» 2020 » 5월

CVE-2020-13633

Posted on 2020년 5월 28일2020년 5월 28일 by admin

CVE-2020-13633

Fork before 5.8.3 allows XSS via navigation_title or title.

Source: CVE-2020-13633

CVE-2020-13628

Posted on 2020년 5월 28일2020년 5월 28일 by admin

CVE-2020-13628

Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget.

Source: CVE-2020-13628

CVE-2020-10945

Posted on 2020년 5월 28일2020년 5월 28일 by admin

CVE-2020-10945

Centreon before 19.10.7 exposes Session IDs in server responses.

Source: CVE-2020-10945

CVE-2020-10946

Posted on 2020년 5월 28일2020년 5월 28일 by admin

CVE-2020-10946

Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget.

Source: CVE-2020-10946

CVE-2020-13627

Posted on 2020년 5월 28일2020년 5월 28일 by admin

CVE-2020-13627

Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget.

Source: CVE-2020-13627

CVE-2020-13632

Posted on 2020년 5월 28일2020년 5월 28일 by admin

CVE-2020-13632

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

Source: CVE-2020-13632

CVE-2020-13253

Posted on 2020년 5월 28일2020년 5월 28일 by admin

CVE-2020-13253

sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.

Source: CVE-2020-13253

CVE-2020-13630

Posted on 2020년 5월 28일2020년 5월 28일 by admin

CVE-2020-13630

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

Source: CVE-2020-13630

CVE-2020-13631

Posted on 2020년 5월 28일2020년 5월 28일 by admin

CVE-2020-13631

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

Source: CVE-2020-13631

CVE-2020-4226

Posted on 2020년 5월 27일2020년 5월 28일 by admin

CVE-2020-4226

IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 175207.

Source: CVE-2020-4226