Security CERT Global

• CVE-2020-4766
  Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending ... read more
• CVE-2020-12512
  Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting ... read more
• CVE-2020-12514
  Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a ... read more
• CVE-2020-12525
  Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data ... read more
• CVE-2021-21260
  Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers ... read more
• CVE-2021-21270
  Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server ... read more
• CVE-2020-28487
  Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element ... read more
• CVE-2020-12511
  Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web ... read more
• CVE-2020-12513
  Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. ... read more
• CVE-2021-21259
  Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker ... read more
• CVE-2021-25177 (drawings_software_development_kit)
  An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause ... read more
• CVE-2020-4983 (spectrum_lsf, spectrum_lsf_suite)
  IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM ... read more
• CVE-2021-25176 (drawings_software_development_kit)
  An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause ... read more
• CVE-2020-4887 (aix, vios)
  IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM ... read more
• CVE-2020-28707 (stockdio_historical_chart)
  The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated. ... read more
• CVE-2021-25178 (drawings_software_development_kit)
  An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. ... read more
• CVE-2020-28480 (jointjs)
  The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading ... read more
• CVE-2020-27733 (manageengine_applications_manager)
  Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. ... read more
• CVE-2020-23342 (anchor_cms)
  A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. ... read more
• CVE-2020-28479 (jointjs)
  The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function. ... read more
• CVE-2020-12513
  Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. ... read more
• CVE-2020-12514
  Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd ... read more
• CVE-2020-12511
  Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface. ... read more
• CVE-2020-12525
  M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. ... read more
• CVE-2020-12512
  Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting ... read more
• CVE-2021-2087 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon ... read more
• CVE-2021-2076 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
• CVE-2021-2070 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
• CVE-2021-2046 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read more
• CVE-2021-2081 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read more
• CVE-2021-2058 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
• CVE-2021-2055 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
• CVE-2021-2088 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon ... read more
• CVE-2021-2036 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
• CVE-2021-2038 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker ... read more
• CVE-2021-2048 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network ... read more
• CVE-2021-2072 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read more
• CVE-2021-2061 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with ... read more
• CVE-2021-2030 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
• CVE-2021-2042 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to ... read more
• CVE-2021-2060 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Easily exploitable ... read more
• CVE-2021-2122 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
• CVE-2021-2032 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low ... read more
• CVE-2021-2056 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with ... read more
• CVE-2021-2031 (mysql)
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
• CVE-2021-21260
  Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a ... read more
• CVE-2020-4766
  IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. ... read more
• CVE-2021-21270
  OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a ... read more
• CVE-2021-21259
  HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is ... read more
• CVE-2020-28487
  This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application. ... read more
Older posts