Read the original article: Vulnerability Summary for the Week of December 14, 2020
Original release date: December 21, 2020
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adremsoft — netcrunch | AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key is used across different customers’ installations when no other SSL certificate is installed, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 2020-12-16 | 10 | CVE-2019-14482 MISC MISC |
| adremsoft — netcrunch | AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only administrator can execute arbitrary code on the server running the NetCrunch server software. | 2020-12-16 | 9 | CVE-2019-14479 MISC MISC |
| adremsoft — netcrunch | AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS and Solaris private keys, private keys’ passwords, and root passwords stored in the credential manager. Every administrator can read the ESX and Windows passwords stored in the credential manager. | 2020-12-16 | 9 | CVE-2019-14483 MISC MISC |
| adremsoft — netcrunch | AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges. | 2020-12-16 | 7.5 | CVE-2019-14480 MISC MISC |
| altran — picotcp | An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds writes that lead to Denial-of-Service and Remote Code Execution. | 2020-12-11 | 7.5 | CVE-2020-24338 MISC MISC |
| apache — struts | Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 – Struts 2.5.25. | 2020-12-11 | 7.5 | CVE-2020-17530 JVN CONFIRM |
| appbase — streams | The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password. | 2020-12-16 | 10 | CVE-2020-35468 MISC |
| arubanetworks — arubaos | There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | 2020-12-11 | 10 | CVE-2020-24633 CONFIRM |
| arubanetworks — arubaos | An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | 2020-12-11 | 10 | CVE-2020-24634 CONFIRM |
| arubanetworks — arubaos | Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | 2020-12-11 | 9 | CVE-2020-24637 CONFIRM |
| askey — ap5100w_firmware | Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options. | 2020-12-11 | 10 | CVE-2020-15357 MISC MISC MISC |
| blackfire — blackfire | The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password. | 2020-12-15 | 10 | CVE-2020-35466 MISC |
| car_rental_management_system_project — car_rental_management_system | An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the “page” parameter, to cause local file inclusion resulting in code execution. | 2020-12-14 | 7.5 | CVE-2020-29227 MISC MISC |
| citrix — gateway_plug-in | Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks | 2020-12-14 | 7.5 | CVE-2020-8257 MISC |
| citrix — virtual_apps_and_desktops | An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9. | 2020-12-14 | 9 | CVE-2020-8283 MISC |
| connection-tester_project — connection-tester | This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability: | 2020-12-16 |