Page 35 of 733 results (0.019 seconds)

CVSS: 6.1EPSS: 1%CPEs: 12EXPL: 1

CVE-2020-7106

https://notcve.org/view.php?id=CVE-2020-7106

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). Cacti versión 1.2.8, tiene un vulnerabilidad de tipo XSS almacenado en los archivos data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, y user_group_admin.php, como es demostrado por el parámetro description en el archivo data_sources.php (una cadena sin procesar desde la base de datos que se despliega con $header para activar un ataque de tipo XSS). • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00032.html https://github.com/Cacti/cacti/issues/3191 https://lists.debian.org/debian-lts-announce/2020/01/msg00014.html https://lists • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1

CVE-2020-6377 – chromium-browser: Use after free in audio

https://notcve.org/view.php?id=CVE-2020-6377

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en audio en Google Chrome versiones anteriores a la versión 79.0.3945.117, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html https://access.redhat.com/errata/RHSA-2020:0084 https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html https://crbug.com/1029462 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK https:/ • CWE-416: Use After Free •

CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0

CVE-2020-1765 – Spoofing of From field in several screens

https://notcve.org/view.php?id=CVE-2020-1765

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. Un control inapropiado de los parámetros permite la suplantación de los campos de las siguientes pantallas: AgentTicketCompose, AgentTicketForward, AgentTicketBounce y AgentTicketEmailOutbound. Este problema afecta a: ((OTRS)) Community Edition versiones 5.0.x versión 5.0.39 y anteriores; versiones 6.0.x versión 6.0.24 y anteriores. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html https://lists.debian.org/debian-lts-announce/2020/01/msg00027.html https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html https://otrs.com/release-notes/otrs-security-advisory-2020-01 • CWE-472: External Control of Assumed-Immutable Web Parameter •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1

CVE-2020-6609

https://notcve.org/view.php?id=CVE-2020-6609

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. GNU LibreDWG versión 0.9.3.2564, tiene una lectura excesiva de búfer en la región heap de la memoria en la función read_pages_map en el archivo decode_r2007.c. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html https://github.com/LibreDWG/libredwg/issues/179#issue-544834443 • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2020-6611

https://notcve.org/view.php?id=CVE-2020-6611

GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. GNU LibreDWG versión 0.9.3.2564, tiene una desreferencia del puntero NULL en la función get_next_owned_entity en el archivo dwg.c. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447190 • CWE-476: NULL Pointer Dereference •