Vulnerability management.
List of latest published vulnerabilities.
- [webapps] ChurchRota 2.6.4 - RCE (Authenticated) January 20, 2021ChurchRota 2.6.4 - RCE (Authenticated)
- [webapps] Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS January 20, 2021Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS
- [webapps] Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution) January 20, 2021Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)
- [webapps] osTicket 1.14.2 - SSRF January 19, 2021osTicket 1.14.2 - SSRF
- [webapps] Cisco UCS Manager 2.2(1d) - Remote Command Execution January 18, 2021Cisco UCS Manager 2.2(1d) - Remote Command Execution
- [webapps] Xwiki CMS 12.10.2 - Cross Site Scripting (XSS) January 18, 2021Xwiki CMS 12.10.2 - Cross Site Scripting (XSS)
- [webapps] Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated) January 18, 2021Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)
- [webapps] Life Insurance Management System 1.0 - 'client_id' SQL Injection January 18, 2021Life Insurance Management System 1.0 - 'client_id' SQL Injection
- [webapps] Life Insurance Management System 1.0 - File Upload RCE (Authenticated) January 18, 2021Life Insurance Management System 1.0 - File Upload RCE (Authenticated)
- [webapps] Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection January 15, 2021Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection
National Vulnerability Database
- CVE-2020-20949 January 20, 2021Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
- CVE-2020-35271 January 20, 2021Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Employees, First Name and Last Name fields.
- CVE-2020-35272 January 20, 2021Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.
- CVE-2020-25683 January 20, 2021A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by […]
- CVE-2020-25684 January 20, 2021A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker […]
- CVE-2021-3130 January 20, 2021Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.
- CVE-2020-25685 January 20, 2021A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it […]
- CVE-2020-14360 January 20, 2021A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- CVE-2021-2129 January 20, 2021Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly […]
- CVE-2021-2126 January 20, 2021Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly […]