An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4.
CVE-2020-14008PUBLISHED: 2020-09-04Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
CVE-2020-24659PUBLISHED: 2020-09-04An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_d...
CVE-2020-4545PUBLISHED: 2020-09-04IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary ...
CVE-2020-4632PUBLISHED: 2020-09-04IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416.
Support the originator by clicking the read the rest link below.
