Monthly Archive: August 2020

All versions of HoRNDIS are affected by an integer overflow in the RNDIS packet parsing routines. A malicious USB device can trigger disclosure of unrelated kernel memory to userspace applications on the host, or...

In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. Date published : 2020-08-12 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13291.json https://gitlab.com/gitlab-org/gitlab/-/issues/230521

In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page Date published : 2020-08-12 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13290.json https://gitlab.com/gitlab-org/gitlab/-/issues/32291

In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page Date published : 2020-08-12 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13288.json https://gitlab.com/gitlab-org/gitlab/-/issues/215538

Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request. Date published :...

In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. Date published : 2020-08-12 https://www.openwall.com/lists/oss-security/2020/08/12/3 https://www.debian.org/security/2020/dsa-4745

In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. Date published : 2020-08-12 https://www.openwall.com/lists/oss-security/2020/08/12/2 https://www.debian.org/security/2020/dsa-4745

Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access. Date published : 2020-08-12 https://security.netapp.com/advisory/ntap-20200814-0001/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00367.html

Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local access. Date published : 2020-08-12 https://security.netapp.com/advisory/ntap-20200814-0001/..&#46;

Improper input validation in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access. Date published : 2020-08-12 https://security.netapp.com/advisory/ntap-20200814-0001/..&#46;

Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2020.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Date published : 2020-08-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00399.html

The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, which allow full control over this module’s Operating System. Date published : 2020-08-12 https://www.stengg.com/cybersecurity https://www.stengg.com/media/1076253/vpncrypt-m10-cve-advisory-notice.pdf

The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the Administrator account or connect...

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. Date published...