Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-26214
PUBLISHED: 2020-11-06

In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication mechanism for anonym…

CVE-2017-18926
PUBLISHED: 2020-11-06

raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).

CVE-2020-25172
PUBLISHED: 2020-11-06

A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files.

CVE-2020-25174
PUBLISHED: 2020-11-06

A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user.

CVE-2020-26213
PUBLISHED: 2020-11-06

In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn’t get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here