There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login.Īn issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings.Īn issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings.Īn issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482.Īn issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05.
Cmh constructor 5.0 code#
php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI.Īn issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05.
Cmh constructor 5.0 free#
There is a double free because of destructor mishandling.ĬSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a. The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py.Īn issue was discovered in the crossbeam crate before 0.4.1 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory corruption.īEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters.įilters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.
Cmh constructor 5.0 for android#
The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.Ĭgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter.Īn issue was discovered in the arrayfire crate before 3.6.0 for Rust. Successful exploitation could lead to arbitrary code execution. Successful exploitation could lead to arbitrary code execution.Īdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.Īdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.Īdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.Īdobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Patch information is provided when available. This information may include identifying information, values, definitions, and related links. Low: vulnerabilities with a CVSS base score of 0.0–3.9Įntries may include additional information provided by organizations and efforts sponsored by CISA.Medium: vulnerabilities with a CVSS base score of 4.0–6.9.High: vulnerabilities with a CVSS base score of 7.0–10.0.The division of high, medium, and low severities correspond to the following scores: Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.