» 2020 » 5월

CVE-2019-16112

Posted on 2020년 5월 14일2020년 5월 14일 by admin

CVE-2019-16112

TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI.

Source: CVE-2019-16112

CVE-2020-10654

Posted on 2020년 5월 13일2020년 5월 13일 by admin

CVE-2020-10654

Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint.

Source: CVE-2020-10654

CVE-2020-12742

Posted on 2020년 5월 13일2020년 5월 13일 by admin

CVE-2020-12742

The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols.

Source: CVE-2020-12742

CVE-2020-12700

Posted on 2020년 5월 13일2020년 5월 13일 by admin

CVE-2020-12700

The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query.

Source: CVE-2020-12700

CVE-2020-12699

Posted on 2020년 5월 13일2020년 5월 13일 by admin

CVE-2020-12699

The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl.

Source: CVE-2020-12699

CVE-2020-12697

Posted on 2020년 5월 13일2020년 5월 13일 by admin

CVE-2020-12697

The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries.

Source: CVE-2020-12697

CVE-2020-12698

Posted on 2020년 5월 13일2020년 5월 13일 by admin

CVE-2020-12698

The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables.

Source: CVE-2020-12698

CVE-2020-4312

Posted on 2020년 5월 13일2020년 5월 13일 by admin

CVE-2020-4312

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. IBM X-Force ID: 177089.

Source: CVE-2020-4312

CVE-2020-3327

Posted on 2020년 5월 13일2020년 5월 13일 by admin

CVE-2020-3327

A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Source: CVE-2020-3327

CVE-2020-3341

Posted on 2020년 5월 13일2020년 5월 13일 by admin

CVE-2020-3341

A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 – 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Source: CVE-2020-3341