Weekly Vulnerabilities Reports > April 20 to 26, 2020

The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution.

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0.

A flaw was found in OpenShift Container Platform version 4.1 and later.

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free.

An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices.

Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system.

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.

The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal.

A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.

Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74.

Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6.

A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider.

Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by a hardcoded password.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by authentication bypass.

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value.

BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion.

In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c.

An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587.

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification).

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers.

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.

The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules.

In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.

In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.

An issue was discovered in Ceph through 13.2.9.

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker.

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0.

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension.

In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control.

In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily.

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.

An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.

Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers.

Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges.

Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network.

IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system.

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product.

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>.

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free.

IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Certain NETGEAR devices are affected by CSRF.

Certain NETGEAR devices are affected by CSRF.

NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.

In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages

NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.

Certain NETGEAR devices are affected by CSRF.

Certain NETGEAR devices are affected by CSRF.

The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions.

Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

Certain NETGEAR devices are affected by CSRF.

Certain NETGEAR devices are affected by CSRF.

The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component.

Certain NETGEAR devices are affected by CSRF.

Certain NETGEAR devices are affected by CSRF.

Certain NETGEAR devices are affected by CSRF.

Certain NETGEAR devices are affected by CSRF.

Certain NETGEAR devices are affected by CSRF.

Certain NETGEAR devices are affected by CSRF.

Certain NETGEAR devices are affected by CSRF and authentication bypass.

Certain NETGEAR devices are affected by command injection by an authenticated user.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions.

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.

The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests.

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code.

In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields.

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory.

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit.

The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties.

Certain NETGEAR devices are affected by unauthenticated firmware downgrade.

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.

In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices.

"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page.

In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search.

In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers.

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts.

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3.

jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element.

python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds.

IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE).

Certain NETGEAR devices are affected by CSRF.

A flaw was found in openshift-ansible.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by authentication bypass.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.

In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by authentication bypass.

Certain NETGEAR devices are affected by authentication bypass.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

Certain NETGEAR devices are affected by authentication bypass.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by authentication bypass.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication bypass.

NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escalation.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by authentication bypass.

NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler.

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by authentication bypass.

Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter.

Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.

Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory.

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.

A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character.

Certain NETGEAR devices are affected by command injection by an authenticated user.

Certain NETGEAR devices are affected by command injection by an authenticated user.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

Certain NETGEAR devices are affected by command injection by an authenticated user.

Certain NETGEAR devices are affected by command injection by an authenticated user.

Certain NETGEAR devices are affected by command injection by an authenticated user.

NETGEAR R8000 devices before 1.0.4.2 are affected by a stack-based buffer overflow by an authenticated user.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

Certain NETGEAR devices are affected by command injection by an authenticated user.

Certain NETGEAR devices are affected by command injection by an authenticated user.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

Certain NETGEAR devices are affected by command injection by an authenticated user.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php.

SQL Injection was discovered in Admidio before version 3.3.13.

When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero.

IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering.

DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal related to the ./etc/ path.

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API.

Certain NETGEAR devices are affected by disclosure of sensitive information.

paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution.

In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library.

An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0.

SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number 01.00.01 and earlier, AQUOS L2 (UQ mobile/J:COM) build number 01.00.05 and earlier, AQUOS sense lite SH-M05 build number 03.00.04 and earlier, AQUOS sense (UQ mobile) build number 03.00.03 and earlier, AQUOS compact SH-M06 build number 02.00.02 and earlier, AQUOS sense plus SH-M07 build number 02.00.02 and earlier, AQUOS sense2 SH-M08 build number 02.00.05 and earlier, and AQUOS sense2 (UQ mobile) build number 02.00.06 and earlier) allow an attacker to obtain the sensitive information of the device via malicious applications installed on the device.

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30.

An issue was discovered in GitLab 10.7.0 and later through 12.9.2.

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3.

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers.

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.

In JetBrains Space through 2020-04-22, the session timeout period was configured improperly.

JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.

In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.

In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.

In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.

The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request.

"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."

Certain NETGEAR devices are affected by incorrect configuration of security settings.

An issue was discovered in Joomla! before 3.9.17.

An issue was discovered in Joomla! before 3.9.17.

An issue was discovered in Joomla! before 3.9.17.

A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2.

A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2.

In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.

InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).

In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

NETGEAR R6220 devices before 1.1.0.60 are affected by incorrect configuration of security settings.

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity.

Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem.

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *".

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file.

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device.

Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction.

Certain NETGEAR devices are affected by command injection.

Certain NETGEAR devices are affected by command injection.

Certain NETGEAR devices are affected by a buffer overflow.

Certain NETGEAR devices are affected by authentication bypass.

Certain NETGEAR devices are affected by command injection by an authenticated user.

Certain NETGEAR devices are affected by command injection by an authenticated user.

Certain NETGEAR devices are affected by command injection.

Certain NETGEAR devices are affected by command injection.

Certain NETGEAR devices are affected by command injection.

Certain NETGEAR devices are affected by command injection.

NETGEAR R7800 devices before 1.0.2.36 are affected by command injection.

NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection.

Certain NETGEAR devices are affected by command injection.

Certain NETGEAR devices are affected by command injection.

Certain NETGEAR devices are affected by command injection.

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by command injection.

A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location.

Certain NETGEAR devices are affected by vertical privilege escalation.

Certain NETGEAR devices are affected by vertical privilege escalation.

Certain NETGEAR devices are affected by vertical privilege escalation.

Certain NETGEAR devices are affected by vertical privilege escalation.

Certain NETGEAR devices are affected by vertical privilege escalation.

Certain NETGEAR devices are affected by command injection.

Certain NETGEAR devices are affected by a stack-based buffer overflow.

Certain NETGEAR devices are affected by command injection.

Certain NETGEAR devices are affected by privilege escalation.

Certain NETGEAR devices are affected by authentication bypass.

Certain NETGEAR devices are affected by command injection by an authenticated user.

An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10.

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs.

Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.

When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI.

Certain NETGEAR devices are affected by reflected XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by reflected XSS.

bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values.

Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS via a POST request.

The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter (shown next to the UI logo).

The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parameter of the Delete function.

The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder parameter of the Create Folder function.

BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used.

OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.

Certain NETGEAR devices are affected by stored XSS.

The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query).

In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process does not validate the validity of the certificate presented by the server.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511.

Certain NETGEAR devices are affected by XSS.

Certain NETGEAR devices are affected by XSS.

The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` parameter.

Certain NETGEAR devices are affected by reflected XSS.

Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call__ in abe.py because the PATH_INFO environment variable is mishandled during a PageNotFound exception.

Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.

Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability.

In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file.

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter.

In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5

In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5

In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters.

In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5

In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter.

In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page.

In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page.

Certain NETGEAR devices are affected by reflected XSS.

Certain NETGEAR devices are affected by reflected XSS.

Certain NETGEAR devices are affected by reflected XSS.

The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link.

Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0.

A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.

IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak.

Certain NETGEAR devices are affected by denial of service.

Certain NETGEAR devices are affected by denial of service.

Certain NETGEAR devices are affected by denial of service.

An issue was discovered in GitLab CE and EE 8.15 through 12.9.2.

"HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user."

In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project.

In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.

In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.

In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.

The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.

Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.

A potential security vulnerability has been identified in HPE Onboard Administrator.

Anchor 0.12.7 allows admins to cause XSS via crafted post content.

lazysizes through 5.2.0 allows execution of malicious JavaScript.

Certain NETGEAR devices are affected by XSS.

JetBrains Space through 2020-04-22 allows stored XSS in Chats.

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability.

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by stored XSS.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.

NETGEAR WNDR4500v3 devices before 1.0.0.48 are affected by denial of service.

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.

Certain NETGEAR devices are affected by disclosure of sensitive information.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by disclosure of sensitive information.

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.

Certain NETGEAR devices are affected by denial of service.

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.

Certain NETGEAR devices are affected by denial of service.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of sensitive information.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C636E3R4P3),versions earlier than 10.0.0.180(C185E3R3P3),versions earlier than 10.0.0.180(C432E10R3P4) have an information disclosure vulnerability.

Certain NETGEAR devices are affected by denial of service.

Certain NETGEAR devices are affected by disclosure of sensitive information.

httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network.

In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.

IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricted applications and device settings.

IBM MaaS360 3.96.62 for iOS could allow an attacker with physical access to the device to obtain sensitive information from the agent outside of the container.

IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user.

The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed).

The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext.

Certain NETGEAR devices are affected by denial of service.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by administrative password disclosure.

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.

Certain NETGEAR devices are affected by disclosure of sensitive information.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.

Certain NETGEAR devices are affected by disclosure of sensitive information.

NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings.

NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by denial of service.

Certain NETGEAR devices are affected by directory traversal.

Certain NETGEAR devices are affected by incorrect configuration of security settings.

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.

Certain NETGEAR devices are affected by disclosure of administrative credentials.

Certain NETGEAR devices are affected by disclosure of administrative credentials.

Certain NETGEAR devices are affected by disclosure of administrative credentials.

Certain NETGEAR devices are affected by denial of service.

Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open.