Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-12460
PUBLISHED: 2020-07-27

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a ‘’ byte overw…

CVE-2020-12845
PUBLISHED: 2020-07-27

Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call withi…

CVE-2020-12880
PUBLISHED: 2020-07-27

An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and…

CVE-2020-10643
PUBLISHED: 2020-07-27

An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component.

CVE-2020-8558
PUBLISHED: 2020-07-27

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node’s network namespace. Such a service is generally th…





READ SOURCE

READ  Global Sanitizing Tunnels Market Forecast 2020-2026|• SYSPAL Ltd • Tektronix Technology System • Newsmith • Microteknik • Imdaad • Security Solutions Dubai - Daily Research Chronicles

LEAVE A REPLY

Please enter your comment!
Please enter your name here