Security Vulnerabilities - CVEs Published In September 2020
In CamX code, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-123999783
CVSS Score
6.4
EPSS Score
0.0
Published
2020-09-17
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
CVSS Score
4.7
EPSS Score
0.001
Published
2020-09-17
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).
CVSS Score
9.0
EPSS Score
0.015
Published
2020-09-17
A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings leads to the use of an attacker-controllable uninitialized stack value. This can be used to modify memory, causing a crash or potentially exploitable heap corruption.
CVSS Score
9.8
EPSS Score
0.013
Published
2020-09-17
A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption.
CVSS Score
9.8
EPSS Score
0.011
Published
2020-09-17
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-09-17
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed though the restricted shell, but it can be modified by abusing the Backup/Import Backup functionality of the web interface. An authenticated attacker would be able to obtain the file /var/tmp/admin.passwd after executing a Backup operation. This file can be manually modified to change the GUID of the user to 0 (root) and change the restricted shell to a normal shell /bin/sh. After the modification is done, the file can be recompressed to a .tar.bz file and imported again via the Import Backup functionality. The properties of the admin user will be overwritten and a root shell will be granted to the user upon the next successful login.
CVSS Score
7.2
EPSS Score
0.036
Published
2020-09-17
Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine.
CVSS Score
7.3
EPSS Score
0.008
Published
2020-09-17
The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-17
The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-09-17