» 2020 » 11월

CVE-2020-3984

Posted on 2020년 11월 25일2020년 11월 25일 by admin

CVE-2020-3984

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to unauthorized data access.

Source: CVE-2020-3984

CVE-2020-4002

Posted on 2020년 11월 25일2020년 11월 25일 by admin

CVE-2020-4002

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system.

Source: CVE-2020-4002

CVE-2020-4000

Posted on 2020년 11월 25일2020년 11월 25일 by admin

CVE-2020-4000

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files.

Source: CVE-2020-4000

CVE-2020-29006

Posted on 2020년 11월 25일2020년 11월 25일 by admin

CVE-2020-29006

MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.

Source: CVE-2020-29006

CVE-2020-25475

Posted on 2020년 11월 25일2020년 11월 25일 by admin

CVE-2020-25475

SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action.

Source: CVE-2020-25475

CVE-2020-25474

Posted on 2020년 11월 25일2020년 11월 25일 by admin

CVE-2020-25474

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.

Source: CVE-2020-25474

CVE-2020-25473

Posted on 2020년 11월 25일2020년 11월 25일 by admin

CVE-2020-25473

SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies.

Source: CVE-2020-25473

CVE-2020-25472

Posted on 2020년 11월 25일2020년 11월 25일 by admin

CVE-2020-25472

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.

Source: CVE-2020-25472

CVE-2019-20925

Posted on 2020년 11월 24일2020년 11월 24일 by admin

CVE-2019-20925

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24.

Source: CVE-2019-20925

CVE-2020-5674

Posted on 2020년 11월 24일2020년 11월 24일 by admin

CVE-2020-5674

Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Source: CVE-2020-5674