Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-5132
PUBLISHED: 2020-09-30

SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN au…

CVE-2020-15216
PUBLISHED: 2020-09-29

In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one.
A patch is available, all users of goxmldsig should upgrade to at least revisio…

CVE-2020-4607
PUBLISHED: 2020-09-29

IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.

CVE-2020-24565
PUBLISHED: 2020-09-29

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.
An attacker must first obtain the ability to execute low-privileged code on the …

CVE-2020-25770
PUBLISHED: 2020-09-29

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.
An attacker must first obtain the ability to execute low-privileged code on the …



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here