PT-2020-8661 · Qnap Systems · Photo Station

Name of the Vulnerable Software and Affected Versions: QNAP Systems Inc. Photo Station versions prior to 5.7.11 QNAP Systems Inc. Photo Station versions prior to 6.0.10 Description: The issue is a cross-site scripting vulnerability that could allow remote attackers to inject malicious code if...

CVE-2018-19953

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on buil...

CVE-2018-19943

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later Q...

CVE-2018-19953

CVE-2018-19953 is a cross-site scripting vulnerability in QNAP NAS File Station affecting multiple QTS releases. The description indicates that, if exploited, remote attackers could inject malicious code. QNAP has issued fixes in several QTS versions (e.g., 4.4.2.1231; 4.4.1.1201; 4.3.6.1218; 4.3...

CVE-2018-19943

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later Q...

The vulnerability of the OLYMPOX educational control system’s web application, which arises from the failure to protect the structure of the web page, allows a hacker to inject arbitrary code.

The vulnerability of the OLYMPOX educational control system is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary code remotely...

HPE KVM IP Console Switches Remote Code Injection Vulnerability

HPE KVM IP Console Switches is an HP switch device. A remote code injection vulnerability exists in HPE KVM IP Console Switches, which allows remote attackers to exploit the vulnerability by submitting a special request to execute arbitrary code in an application context...

CVE-2020-5631

CMONOS.JP CMS (version 2.0.20191009 and earlier) contains a stored cross-site scripting (CWE-79) vulnerability. The issue allows an attacker to cause arbitrary script execution in a user’s browser via unspecified vectors. The JVNDB entry notes the vulnerability was fixed in ver2.0.20200916, provi...

CVE-2020-24628

A remote code injection vulnerability was discovered in HPE KVM IP Console Switches versions: G2 4x1Ex32 Prior to 2.8.3...

CVE-2020-24628

A remote code injection vulnerability was discovered in HPE KVM IP Console Switches versions: G2 4x1Ex32 Prior to 2.8.3...

CVE-2020-24628

A remote code injection vulnerability was discovered in HPE KVM IP Console Switches versions: G2 4x1Ex32 Prior to 2.8.3...

CVE-2020-24628

CVE-2020-24628 affects HPE KVM IP Console Switches (G2 4x1Ex32) prior to version 2.8.3. The issue is described as a remote code injection vulnerability. Supported documents confirm the affected product family and version range; no root-cause technical details or patch/mitigation are provided in t...

Telmat AccessLog Privilege Vulnerability

Telmat AccessLog is an access log monitoring product from Telmat France. The product protects public and private networks based on access logs. A security vulnerability exists in Telmat AccessLog 6.0 TAL20180415 and prior versions, which stems from an incorrectly programmed call to an advanced...

Stack overflow

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. When a bulk get...

CVE-2020-10614

CVE-2020-10614 is a cross-site scripting vulnerability in OSIsoft PI System (PI Vision) where an authenticated remote attacker with write access to PI Vision databases can inject code into a display, enabling unauthorized disclosure, deletion, or modification when a user views the infected displa...

New Relic: One Click Remote Code Injection - *.blog.newrelic.com

With some social engineering, a WordPress admin could be convinced to click a malicious link to abuse a vulnerability in a WordPress plugin. This could lead to script execution or even code execution on the host. Vulnerability: A CSRF vulnerability has been found inside the Admin Panel leading to...

CVE-2020-11978

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

PYSEC-2020-14

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

CVE-2020-11978

Apache Airflow CVE-2020-11978 affects Airflow 1.10.10 and earlier in one of the shipped example DAGs, enabling remote command execution. The root cause is a command-injection vulnerability in the example DAGs, which could allow an authenticated user to run arbitrary commands as the user running t...

CVE-2020-11978

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...