CVE-2020-35223

The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.

Source: CVE-2020-35223

CVE-2021-3034

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the ‘/var/log/demisto/’ server logs when testing the integration during setup.

This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration.
This issue impacts:
Cortex XSOAR 5.5.0 builds earlier than 98622;
Cortex XSOAR 6.0.1 builds earlier than 830029;
Cortex XSOAR 6.0.2 builds earlier than 98623;
Cortex XSOAR 6.1.0 builds earlier than 848144.

Source: CVE-2021-3034

CVE-2020-35224

A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot.

Source: CVE-2020-35224

CVE-2020-35225

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks.

Source: CVE-2020-35225

CVE-2020-19417

Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account ‘maint’) to perform administrative tasks by sending specially crafted HTTP requests to the application.

Source: CVE-2020-19417

CVE-2020-35221

The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original.

Source: CVE-2020-35221

CVE-2020-27632

In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions.

Source: CVE-2020-27632

CVE-2020-19419

Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication.

Source: CVE-2020-19419

CVE-2020-35220

A TFTP server was found to be active by default on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. It allows remote authenticated users to update the switch firmware.

Source: CVE-2020-35220

CVE-2021-21772

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Source: CVE-2021-21772