[월:] 2020년 03월

CVE-2020-1947

Posted on by admin

CVE-2020-1947

In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere’s web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE.

Source: CVE-2020-1947

CVE-2020-9408

Posted on by admin

CVE-2020-9408

The Spotfire library component of TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0.

Source: CVE-2020-9408

CVE-2016-1000111

Posted on by admin

CVE-2016-1000111

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application’s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Source: CVE-2016-1000111

CVE-2020-1981

Posted on by admin

CVE-2020-1981

A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation.
This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance.
This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13.
This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.

Source: CVE-2020-1981

CVE-2020-1980

Posted on by admin

CVE-2020-1980

A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges.
This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13.
This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.

Source: CVE-2020-1980

CVE-2020-1733

Posted on by admin

CVE-2020-1733

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating ‘/proc/<pid>/cmdline’.

Source: CVE-2020-1733

CVE-2020-1979

Posted on by admin

CVE-2020-1979

A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a local authenticated user to execute arbitrary code, bypassing the restricted shell and escalating privileges.
This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama.
This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions.

Source: CVE-2020-1979