» 2020 » 3월

CVE-2019-4001

Posted on 2020년 3월 25일2020년 3월 25일 by admin

CVE-2019-4001

Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code.

Source: CVE-2019-4001

CVE-2020-6816

Posted on 2020년 3월 25일2020년 3월 25일 by admin

CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.

Source: CVE-2020-6816

CVE-2020-7007

Posted on 2020년 3월 25일2020년 3월 25일 by admin

CVE-2020-7007

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.

Source: CVE-2020-7007

CVE-2020-6997

Posted on 2020년 3월 25일2020년 3월 25일 by admin

CVE-2020-6997

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext.

Source: CVE-2020-6997

CVE-2020-8986

Posted on 2020년 3월 25일2020년 3월 25일 by admin

CVE-2020-8986

lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests.

Source: CVE-2020-8986

CVE-2020-8984

Posted on 2020년 3월 25일2020년 3월 25일 by admin

CVE-2020-8984

lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header.

Source: CVE-2020-8984

CVE-2020-7001

Posted on 2020년 3월 25일2020년 3월 25일 by admin

CVE-2020-7001

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.

Source: CVE-2020-7001

CVE-2020-8985

Posted on 2020년 3월 25일2020년 3월 25일 by admin

CVE-2020-8985

ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality.

Source: CVE-2020-8985

CVE-2020-6991

Posted on 2020년 3월 25일2020년 3월 25일 by admin

CVE-2020-6991

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.

Source: CVE-2020-6991

CVE-2020-6077

Posted on 2020년 3월 25일2020년 3월 25일 by admin

CVE-2020-6077

An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability.

Source: CVE-2020-6077