In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
Published at: June 25, 2020 at 03:15PM
View on website
Etiqueta: government
New vulnerability on the NVD: CVE-2020-10379
In Pillow before 6.2.3 and 7.x before 7.0.1, there are two Buffer Overflows in libImaging/TiffDecode.c.
Published at: June 25, 2020 at 03:15PM
View on website
New vulnerability on the NVD: CVE-2019-20408
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
Published at: June 30, 2020 at 10:15PM
View on website
New vulnerability on the NVD: CVE-2018-21268
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.
Published at: June 25, 2020 at 01:15PM
View on website
New vulnerability on the NVD: CVE-2019-16213
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges.
Published at: June 25, 2020 at 04:15PM
View on website
Educ Arte Económico 