» 2020 » 12월

CVE-2020-35729

Posted on 2020년 12월 27일2020년 12월 27일 by admin

CVE-2020-35729

KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.

Source: CVE-2020-35729

CVE-2020-35448

Posted on 2020년 12월 27일2020년 12월 27일 by admin

CVE-2020-35448

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

Source: CVE-2020-35448

CVE-2020-8290

Posted on 2020년 12월 27일2020년 12월 27일 by admin

CVE-2020-8290

Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.

Source: CVE-2020-8290

CVE-2020-8289

Posted on 2020년 12월 27일2020년 12월 27일 by admin

CVE-2020-8289

Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.

Source: CVE-2020-8289

CVE-2020-7845

Posted on 2020년 12월 27일2020년 12월 27일 by admin

CVE-2020-7845

Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerability caused by improper boundary checks when parsing MAIL FROM command. It leads remote attacker to execute arbitrary code via crafted packet.

Source: CVE-2020-7845