» 2020 » 12월

CVE-2020-35573

Posted on 2020년 12월 20일2020년 12월 20일 by admin

CVE-2020-35573

srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.

Source: CVE-2020-35573

CVE-2020-14224

Posted on 2020년 12월 19일2020년 12월 19일 by admin

CVE-2020-14224

A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user.

Source: CVE-2020-14224

CVE-2020-7200

Posted on 2020년 12월 19일2020년 12월 19일 by admin

CVE-2020-7200

A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.

Source: CVE-2020-7200

CVE-2020-7201

Posted on 2020년 12월 19일2020년 12월 19일 by admin

CVE-2020-7201

A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and HPE StoreEver 1/8 G2 Tape Autoloaders. The vulnerability could be remotely exploited to allow Cross-site Request Forgery (CSRF).

Source: CVE-2020-7201

CVE-2020-14271

Posted on 2020년 12월 19일2020년 12월 19일 by admin

CVE-2020-14271

HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim’s web browser within the security context of the hosting Web site and/or steal the victim’s cookie-based authentication credentials.

Source: CVE-2020-14271

CVE-2020-7203

Posted on 2020년 12월 19일2020년 12월 19일 by admin

CVE-2020-7203

A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. The vulnerability could be exploited to allow remote code execution.

Source: CVE-2020-7203

CVE-2020-4080

Posted on 2020년 12월 19일2020년 12월 19일 by admin

CVE-2020-4080

HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim’s web browser within the security context of the hosting Web site and/or steal the victim’s cookie-based authentication credentials.

Source: CVE-2020-4080

CVE-2020-5803

Posted on 2020년 12월 19일2020년 12월 19일 by admin

CVE-2020-5803

Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root.

Source: CVE-2020-5803

CVE-2020-13535

Posted on 2020년 12월 19일2020년 12월 19일 by admin

CVE-2020-13535

A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges.

Source: CVE-2020-13535

CVE-2020-17520

Posted on 2020년 12월 19일2020년 12월 19일 by admin

CVE-2020-17520

In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager’s admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.

Source: CVE-2020-17520