The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.
Published at: June 26, 2020 at 04:15PM
View on website
Etiqueta: government
New vulnerability on the NVD: CVE-2019-4650
IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961.
Published at: June 26, 2020 at 10:15AM
View on website
New vulnerability on the NVD: CVE-2019-16213
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges.
Published at: June 25, 2020 at 04:15PM
View on website
New vulnerability on the NVD: CVE-2019-19505
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Published at: June 25, 2020 at 04:15PM
View on website
New vulnerability on the NVD: CVE-2019-19506
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot.
Published at: June 25, 2020 at 04:15PM
View on website
Educ Arte Económico 