The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. Patches and updates are available to address this vulnerability. Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.įATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code.įATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.įATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. This issue affects: Cnesty Helpcom 10.0 versions prior to. This vulnerability exists due to insufficient validation of the parameter. Main/inc/ajax/ in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.Ī vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. Exploitation of this issue does not require user interaction. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Īdobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. Exploitation of this issue requires user interaction.Īfter Effects version 18.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.Īdobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. Patch information is provided when available. This information may include identifying information, values, definitions, and related links. Low: vulnerabilities with a CVSS base score of 0.0–3.9Įntries may include additional information provided by organizations and efforts sponsored by CISA.Medium: vulnerabilities with a CVSS base score of 4.0–6.9.High: vulnerabilities with a CVSS base score of 7.0–10.0.The division of high, medium, and low severities correspond to the following scores: Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |