Monthly Archive: November 2020

The affected product does not properly validate input, which may allow an attacker to execute a denial-of-service attack on the NIO 50 (all versions). Date published : 2020-11-13 https://us-cert.cisa.gov/ics/advisories/icsa-20-308-02

In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the ‘table’ parameter passed is not filtered so a malicious parameter can be passed for SQL injection. Date published : 2020-11-13 https://github.com/che-my/fastadmin-tp6/issues/2

There is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attackers can construct attack scenarios, which leads to denial...

An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory...

lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7. Date published : 2020-11-13 https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/

Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Date published : 2020-11-13 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00424

Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Date published : 2020-11-13 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402

Improper access control in the PMC for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Date published : 2020-11-13 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00360

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to...

Improper file permissions in the installer for the Intel(R) Media SDK for Windows before version 2019 R1 may allow an authenticated user to potentially enable escalation of privilege via local access. Date published :...

FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak. Date published : 2020-11-12 https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201104-01-encryption-en

Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may allow an authenticated user to potentially enable denial of service via local access. Date published : 2020-11-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00400

Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Date published : 2020-11-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00398

Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Date published : 2020-11-12 https://security.netapp.com/advisory/ntap-20210122-0008/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00390