The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection.
Published at: August 05, 2020 at 05:15PM
View on website
Etiqueta: government
New vulnerability on the NVD: CVE-2020-15106
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.
Published at: August 05, 2020 at 03:15PM
View on website
New vulnerability on the NVD: CVE-2020-13819
Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.
Published at: August 05, 2020 at 10:15AM
View on website
New vulnerability on the NVD: CVE-2020-13921
**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.
Published at: August 05, 2020 at 10:15AM
View on website
New vulnerability on the NVD: CVE-2020-14344
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.
Published at: August 05, 2020 at 10:15AM
View on website
Educ Arte Económico 