CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2021-04-02
Medium
CVE-2021-28940

Vendor: Magpierss project
Software: Magpierss
 

 
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands.

 
2021-03-24
Medium
CVE-2020-26283

Vendor: Protocol
Software: Go-ipfs
 

 
go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action. This is fixed in version 0.8.0.

 
2021-02-11
Medium
CVE-2021-20405

Vendor: IBM
Software: Security ver...
 

 
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183.

 
2020-12-31
Medium
CVE-2020-13654

Vendor: Xwiki
Software: Xwiki
 

 
XWiki Platform before 12.8 mishandles escaping in the property displayer.

 
2020-12-18
Medium
CVE-2020-35475

Vendor: Mediawiki
Software: Mediawiki
 

 
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)

 
2020-11-18
Waiting for details
CVE-2020-26226

Updating...
 

 
In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3.

 
2020-11-05
Medium
CVE-2020-24849

Vendor: Fruitywifi project
Software: Fruitywifi
 

 
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317.

 
2020-10-29
Medium
CVE-2020-25646

Vendor: Ansible collections project
Software: Community.crypto
 

 
A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality

 
2020-09-25
Medium
CVE-2020-24592

Vendor: Mitel
Software: Micloud mana...
 

 
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization.

 
2020-09-11
Low
CVE-2020-14330

Vendor: Redhat
Software: Ansible engine
 

 
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top