Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.
Published at: October 22, 2020 at 03:15PM
View on website
Etiqueta: security
New vulnerability on the NVD: CVE-2019-16129
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).
Published at: October 22, 2020 at 03:15PM
View on website
New vulnerability on the NVD: CVE-2018-11764
Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.
Published at: October 21, 2020 at 03:15PM
View on website
New vulnerability on the NVD: CVE-2020-10138
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
Published at: October 21, 2020 at 10:15AM
View on website
New vulnerability on the NVD: CVE-2020-10139
Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
Published at: October 21, 2020 at 10:15AM
View on website
Educ Arte Económico 