» 2020 » 6월

CVE-2020-9427

Posted on 2020년 6월 16일2020년 6월 16일 by admin

CVE-2020-9427

OX Guard 2.10.3 and earlier allows SSRF.

Source: CVE-2020-9427

CVE-2018-16848

Posted on 2020년 6월 16일2020년 6월 16일 by admin

CVE-2018-16848

A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service.

Source: CVE-2018-16848

CVE-2020-9075

Posted on 2020년 6월 16일2020년 6월 16일 by admin

CVE-2020-9075

Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability may lead to information leakage.

Source: CVE-2020-9075

CVE-2020-9426

Posted on 2020년 6월 16일2020년 6월 16일 by admin

CVE-2020-9426

OX Guard 2.10.3 and earlier allows XSS.

Source: CVE-2020-9426

CVE-2020-4477

Posted on 2020년 6월 15일2020년 6월 16일 by admin

CVE-2020-4477

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779.

Source: CVE-2020-4477

CVE-2020-4470

Posted on 2020년 6월 15일2020년 6월 16일 by admin

CVE-2020-4470

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725.

Source: CVE-2020-4470

CVE-2020-4471

Posted on 2020년 6월 15일2020년 6월 16일 by admin

CVE-2020-4471

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. IBM X-Force ID: 181726.

Source: CVE-2020-4471

CVE-2020-8675

Posted on 2020년 6월 15일2020년 6월 16일 by admin

CVE-2020-8675

Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Source: CVE-2020-8675

CVE-2020-8674

Posted on 2020년 6월 15일2020년 6월 16일 by admin

CVE-2020-8674

Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.

Source: CVE-2020-8674

CVE-2020-4494

Posted on 2020년 6월 15일2020년 6월 16일 by admin

CVE-2020-4494

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.

Source: CVE-2020-4494