CVE-2019-18242
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail.
Source: CVE-2019-18242
[월:] 2020년 03월
CVE-2020-10385
CVE-2020-10385
A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.
Source: CVE-2020-10385
CVE-2019-4553
CVE-2019-4553
IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958.
Source: CVE-2019-4553
CVE-2019-4681
CVE-2019-4681
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171734.
Source: CVE-2019-4681
CVE-2020-10938
CVE-2020-10938
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
Source: CVE-2020-10938
CVE-2020-4253
CVE-2020-4253
IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559.
Source: CVE-2020-4253
CVE-2020-4309
CVE-2020-4309
IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. IBM X-Force ID: 177080.
Source: CVE-2020-4309
CVE-2020-1747
CVE-2020-1747
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.
Source: CVE-2020-1747
CVE-2020-10934
CVE-2020-10934
Acyba AcyMailing before 6.9.2 mishandles file uploads by admins.
Source: CVE-2020-10934
CVE-2020-10931
CVE-2020-10931
Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.
Source: CVE-2020-10931