» 2020 » 9월

CVE-2020-12776

Posted on 2020년 9월 1일2020년 9월 1일 by admin

CVE-2020-12776

Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie.

Source: CVE-2020-12776

CVE-2020-14178

Posted on 2020년 9월 1일2020년 9월 1일 by admin

CVE-2020-14178

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0.

Source: CVE-2020-14178

CVE-2020-25067

Posted on 2020년 9월 1일2020년 9월 1일 by admin

CVE-2020-25067

NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker.

Source: CVE-2020-25067

CVE-2020-15704

Posted on 2020년 9월 1일2020년 9월 1일 by admin

CVE-2020-15704

The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.

Source: CVE-2020-15704

CVE-2020-25058

Posted on 2020년 9월 1일2020년 9월 1일 by admin

CVE-2020-25058

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The network_management service does not properly restrict configuration changes. The LG ID is LVE-SMP-200012 (July 2020).

Source: CVE-2020-25058

CVE-2020-25063

Posted on 2020년 9월 1일2020년 9월 1일 by admin

CVE-2020-25063

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE-SMP-200018 (July 2020).

Source: CVE-2020-25063

CVE-2020-25061

Posted on 2020년 9월 1일2020년 9월 1일 by admin

CVE-2020-25061

An issue was discovered on LG mobile devices with Android OS 9 and 10 software on the VZW network. lge_property allows property overwrites. The LG ID is LVE-SMP-200016 (July 2020).

Source: CVE-2020-25061

CVE-2020-25062

Posted on 2020년 9월 1일2020년 9월 1일 by admin

CVE-2020-25062

An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 (July 2020).

Source: CVE-2020-25062

CVE-2020-25064

Posted on 2020년 9월 1일2020년 9월 1일 by admin

CVE-2020-25064

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August 2020).

Source: CVE-2020-25064

CVE-2020-25065

Posted on 2020년 9월 1일2020년 9월 1일 by admin

CVE-2020-25065

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010 (August 2020).

Source: CVE-2020-25065