CVE-2019-17098
Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials.
This issue affects:
August Connect Wi-Fi Bridge App
version v10.11.0 and prior versions on Android.
August Connect Firmware
version 2.2.12 and prior versions.
Source: CVE-2019-17098
CVE-2020-15731
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name.
This issue affects:
Bitdefender Engines
versions prior to 7.85448.
Source: CVE-2020-15731
CVE-2020-5132
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability.
Source: CVE-2020-5132
CVE-2020-15216
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one.
A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0
Source: CVE-2020-15216
CVE-2020-4607
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
Source: CVE-2020-4607
CVE-2020-25773
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products.
User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.
Source: CVE-2020-25773
CVE-2020-25774
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account.
User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Source: CVE-2020-25774
CVE-2020-25771
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.
An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities.
The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770.
Source: CVE-2020-25771
CVE-2020-25772
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.
An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities.
The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771.
Source: CVE-2020-25772
CVE-2020-25775
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product’s secure erase feature to delete files with a higher set of privileges.
Source: CVE-2020-25775