Redwall Technologies, LLC has joined the Cyber Ops Alliance (COA) – Dark Reading

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-13757
PUBLISHED: 2020-06-01

Python-RSA 4.0 ignores leading ‘\0’ bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing exces…

CVE-2020-13758
PUBLISHED: 2020-06-01

modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.

CVE-2020-9291
PUBLISHED: 2020-06-01

An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.

CVE-2019-15709
PUBLISHED: 2020-06-01

An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.

CVE-2020-13695
PUBLISHED: 2020-06-01

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file.

Darknet

0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments