Skip to content Skip to sidebar Skip to footer

CVE-2020-27212 – STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase.   Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27212 Reference (s): https://eprint.iacr.org/2021/640 https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html https://www.aisec.fraunhofer.de/en/FirmwareProtection.html

Read more

CVE-2020-27216 – In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 1

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of…

Read more

CVE-2020-27195 – HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client fi

HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6   Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27195 Reference (s): https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0126-october-21-2020 https://www.nomadproject.io/downloads

Read more

CVE-2020-27196 – An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2

An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service.   Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27196 Reference (s): https://www.playframework.com/security/vulnerability …

Read more

CVE-2020-27199 – The Magic Home Pro application 1.5.1 for Android allows Authentication By

The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for correct password to gain access to the mobile application as…

Read more

CVE-2020-2720 – Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle

Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete…

Read more

CVE-2020-27207 – Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlci

Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read.   Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27207 Reference (s): https://github.com/sqlcipher/sqlcipher/compare/v4.4.0...v4.4.1 https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/advisories-504842 https://www.telekom.com/resource/blob/612796/9f221708832a465f03585a45d7f59b45/dl-201112-denial-of-serviceen-data.pdf

Read more

CVE-2020-27181 – A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files.   Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27181 Reference (s): https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-publixone/ https://seclists.org/fulldisclosure/2020/Oct/28

Read more

CVE-2020-27208 – The flash read-out protection (RDP) level is not enforced during the devi

The flash read-out protection (RDP) level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface.   Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27208 Reference (s): https://eprint.iacr.org/2021/640 https://github.com/solokeys/solo/commit/a9c02cd354f34b48195a342c7f524abdef5cbcec …

Read more

CVE-2020-27182 – Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXo

Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.   Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27182 Reference (s): https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-publixone/ https://seclists.org/fulldisclosure/2020/Oct/28

Read more