» 2020 » 4월

CVE-2020-11941

Posted on 2020년 4월 28일2020년 4월 28일 by admin

CVE-2020-11941

An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.

Source: CVE-2020-11941

CVE-2020-12279

Posted on 2020년 4월 28일2020년 4월 28일 by admin

CVE-2020-12279

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.

Source: CVE-2020-12279

CVE-2019-14941

Posted on 2020년 4월 28일2020년 4월 28일 by admin

CVE-2019-14941

SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation.

Source: CVE-2019-14941

CVE-2020-12278

Posted on 2020년 4월 28일2020년 4월 28일 by admin

CVE-2020-12278

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.

Source: CVE-2020-12278

CVE-2019-15234

Posted on 2020년 4월 28일2020년 4월 28일 by admin

CVE-2019-15234

SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from CVE-2019-14941.

Source: CVE-2019-15234

CVE-2020-1880

Posted on 2020년 4월 28일2020년 4월 28일 by admin

CVE-2020-1880

Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device abnormal.

Source: CVE-2020-1880

CVE-2018-21096

Posted on 2020년 4월 28일2020년 4월 28일 by admin

CVE-2018-21096

Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.

Source: CVE-2018-21096

CVE-2020-9488

Posted on 2020년 4월 28일2020년 4월 28일 by admin

CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.

Source: CVE-2020-9488

CVE-2020-9068

Posted on 2020년 4월 28일2020년 4월 28일 by admin

CVE-2020-9068

Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.

Source: CVE-2020-9068

CVE-2018-21095

Posted on 2020년 4월 28일2020년 4월 28일 by admin

CVE-2018-21095

Certain NETGEAR devices are affected by stored XSS. This affects SRR60 before 2.2.1.210 and SRS60 before 2.2.1.210.

Source: CVE-2018-21095