Vulnerability Summary for the Week of July 27, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please…
Security Information and News
Security
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please…
activerecord-session_store — activerecord-session_store The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed…
PrimaryVendor — Product Description Discovered Published CVSS Score Source & Patch Info Apache Software Foundation — Apache HTTP Server Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the…
apple — mac_os_x Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted…
PrimaryVendor — Product Description Discovered Published CVSS Score Source & Patch Info alain_barbet — filesys_smbclientparser The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary…
adtran — netvanta_7060 Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or…
PrimaryVendor — Product Description Discovered Published CVSS Score Source & Patch Info A.l-Pifou — A.l-Pifou Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via “..”…
adam_ross — tokenauth The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges.…
PrimaryVendor — Product Description Discovered Published CVSS Score Source & Patch Info Adobe — PhotoshopAdobe — Photoshop Elements Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements 5.0,…
apprain — apprain Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter.…