Grundfos CIM 500

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Grundfos Pumps Corporation Equipment: CIM 500 Vulnerabilities: Missing Authentication for Critical Function, Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of these...

Cross-Site Scripting in extension "Google reCAPTCHA (v2/v3)" (jh_captcha)

The extension fails to properly encode user input for output in HTML context. The issue is only exploitable by backend users with access to TypoScript settings of the extension...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 40 new security patches for Oracle MySQL. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilitie...

Cross-Site Scripting in extension "Faceted Search" (ke_search)

The extension fails to properly encode user input for output in HTML context. The issue is only exploitable by backend users with access to indexer- and filter-configurations...

Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64

The Mozilla Foundation Security Advisory describes this flaw as: Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash...

Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64

The Mozilla Foundation Security Advisory describes this flaw as: Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash...

Mozilla: Use-after-free in nsGlobalWindowInner

The Mozilla Foundation Security Advisory describes this flaw as: When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash...

Mozilla: Use-After-Free when trying to connect to a STUN server

The Mozilla Foundation Security Advisory describes this flaw as: When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash...

Updated firefox packages fix security vulnerability

Updated nss and firefox packages fix security vulnerabilities: NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys CVE-2020-12399. Side channel vulnerabilities during RSA key generation in NSS CVE-2020-12402. When browsing ...

Cross-site Scripting (XSS)

jenkins is vulnerable to cross-site scripting XSS. The vulnerability exists as it improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers...

Froala WYSIWYG HTML Editor 3.1.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Product: Froala WYSIWYG HTML Editor Vendor: Froala CSNC ID: CSNC-2020-004 CVE ID: CVE-2019-19935 Subject: DOM XSS in Froala WYSIWYG HTML Editor Severity: Medium Effect: Remotely exploitable Author: Emanuel Duss Date: 2020-07-01 Introduction...

Froala WYSIWYG HTML Editor 3.1.1 Cross Site Scripting

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Froala WYSIWYG HTML Editor Vendor: Froala CSNC ID: CSNC-2020-004 CVE ID: CVE-2019-19935 Subject: DOM XSS in Froala WYSIWYG HTML Editor Severity: Medium Effect: Remotely exploitable Author: Emanuel Duss Date:...

CVE-2019-2708

Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data...

CVE-2020-12420

The Mozilla Foundation Security Advisory describes this flaw as: When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash...

CVE-2020-12419

The Mozilla Foundation Security Advisory describes this flaw as: When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash...

Buffer overflow

An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-12420

When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR 68.10, Firefox 78, and Thunderbird 68.10.0...

CVE-2020-12419

When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR 68.10, Firefox 78, and...

CVE-2020-12417

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. Note: this issue only affects Firefox on ARM64 platforms. This vulnerability affects Firefox ESR 68.10, Firefox 78, and...

Design/Logic Flaw

CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...