» 2020 » 1월

CVE-2012-1260

Posted on 2020년 1월 10일2020년 1월 10일 by admin

CVE-2012-1260

Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script.

Source: CVE-2012-1260

CVE-2019-6330

Posted on 2020년 1월 10일2020년 1월 10일 by admin

CVE-2019-6330

A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege.

Source: CVE-2019-6330

CVE-2020-6167

Posted on 2020년 1월 10일2020년 1월 10일 by admin

CVE-2020-6167

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo.

Source: CVE-2020-6167

CVE-2019-6331

Posted on 2020년 1월 10일2020년 1월 10일 by admin

CVE-2019-6331

An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information.

Source: CVE-2019-6331

CVE-2020-1925

Posted on 2020년 1월 10일2020년 1월 10일 by admin

CVE-2020-1925

Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker.

Source: CVE-2020-1925

CVE-2019-6320

Posted on 2020년 1월 10일2020년 1월 10일 by admin

CVE-2019-6320

Certain HP DeskJet 3630 All-in-One Printers models F5S43A – F5S57A, K4T93A – K4T99C, K4U00B – K4U03B, and V3F21A – V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.

Source: CVE-2019-6320

CVE-2019-6332

Posted on 2020년 1월 10일2020년 1월 10일 by admin

CVE-2019-6332

A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A – V1N08A, Y5H60A – Y5H80A; HP DeskJet Ink Advantage 2600 All-in-One Printer series model numbers V1N02A – V1N02B, Y5Z00A – Y5Z04B; HP DeskJet Ink Advantage 5000 All-in-One Printer series model numbers M2U86A – M2U89B; HP DeskJet Ink Advantage 5200 All-in-One Printer series model numbers M2U76A – M2U78B; HP ENVY 5000 All-in-One Printer series model numbers M2U85A – M2U85B, M2U91A – M2U94B, Z4A54A – Z4A74A; HP ENVY Photo 6200 All-in-One Printer series model numbers K7G18A-K7G26B, K7S21B, Y0K13D – Y0K15A; HP ENVY Photo 7100 All-in-One Printer series model numbers 3XD89A, K7G93A-K7G99A, Z3M37A – Z3M52A; HP ENVY Photo 7800 All-in-One Printer series model numbers K7R96A, K7S00A – K7S10D, Y0G42D – Y0G52B; HP Ink Tank Wireless 410 series model numbers Z4B53A – Z4B55A, Z6Z95A – Z6Z99A, 4DX94A – 4DX95A, 4YF79A, Z7A01A; HP OfficeJet 5200 All-in-One Printer series model numbers M2U75A, M2U81A-M2U84B, Z4B12A – Z4B14A, Z4B27A – Z4B29A; HP Smart Tank Wireless 450 series model numbers Z4B56A, Z6Z96A – Z6Z98A.

Source: CVE-2019-6332

CVE-2020-1786

Posted on 2020년 1월 10일2020년 1월 10일 by admin

CVE-2020-1786

HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a normal one. Successful exploit could allow the attacker to bypass digital balance function.

Source: CVE-2020-1786

CVE-2020-1810

Posted on 2020년 1월 10일2020년 1월 10일 by admin

CVE-2020-1810

Huawei products CloudEngine 12800, S5700, and S6700 have a weak algorithm vulnerability. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. Affected product versions include: CloudEngine 12800 versions V100R003C00SPC600, V100R003C10SPC100, V100R005C00SPC200, V100R005C00SPC300, V100R005C10HP0001, V100R005C10SPC100, V100R005C10SPC200, V100R006C00, V200R001C00, V200R002C01, V200R002C10, V200R002C20, V200R005C10; CloudEngine S5700 versions V200R005C00SPC500, V200R005C03, V200R006C00SPC100, V200R006C00SPC300, V200R006C00SPC500, V200R007C00SPC100, V200R007C00SPC500, V200R010C00SPC300, V200R010C00SPC600, V200R010C00SPC700, V200R011C00SPC200, V200R011C10SPC500, V200R011C10SPC600, V200R012C00SPC200, V200R012C00SPC500, V200R012C00SPC600, V200R012C00SPC700, V200R012C00SPC710, V200R012C20; CloudEngine S6700 versions V200R005C00SPC500, V200R005C01, V200R008C00SPC500, V200R010C00SPC300, V200R010C00SPC600, V200R011C00SPC200, V200R011C10SPC500, V200R011C10SPC600, V200R012C00SPC200, V200R012C00SPC500, V200R012C00SPC600, V200R012C00SPC710.

Source: CVE-2020-1810

CVE-2018-12380

Posted on 2020년 1월 10일2020년 1월 10일 by admin

CVE-2018-12380

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-17009. Reason: This candidate is a duplicate of CVE-2019-17009. Notes: All CVE users should reference CVE-2019-17009 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Source: CVE-2018-12380