CVE-2020-4725
IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user. IBM X-Force ID: 187974.
Source: CVE-2020-4725
[월:] 2021년 03월
CVE-2020-4726
CVE-2020-4726
The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975.
Source: CVE-2020-4726
CVE-2020-23518
CVE-2020-23518
Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing – Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML.
Source: CVE-2020-23518
CVE-2021-21513
CVE-2021-21513
Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability.
A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system.
Source: CVE-2021-21513
CVE-2021-21514
CVE-2021-21514
Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.
Source: CVE-2021-21514
CVE-2020-25902
CVE-2020-25902
Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class.
Source: CVE-2020-25902
CVE-2020-1936
CVE-2020-1936
A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.
Source: CVE-2020-1936
CVE-2021-27904
CVE-2021-27904
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
Source: CVE-2021-27904
CVE-2021-27901
CVE-2021-27901
An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021).
Source: CVE-2021-27901
CVE-2021-21321
CVE-2021-21321
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is "/pub/", a user expect that accessing "/priv" on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.0.2.
Source: CVE-2021-21321