Security Vulnerabilities - CVEs Published In November 2020
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room's state, the impact is long-lasting and is not fixed by an upgrade to a newer version, requiring the event to be manually redacted instead. Since events are replicated to servers of other room members, the impact is not constrained to the server of the event sender.
CVSS Score
7.5
EPSS Score
0.01
Published
2020-11-24
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
CVSS Score
6.5
EPSS Score
0.011
Published
2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
CVSS Score
5.3
EPSS Score
0.007
Published
2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
CVSS Score
9.8
EPSS Score
0.081
Published
2020-11-24
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-11-24
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-11-23
A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible.
CVSS Score
3.5
EPSS Score
0.0
Published
2020-11-23
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-11-23
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default - and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described.
CVSS Score
3.7
EPSS Score
0.003
Published
2020-11-23