» 2020 » 5월

CVE-2020-7648

Posted on 2020년 5월 30일2020년 5월 30일 by admin

CVE-2020-7648

All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk’s internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`

Source: CVE-2020-7648

CVE-2020-7654

Posted on 2020년 5월 30일2020년 5월 30일 by admin

CVE-2020-7654

All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.

Source: CVE-2020-7654

CVE-2020-7650

Posted on 2020년 5월 30일2020년 5월 30일 by admin

CVE-2020-7650

All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk’s internal network of any files ending in the following extensions: yaml, yml or json.

Source: CVE-2020-7650

CVE-2020-8482

Posted on 2020년 5월 30일2020년 5월 30일 by admin

CVE-2020-8482

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data

Source: CVE-2020-8482

CVE-2020-6937

Posted on 2020년 5월 30일2020년 5월 30일 by admin

CVE-2020-6937

A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.

Source: CVE-2020-6937

CVE-2020-11844

Posted on 2020년 5월 30일2020년 5월 30일 by admin

CVE-2020-11844

There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.

Source: CVE-2020-11844

CVE-2020-7653

Posted on 2020년 5월 30일2020년 5월 30일 by admin

CVE-2020-7653

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk’s internal network by creating symlinks to match whitelisted paths.

Source: CVE-2020-7653

CVE-2020-1831

Posted on 2020년 5월 30일2020년 5월 30일 by admin

CVE-2020-1831

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the user break the limit of digital balance function after a series of operations with a PC.

Source: CVE-2020-1831

CVE-2020-7652

Posted on 2020년 5월 30일2020년 5월 30일 by admin

CVE-2020-7652

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk’s internal network via directory traversal.

Source: CVE-2020-7652

CVE-2020-7651

Posted on 2020년 5월 30일2020년 5월 30일 by admin

CVE-2020-7651

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk’s internal network via patch history from GitHub Commits API.

Source: CVE-2020-7651