Blog – iPRESIDIUM

Skip to content

Security Without Compromise

Home
Cyber Security Services
Cyber Security Solutions
Managed Security Services
Resources
Contact Us

Menu

Home
Cyber Security Services
Cyber Security Solutions
Managed Security Services
Resources
Contact Us

VUNERABILITIES

CVE-2020-18428 July 26, 2021
tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS).
CVE-2021-37576 July 26, 2021
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
CVE-2020-18430 July 26, 2021
tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS).
CVE-2021-37555 July 26, 2021
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc).
CVE-2020-23240 July 26, 2021
Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.
CVE-2020-23242 July 26, 2021
Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.
CVE-2020-23241 July 26, 2021
Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.
CVE-2020-23243 July 26, 2021
Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.
CVE-2020-23239 July 26, 2021
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
CVE-2020-18174 July 26, 2021
A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges.
CVE-2020-18173 July 26, 2021
A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code.
CVE-2020-18171 July 26, 2021
TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges.
CVE-2020-18172 July 26, 2021
A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges.
CVE-2020-18169 July 26, 2021
A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges.
CVE-2020-18170 July 26, 2021
An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions.
CVE-2020-23234 July 26, 2021
Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".
CVE-2020-17952 July 26, 2021
A remote code execution (RCE) vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code.
CVE-2020-23238 July 26, 2021
Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature.
CVE-2021-32795 July 26, 2021
ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. In versions prior to 4.3.1.0 a Denial of Service (aka DoS) vulnerability which allows attacker to remotely crash running ASF instance through sending a specifically-crafted Steam chat message exists. The user sending the message does not need to be […]
CVE-2021-32794 July 26, 2021
ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code `POST /Api/ASF` ASF API endpoint responsible for updating global ASF config incorrectly removed `IPCPassword` from the resulting config when the caller did not specify it explicitly. Due to the above, it was […]

LATEST POSTS

EVENTS

CONTACT US

info@ipresidium.com
Office: (949) 721-6612
Fax: (866) 205-2904
620 Newport Center Dr. STE 1100
Newport Beach, CA 92660
Career Opportunities

Envelope

Facebook

Twitter