» 2020 » 11월

CVE-2020-8152

Posted on 2020년 11월 16일2020년 11월 16일 by admin

CVE-2020-8152

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.

Source: CVE-2020-8152

CVE-2020-2492

Posted on 2020년 11월 16일2020년 11월 16일 by admin

CVE-2020-2492

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.

Source: CVE-2020-2492

CVE-2020-8273

Posted on 2020년 11월 16일2020년 11월 16일 by admin

CVE-2020-8273

Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.

Source: CVE-2020-8273

CVE-2020-8272

Posted on 2020년 11월 16일2020년 11월 16일 by admin

CVE-2020-8272

Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8

Source: CVE-2020-8272

CVE-2020-8271

Posted on 2020년 11월 16일2020년 11월 16일 by admin

CVE-2020-8271

Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8

Source: CVE-2020-8271

CVE-2020-8270

Posted on 2020년 11월 16일2020년 11월 16일 by admin

CVE-2020-8270

An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342

Source: CVE-2020-8270

CVE-2020-8269

Posted on 2020년 11월 16일2020년 11월 16일 by admin

CVE-2020-8269

An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9

Source: CVE-2020-8269

CVE-2020-5666

Posted on 2020년 11월 16일2020년 11월 16일 by admin

CVE-2020-5666

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from ’05’ to ’19’ and R04/08/16/32/120(EN)CPU Firmware versions from ’35’ to ’51’) allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication.

Source: CVE-2020-5666

CVE-2020-8259

Posted on 2020년 11월 16일2020년 11월 16일 by admin

CVE-2020-8259

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.

Source: CVE-2020-8259

CVE-2020-2490

Posted on 2020년 11월 16일2020년 11월 16일 by admin

CVE-2020-2490

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.

Source: CVE-2020-2490