CVE-2020-8580
SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS).
Source: CVE-2020-8580
[월:] 2020년 11월
CVE-2020-7198
CVE-2020-7198
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.
Source: CVE-2020-7198
CVE-2020-5795
CVE-2020-5795
UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router.
Source: CVE-2020-5795
CVE-2020-4483
CVE-2020-4483
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857.
Source: CVE-2020-4483
CVE-2020-4484
CVE-2020-4484
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858.
Source: CVE-2020-4484
CVE-2020-4482
CVE-2020-4482
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856.
Source: CVE-2020-4482
CVE-2020-27589
CVE-2020-27589
Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 – 0.0.52 does not validate SSL certificates in certain cases.
Source: CVE-2020-27589
CVE-2020-27196
CVE-2020-27196
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service.
Source: CVE-2020-27196
CVE-2020-26883
CVE-2020-26883
In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.
Source: CVE-2020-26883
CVE-2020-26882
CVE-2020-26882
In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.
Source: CVE-2020-26882