CVE-2019-16301

An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution.

Source: CVE-2019-16301

CVE-2019-16300

An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution.

Source: CVE-2019-16300

CVE-2019-16298

An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.

Source: CVE-2019-16298

CVE-2019-16299

An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.

Source: CVE-2019-16299

CVE-2019-11189

Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerability, an attacker sends a gratuitous ARP reply that causes the host mobility application to remove existing access control flow denial rules in the network. The access control application does not re-install flow deny rules, so the attacker can bypass the intended access control policy.

Source: CVE-2019-11189

CVE-2020-3764

Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Source: CVE-2020-3764

CVE-2020-6968

Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files.

Source: CVE-2020-6968

CVE-2020-3765

Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

Source: CVE-2020-3765

CVE-2020-6977

A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products – all versions; LOGIQ – all versions not including LOGIQ 100 Pro; Voluson – all versions; Versana Essential – all versions; Invenia ABUS Scan station – all versions; Venue – all versions not including Venue 40 R1-3 and Venue 50 R4-5

Source: CVE-2020-6977

CVE-2020-9318

Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. This is fixed in 9.2.15.

Source: CVE-2020-9318