Security Vulnerabilities - CVEs Published In July 2020
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the network could be able to install specially crafted firmware to the device.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-07-14
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-07-14
An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMCIII-PU-9333E0FB through 3.15.70_4 devices. Attackers can execute code.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-07-14
An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMCIII-PU-9333E0FB through 3.15.70 devices. There are insecure permissions.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-07-14
An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a least privilege violation.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-07-14
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.
CVSS Score
10.0
EPSS Score
0.013
Published
2020-07-14
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
CVSS Score
4.2
EPSS Score
0.004
Published
2020-07-14
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the pki-server command, may have been vulnerable to Person-in-the-Middle attacks in certain non-localhost use cases. This is fixed in 10.9.0-b1.
CVSS Score
6.8
EPSS Score
0.002
Published
2020-07-14
This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More details can be found below.
CVSS Score
9.8
EPSS Score
0.68
Published
2020-07-14
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). By performing a flooding attack against the web server, an attacker might be able to gain read access to the device's memory, possibly revealing confidential information.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-07-14