CVE-2019-17098

CVE-2019-17098

Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials.
This issue affects:
August Connect Wi-Fi Bridge App
version v10.11.0 and prior versions on Android.
August Connect Firmware
version 2.2.12 and prior versions.

Source: CVE-2019-17098

CVE-2020-5132

CVE-2020-5132

SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability.

Source: CVE-2020-5132

CVE-2020-15216

CVE-2020-15216

In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one.

A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0

Source: CVE-2020-15216

CVE-2020-25774

CVE-2020-25774

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account.

User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Source: CVE-2020-25774

CVE-2020-25771

CVE-2020-25771

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.

An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities.

The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770.

Source: CVE-2020-25771

CVE-2020-25772

CVE-2020-25772

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.

An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities.

The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771.

Source: CVE-2020-25772