From DHS/US-CERT’s National Vulnerability Database
CVE-2020-23653
PUBLISHED: 2021-01-13
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution.
CVE-2021-3031
PUBLISHED: 2021-01-13
Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethern…
CVE-2021-3032
PUBLISHED: 2021-01-13
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “httpâ€?, “emailââ&sbq…
CVE-2019-4160
PUBLISHED: 2021-01-13
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577.
CVE-2019-4687
PUBLISHED: 2021-01-13
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 171823.
