» 2020 » 12월

CVE-2020-35466

Posted on 2020년 12월 16일2020년 12월 16일 by admin

CVE-2020-35466

The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password.

Source: CVE-2020-35466

CVE-2020-35465

Posted on 2020년 12월 16일2020년 12월 16일 by admin

CVE-2020-35465

The FullArmor HAPI File Share Mount Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the FullArmor HAPI File Share Mount container may allow the remote attacker to achieve root access with a blank password.

Source: CVE-2020-35465

CVE-2020-35464

Posted on 2020년 12월 16일2020년 12월 16일 by admin

CVE-2020-35464

Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password.

Source: CVE-2020-35464

CVE-2020-35463

Posted on 2020년 12월 16일2020년 12월 16일 by admin

CVE-2020-35463

Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password.

Source: CVE-2020-35463

CVE-2020-35121

Posted on 2020년 12월 16일2020년 12월 16일 by admin

CVE-2020-35121

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro.

Source: CVE-2020-35121

CVE-2018-16243

Posted on 2020년 12월 16일2020년 12월 16일 by admin

CVE-2018-16243

SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen.

Source: CVE-2018-16243

CVE-2020-29663

Posted on 2020년 12월 16일2020년 12월 16일 by admin

CVE-2020-29663

Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3.

Source: CVE-2020-29663

CVE-2020-35122

Posted on 2020년 12월 16일2020년 12월 16일 by admin

CVE-2020-35122

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection.

Source: CVE-2020-35122

CVE-2020-35462

Posted on 2020년 12월 16일2020년 12월 16일 by admin

CVE-2020-35462

Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to achieve root access with a blank password.

Source: CVE-2020-35462

CVE-2020-29606

Posted on 2020년 12월 16일2020년 12월 16일 by admin

CVE-2020-29606

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: CVE-2020-29606