Original release date: December 21, 2020
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adremsoft — netcrunch | AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key is used across different customers’ installations when no other SSL certificate is installed, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 2020-12-16 | 10 | CVE-2019-14482 MISC MISC |
adremsoft — netcrunch | AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only administrator can execute arbitrary code on the server running the NetCrunch server software. | 2020-12-16 | 9 | CVE-2019-14479 MISC MISC |
adremsoft — netcrunch | AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS and Solaris private keys, private keys’ passwords, and root passwords stored in the credential manager. Every administrator can read the ESX and Windows passwords stored in the credential manager. | 2020-12-16 | 9 | CVE-2019-14483 MISC MISC |
adremsoft — netcrunch | AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges. | 2020-12-16 | 7.5 | CVE-2019-14480 MISC MISC |
altran — picotcp | An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds writes that lead to Denial-of-Service and Remote Code Execution. | 2020-12-11 | 7.5 | CVE-2020-24338 MISC MISC |
apache — struts | Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 – Struts 2.5.25. | 2020-12-11 | 7.5 | CVE-2020-17530 JVN CONFIRM |
appbase — streams | The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password. | 2020-12-16 | 10 | CVE-2020-35468 MISC |
arubanetworks — arubaos | There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | 2020-12-11 | 10 | CVE-2020-24633 CONFIRM |
arubanetworks — arubaos | An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | 2020-12-11 | 10 | CVE-2020-24634 CONFIRM |
arubanetworks — arubaos | Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | 2020-12-11 | 9 | CVE-2020-24637 CONFIRM |
askey — ap5100w_firmware | Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options. | 2020-12-11 | 10 | CVE-2020-15357 MISC MISC MISC |
blackfire — blackfire | The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password. | 2020-12-15 | 10 | CVE-2020-35466 MISC |
car_rental_management_system_project — car_rental_management_system | An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the “page” parameter, to cause local file inclusion resulting in code execution. | 2020-12-14 | 7.5 | CVE-2020-29227 MISC MISC |
citrix — gateway_plug-in | Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks | 2020-12-14 | 7.5 | CVE-2020-8257 MISC |
citrix — virtual_apps_and_desktops | An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9. | 2020-12-14 | 9 | CVE-2020-8283 MISC |
connection-tester_project — connection-tester | This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability: | 2020-12-16 | 7.5 | CVE-2020-7781 CONFIRM CONFIRM |
contiki-ng — contiki-ng | An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn’t verify whether the address in the answer’s length is sane. Therefore, when copying an address of an arbitrary length, a buffer overflow can occur. This bug can be exploited whenever NAT64 is enabled. | 2020-12-11 | 7.5 | CVE-2020-24336 MISC MISC |
contiki-os — contiki-os | An issue was discovered in the IPv6 stack in Contiki through 3.0. There is an insufficient check for the IPv6 header length. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet. | 2020-12-11 | 7.5 | CVE-2020-25111 MISC MISC |
contiki-os — contiki-os | An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for IPv6 header extension lengths. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet. | 2020-12-11 | 7.5 | CVE-2020-25112 MISC MISC |
corenlp-js-interface_project — corenlp-js-interface | All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function. | 2020-12-11 | 7.5 | CVE-2020-28440 CONFIRM |
corenlp-js-prefab_project — corenlp-js-prefab | This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in ‘index.js.’ It depends on a vulnerable package ‘corenlp-js-interface.’ Vulnerability can be exploited with the following PoC: | 2020-12-11 | 7.5 | CVE-2020-28439 CONFIRM |
coscale_agent_project — coscale_agent | Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to achieve root access with a blank password. | 2020-12-15 | 10 | CVE-2020-35462 MISC |
datatables — datatables.net | All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806. | 2020-12-16 | 7.5 | CVE-2020-28458 MISC MISC MISC MISC MISC MISC |
dlink — dsr-150_firmware | An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests. | 2020-12-15 | 9 | CVE-2020-25759 MISC MISC MISC |
dlink — dsr-150_firmware | An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root. | 2020-12-15 | 9 | CVE-2020-25758 MISC MISC MISC |
dlink — dsr-150_firmware | A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17. | 2020-12-15 | 8.3 | CVE-2020-25757 MISC MISC MISC |
docker — adminer | The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35186 MISC |
docker — composer | The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35184 MISC |
docker — docs | The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password. | 2020-12-15 | 10 | CVE-2020-35467 MISC |
docker — ghost_alpine_docker_image | The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35185 MISC |
docker — haproxy | The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35195 MISC |
docker — memcached | The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35197 MISC |
docker — rabbitmq | The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35196 MISC |
docker — registry | Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password. | 2020-12-11 | 10 | CVE-2020-29591 MISC MISC MISC |
drupal — drupal_docker_images | The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | 2020-12-17 | 10 | CVE-2020-35191 MISC |
epson — eps_tse_server_8_firmware | Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI. | 2020-12-16 | 7.5 | CVE-2020-28929 MISC |
ethernut — nut/os | An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The length byte of a domain name in a DNS query/response is not checked, and is used for internal memory operations. This may lead to successful Denial-of-Service, and possibly Remote Code Execution. | 2020-12-11 | 7.5 | CVE-2020-25110 MISC MISC |
ethernut — nut/os | An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on whether a domain name has ‘ |