Recently Added Advisories

Advisories that have been merged within the last 14 days are listed below (sorted from newest to oldest).
Advisories published through NVD are available in the GitLab Advisory database within 1.1 days (on average).

CVE-2020-10177

Out-of-bounds Read in pypi/Pillow

Pillow has multiple out-of-bounds reads in `libImaging/FliDecode.c`.

Added on 2020-07-03

CVE-2020-11996

Uncontrolled Resource Consumption in maven/org.apache.tomcat/coyote

A specially crafted sequence of `HTTP/2` requests sent to Apache Tomcat could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent `HTTP/2` connections, the server could become unresponsive.

Added on 2020-07-03

CVE-2020-10994

Out-of-bounds Read in pypi/Pillow

In `libImaging/Jpeg2KDecode.c` in Pillow there are multiple out-of-bounds reads via a crafted JP2 file.

Added on 2020-07-03

CVE-2020-10378

Out-of-bounds Read in pypi/Pillow

In `libImaging/PcxDecode.c` in Pillow, an out-of-bounds read can occur when reading PCX files where `state->shuffle` is instructed to read beyond `state->buffer`.

Added on 2020-07-03

CVE-2020-11538

Out-of-bounds Read in pypi/Pillow

In `libImaging/SgiRleDecode.c`, a number of out-of-bounds reads exist in the parsing of SGI image files.

Added on 2020-07-03

CVE-2020-10379

Buffer Overflow in pypi/Pillow

In Pillow there are two Buffer Overflows in `libImaging/TiffDecode.c`.

Added on 2020-07-03

CVE-2020-9632

Code Injection in packagist/magento/community-edition

Magento and earlier and earlier (see note) and earlier and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Added on 2020-07-02

CVE-2020-9583

OS Command Injection in packagist/magento/community-edition

Magento has a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Added on 2020-07-02

CVE-2020-9591

Information Exposure in packagist/magento/community-edition

Magento has a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel.

Added on 2020-07-02

CVE-2020-9587

Incorrect Authorization in packagist/magento/community-edition

Magento has an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.

Added on 2020-07-02

CVE-2020-4066

OS Command Injection in npm/limdu

In Limdu, the `trainBatch` function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.

Added on 2020-07-02

CVE-2020-9580

Code Injection in packagist/magento/community-edition

Magento has a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Added on 2020-07-02

CVE-2020-9584

Cross-site Scripting in packagist/magento/community-edition

Magento has a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Added on 2020-07-02

CVE-2020-9581

Cross-site Scripting in packagist/magento/community-edition

Magento has a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Added on 2020-07-02

CVE-2020-9585

Code Injection in packagist/magento/community-edition

Magento has a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.

Added on 2020-07-02

CVE-2020-9582

OS Command Injection in packagist/magento/community-edition

Magento has a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Added on 2020-07-02

CVE-2020-13700

Information Exposure in packagist/airesvsg/acf-to-rest-api

An issue was discovered in the acf-to-rest-api plugin for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a `wp-json/acf/v3/options/` request that reads sensitive information in the `wp_options` table, such as the login and password values.

Added on 2020-07-02

CVE-2020-9577

Cross-site Scripting in packagist/magento/community-edition

Magento has a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Added on 2020-07-02

CVE-2020-9576

OS Command Injection in packagist/magento/community-edition

Magento has a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Added on 2020-07-02

CVE-2020-9631

Code Injection in packagist/magento/community-edition

Magento has a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Added on 2020-07-02

CVE-2020-9579

Code Injection in packagist/magento/community-edition

Magento has a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Added on 2020-07-02

CVE-2020-9578

OS Command Injection in packagist/magento/community-edition

Magento has a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Added on 2020-07-02

CVE-2020-9630

Improper Privilege Management in packagist/magento/community-edition

Magento has a business logic error vulnerability. Successful exploitation could lead to privilege escalation.

Added on 2020-07-02

CVE-2020-9588

Information Exposure Through Discrepancy in packagist/magento/community-edition

Magento has an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

Added on 2020-07-02

CVE-2020-14966

Improper Verification of Cryptographic Signature in npm/jsrsasign

An issue was discovered in the jsrsasign package for Node.js. It allows for malleability in ECDSA signatures by not checking overflows in the length of a sequence and `0` characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.

Added on 2020-06-30

CVE-2020-1727

Improper Input Validation in maven/org.keycloak/keycloak-services

A vulnerability was found in Keycloak where every Authorization URL that points to an IDP server lacks proper input validation. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.

Added on 2020-06-30

CVE-2020-14967

Improper Restriction of Operations within the Bounds of a Memory Buffer in npm/jsrsasign

An issue was discovered in the jsrsasign package for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending `\0` bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering memory corruption issues.

Added on 2020-06-30

CVE-2020-14968

Improper Restriction of Operations within the Bounds of a Memory Buffer in npm/jsrsasign

An issue was discovered in the jsrsasign package for Node.js. Its RSA-PSS implementation does not detect signature manipulation/modification by prepending `\0` bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creating multiple valid signatures where only one signature should exist. Also, an attacker might prepend these bytes with the goal of triggering memory corruption issues.

Added on 2020-06-30

CVE-2020-13156

Cross-Site Request Forgery (CSRF) in packagist/nukeviet/nukeviet

The `modules\users\admin\add_user.php` in NukeViet suffers from CSRF which may allow attackers to trick victim administrators into adding a user account via the `admin/index.php?nv=users&op=user_add` URI.

Added on 2020-06-29

CVE-2020-14942

Deserialization of Untrusted Data in pypi/tendenci

Tendenci allows unrestricted deserialization in `apps\helpdesk\views\staff.py`.

Added on 2020-06-29

CVE-2020-13157

Cross-Site Request Forgery (CSRF) in packagist/nukeviet/nukeviet

The `modules\users\admin\edit.php` in NukeViet suffers from CSRF which may allow attackers to change a user's password via the `admin/index.php?nv=users&op=edit&userid=` URI. This is due to the old password not being required during the change password function.

Added on 2020-06-29

CVE-2020-13155

Cross-Site Request Forgery (CSRF) in packagist/nukeviet/nukeviet

`clearsystem.php` in NukeViet allows CSRF with resultant HTML injection via the `deltype` parameter to the `admin/index.php?nv=webtools&op=clearsystem` URI.

Added on 2020-06-29

CVE-2020-11989

Improper Authentication in maven/org.apache.shiro/shiro-all

When using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

Added on 2020-06-29

CVE-2019-20891

Cross-Site Request Forgery (CSRF) in packagist/woocommerce/woocommerce

WooCommerce when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via `includes/admin/importers/class-wc-product-csv-importer-controller.php`.

Added on 2020-06-26

CVE-2020-10750

Inclusion of Sensitive Information in Log Files in go/github.com/jaegertracing/jaeger

Sensitive information written to a log file vulnerability was found in `jaegertracing/jaeger` when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.

Added on 2020-06-25

CVE-2020-9495

Injection Vulnerability in maven/org.apache.archiva/archiva-webapp

Apache Archiva login service is vulnerable to LDAP injection. An attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.

Added on 2020-06-25

CVE-2020-14019

Incorrect Default Permissions in pypi/rtslib-fb

Open-iSCSI rtslib-fb has weak permissions for `/etc/target/saveconfig.json` because `shutil.copyfile` (instead of `shutil.copy`)` is used, and thus permissions are not preserved.

Added on 2020-06-25

CVE-2020-7679

Improper Input Validation in npm/casperjs

The `mergeObjects` utility function is susceptible to Prototype Pollution.

Added on 2020-06-25

CVE-2020-8162

Unrestricted Upload of File with Dangerous Type in gem/rails

A client side enforcement of server side security vulnerability exists in rails and rails ActiveStorage's S3 adapter that allows the `Content-Length` of a direct file upload to be modified by an end user bypassing upload limits.

Added on 2020-06-25

CVE-2020-13961

Improper Input Validation in npm/strapi

Strapi could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.

Added on 2020-06-25

CVE-2020-9495

Injection Vulnerability in maven/org.apache.archiva/archiva

Apache Archiva login service is vulnerable to LDAP injection. An attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.

Added on 2020-06-25

CVE-2020-8167

Cross-Site Request Forgery (CSRF) in gem/rails

A CSRF vulnerability exists in Rails' rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

Added on 2020-06-25

CVE-2020-14475

Cross-site Scripting in packagist/dolibarr/dolibarr

A reflected cross-site scripting (XSS) vulnerability in Dolibarr allows remote attackers to inject arbitrary web script or HTML into `public/notice.php`.

Added on 2020-06-25

CVE-2020-14443

SQL Injection in packagist/dolibarr/dolibarr

An SQL injection vulnerability in `accountancy/customer/card.php` in Dolibarr allows remote authenticated users to execute arbitrary SQL commands via the `id` parameter.

Added on 2020-06-25

CVE-2020-5590

Path Traversal in packagist/ec-cube/ec-cube

A directory traversal vulnerability in EC-CUBE allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.

Added on 2020-06-25

CVE-2020-8165

Deserialization of Untrusted Data in gem/rails

A deserialization of untrusted data vulnernerability exists in rails that can allow an attacker to unmarshal user-provided objects in `MemCacheStore` and `RedisCacheStore` potentially resulting in an RCE.

Added on 2020-06-25

CVE-2020-14040

Loop with Unreachable Exit Condition (Infinite Loop) in go/golang.org/x/text

The `x/text` package contains a vulnerability in `encoding/unicode` that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with `UseBOM` or `ExpectBOM` to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to `golang.org/x/text/transform.String`.

Added on 2020-06-25

CVE-2020-12827

Path Traversal in npm/mjml

MJML contains a path traversal vulnerability when processing the `mj-include` directive within an MJML document.

Added on 2020-06-24

CVE-2020-4054

Cross-site Scripting in gem/sanitize

When HTML is sanitized using the 'relaxed' config with sanitize, or a custom config that allows certain elements, some content in a `math` or `svg` element may not be sanitized correctly.

Added on 2020-06-22