CWE:
 

Topic
Date
Author
Med.
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
13.07.2018
Core Security Technolo...


CVEMAP Search Results

CVE
Details
Description
2020-09-16
Medium
CVE-2020-10758

Vendor: Redhat
Software: Keycloak
 

 
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.

 
2020-09-14
Medium
CVE-2020-13306

Vendor: Gitlab
Software: Gitlab
 

 
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.

 
2020-09-10
Medium
CVE-2020-15168

Vendor: Node-fetch project
Software: Node-fetch
 

 
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.

 
2020-09-01
Low
CVE-2012-3340

Vendor: IBM
Software: Infosphere g...
 

 
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 78291.

 
2020-08-26
Medium
CVE-2020-5924

Vendor: F5
Software: Big-ip acces...
 

 
In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS authentication leaks memory when the username for authentication is not set.

 
2020-08-25
High
CVE-2020-15642

Vendor: Marvell
Software: Qconvergeconsole
 

 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the isHPSmartComponent method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10501.

 
2020-08-21
Medium
CVE-2020-24589

Vendor: WSO2
Software: Api manager
 

 
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.

 
Medium
CVE-2020-24052

Updating...
 

 
Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request.

 
Medium
CVE-2020-24590

Vendor: WSO2
Software: Api manager
 

 
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.

 
Medium
CVE-2020-24591

Vendor: WSO2
Software: Api manager
 

 
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top