query on PHP forms within the /AdminDir folder that should be restricted. |
| An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if removed from the adminCons.php view (i.e., the rogue PHP file can be hidden). |
