Security Vulnerabilities - CVEs Published In November 2020
An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-11-02
An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in the kernel prior to ELF execution. Shared libraries, however, do not need to be signed, and they are not verified. An attacker may execute a custom binary by compiling it as a shared object and loading it via LD_PRELOAD.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-11-02
An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user (MAINAPP) can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables --modprobe switch.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-11-02
Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-11-02
In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-11-02
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-11-02
eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-11-02
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.
CVSS Score
9.8
EPSS Score
0.477
Published
2020-11-02
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-11-02
WordPress before 5.5.2 allows XSS associated with global variables.
CVSS Score
6.1
EPSS Score
0.014
Published
2020-11-02