неделя, 23 май 2021 г.

Weekly Digest: a new vulnerability is published on the National Vulnerability Database (56 items)

New vulnerabilities from the NVD: CVE-2020-17521

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
Published at: December 07, 2020 at 10:15PM
View on website

December 07, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13945

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.
Published at: December 07, 2020 at 10:15PM
View on website

December 07, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-17531

A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version.
Published at: December 08, 2020 at 03:15PM
View on website

December 08, 2020 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-1971

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
Published at: December 08, 2020 at 06:15PM
View on website

December 08, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14207

The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filter_diver parameter.
Published at: December 08, 2020 at 10:15PM
View on website

December 08, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14206

The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function (via an arbitrary parameter).
Published at: December 08, 2020 at 10:15PM
View on website

December 08, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-14205

The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.
Published at: December 08, 2020 at 10:15PM
View on website

December 08, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10016

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges.
Published at: December 08, 2020 at 10:15PM
View on website

December 08, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10014

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its sandbox.
Published at: December 08, 2020 at 10:15PM
View on website

December 08, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10013

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
Published at: December 08, 2020 at 10:15PM
View on website

December 08, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10012

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted document may lead to a cross site scripting attack.
Published at: December 08, 2020 at 10:15PM
View on website

December 08, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10011

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
Published at: December 08, 2020 at 10:15PM
View on website

December 08, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10010

A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.
Published at: December 08, 2020 at 10:15PM
View on website

December 08, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10009

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions.
Published at: December 08, 2020 at 10:15PM
View on website

December 08, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10007

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout.
Published at: December 08, 2020 at 10:15PM
View on website

December 08, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10006

This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files.
Published at: December 08, 2020 at 10:15PM
View on website

December 08, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10004

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
Published at: December 08, 2020 at 10:15PM
View on website

December 08, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10003

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.
Published at: December 08, 2020 at 10:15PM
View on website

December 08, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10002

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files.
Published at: December 08, 2020 at 10:15PM
View on website

December 08, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10017

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.
Published at: December 08, 2020 at 11:15PM
View on website

December 09, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25627

The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. This affects versions 3.9 to 3.9.1. Fixed in 3.9.2.
Published at: December 09, 2020 at 03:15AM
View on website

December 09, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16128

The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.
Published at: December 09, 2020 at 06:15AM
View on website

December 09, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10146

The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for all Teams users in the online service on or around October 2020.
Published at: December 09, 2020 at 03:15AM
View on website

December 09, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23520

imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.
Published at: December 09, 2020 at 06:15PM
View on website

December 09, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25199

A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.
Published at: December 09, 2020 at 07:15PM
View on website

December 09, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21009

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Published at: December 09, 2020 at 07:15PM
View on website

December 09, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-2049

A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory. This issue impacts: All versions of Cortex XDR Agent 7.1 with content update 149 and earlier versions; All versions of Cortex XDR Agent 7.2 with content update 149 and earlier versions.
Published at: December 09, 2020 at 08:15PM
View on website

December 09, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-2020

An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2.
Published at: December 09, 2020 at 08:15PM
View on website

December 09, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-17529

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.
Published at: December 09, 2020 at 07:15PM
View on website

December 09, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-17528

Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.
Published at: December 09, 2020 at 07:15PM
View on website

December 09, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16600

A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.
Published at: December 09, 2020 at 11:15PM
View on website

December 10, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16599

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
Published at: December 09, 2020 at 11:15PM
View on website

December 10, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16598

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in debug_get_real_type, as demonstrated in objdump, that can cause a denial of service via a crafted file.
Published at: December 09, 2020 at 11:15PM
View on website

December 10, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16593

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.
Published at: December 09, 2020 at 11:15PM
View on website

December 10, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16592

A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
Published at: December 09, 2020 at 11:15PM
View on website

December 10, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16591

A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.34 due to an invalid read in process_symbol_table, as demonstrated in readeif.
Published at: December 09, 2020 at 11:15PM
View on website

December 10, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16590

A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.34 in the process_symbol_table, as demonstrated in readelf, via a crafted file.
Published at: December 09, 2020 at 11:15PM
View on website

December 10, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16589

A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.
Published at: December 09, 2020 at 11:15PM
View on website

December 10, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16588

A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
Published at: December 09, 2020 at 11:15PM
View on website

December 10, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16587

A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
Published at: December 09, 2020 at 11:15PM
View on website

December 10, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10143

Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
Published at: December 10, 2020 at 01:15AM
View on website

December 10, 2020 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12516

Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.
Published at: December 10, 2020 at 05:15AM
View on website

December 10, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-7198

This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later
Published at: December 10, 2020 at 06:15AM
View on website

December 10, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12595

An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.
Published at: December 10, 2020 at 08:15AM
View on website

December 10, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12594

A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4.
Published at: December 10, 2020 at 08:15AM
View on website

December 10, 2020 at 01:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-16196

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Published at: December 11, 2020 at 01:15AM
View on website

December 11, 2020 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13526

The ‘sort’ parameter in the download page clientSetupAjax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Published at: December 11, 2020 at 01:15AM
View on website

December 11, 2020 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4738

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753.
Published at: December 11, 2020 at 01:15AM
View on website

December 11, 2020 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-15001

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Published at: December 11, 2020 at 01:15AM
View on website

December 11, 2020 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13556

An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
Published at: December 11, 2020 at 06:15AM
View on website

December 11, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13530

A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability.
Published at: December 11, 2020 at 06:15AM
View on website

December 11, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13520

An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.
Published at: December 11, 2020 at 06:15AM
View on website

December 11, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13357

An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.
Published at: December 11, 2020 at 06:15AM
View on website

December 11, 2020 at 08:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12149

The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects ll current ECOS versions: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.
Published at: December 11, 2020 at 06:15PM
View on website

December 11, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12148

A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish an interactive channel, effectively taking control of the target system. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all current ECOS versions: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.
Published at: December 11, 2020 at 06:15PM
View on website

December 11, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13984

An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c.
Published at: December 12, 2020 at 12:15AM
View on website

December 12, 2020 at 01:36AM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар