» 2020 » 3월

CVE-2020-8785

Posted on 2020년 3월 17일2020년 3월 17일 by admin

CVE-2020-8785

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).

Source: CVE-2020-8785

CVE-2020-8786

Posted on 2020년 3월 17일2020년 3월 17일 by admin

CVE-2020-8786

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).

Source: CVE-2020-8786

CVE-2019-20326

Posted on 2020년 3월 17일2020년 3월 17일 by admin

CVE-2019-20326

A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.

Source: CVE-2019-20326

CVE-2019-20191

Posted on 2020년 3월 17일2020년 3월 17일 by admin

CVE-2019-20191

Oxygen XML Editor 21.1.1 allows XXE to read any file.

Source: CVE-2019-20191

CVE-2020-8784

Posted on 2020년 3월 17일2020년 3월 17일 by admin

CVE-2020-8784

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).

Source: CVE-2020-8784

CVE-2019-19613

Posted on 2020년 3월 17일2020년 3월 17일 by admin

CVE-2019-19613

** DISPUTED ** An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim’s request on the wire. NOTE: the vendor does not recognize this issue and will not patch it.

Source: CVE-2019-19613

CVE-2020-7248

Posted on 2020년 3월 17일2020년 3월 17일 by admin

CVE-2020-7248

libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.

Source: CVE-2020-7248

CVE-2019-19538

Posted on 2020년 3월 17일2020년 3월 17일 by admin

CVE-2019-19538

In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.

Source: CVE-2019-19538

CVE-2019-19610

Posted on 2020년 3월 17일2020년 3월 17일 by admin

CVE-2019-19610

** DISPUTED ** An issue was discovered in Halvotec RaQuest 10.23.10801.0. It allows session fixation. NOTE: the vendor does not recognize this issue and will not patch it.

Source: CVE-2019-19610

CVE-2019-19612

Posted on 2020년 3월 17일2020년 3월 17일 by admin

CVE-2019-19612

** DISPUTED ** An issue was discovered in Halvotec RaQuest 10.23.10801.0. Several features of the application allow stored Cross-site Scripting (XSS). NOTE: the vendor does not recognize this issue and will not patch it.

Source: CVE-2019-19612