» 2020 » 2월

CVE-2014-3919

Posted on 2020년 2월 14일2020년 2월 14일 by admin

CVE-2014-3919

A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information.

Source: CVE-2014-3919

CVE-2014-4170

Posted on 2020년 2월 14일2020년 2월 14일 by admin

CVE-2014-4170

A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information.

Source: CVE-2014-4170

CVE-2014-4198

Posted on 2020년 2월 14일2020년 2월 14일 by admin

CVE-2014-4198

A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function.

Source: CVE-2014-4198

CVE-2020-8981

Posted on 2020년 2월 14일2020년 2월 14일 by admin

CVE-2020-8981

A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repo_delete.php Delete Repository page allows execution of arbitrary code via a repo name (if CSP settings permit it). This is related to CVE-2018-16362.

Source: CVE-2020-8981

CVE-2019-10785

Posted on 2020년 2월 14일2020년 2월 14일 by admin

CVE-2019-10785

dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.

Source: CVE-2019-10785

CVE-2020-0560

Posted on 2020년 2월 14일2020년 2월 14일 by admin

CVE-2020-0560

Improper permissions in the installer for the Intel(R) Renesas Electronics(R) USB 3.0 Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.

Source: CVE-2020-0560