Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

CVE-2020-15020: Elementor Website Builder – More than Just a Page Builder

An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.

CVE
#sql#xss#vulnerability#web#ios#android#mac#windows#apple#google#js#git#wordpress#php#perl#acer#auth#chrome#webkit#firefox#sap#ssl
CVE-2020-24223: CVE/Mara CMS 7.5 - Cross Site Scripting at master · FreySolarEye/CVE

Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters.

CVE-2020-3517: Cisco Security Advisory: Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about the attack vector, see the Details section of this advisory. The vulnerability is due to insufficient error handling when the affected software parses Cisco Fabric Services messages. An attacker could exploit this vulnerability by sending malicious Cisco Fabric Services messages to an affected device. A successful exploit could allow the attacker to cause a reload of an affected device, which could result in a DoS condition.

CVE-2020-13410: fix: catch writeToStream errors by robertsLando · Pull Request #493 · moscajs/aedes

An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream.

CVE-2020-14349: Invalid Bug ID

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.

CVE-2020-13101: Standards Archive - OASIS Open

In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation.

CVE-2020-15862: #965166 - snmpd privilege escalation

Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.

CVE-2020-24368: icingaweb2/CHANGELOG.md at master · Icinga/icingaweb2

Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.

CVE-2020-14356: kernel NULL pointer dereference in __cgroup_bpf_run_filter_skb

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.

CVE-2020-24394: #962254 - NFSv4.2: umask not applied on filesystem without ACL support

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.