Security Vulnerabilities - CVEs Published In November 2020
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-11-19
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-11-19
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
CVSS Score
7.8
EPSS Score
0.769
Published
2020-11-19
CVE-2020-28949
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Known exploited
CVSS Score
7.8
EPSS Score
0.931
Published
2020-11-19
In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-11-19
In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-11-19
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. The access system is based on dynamic "tokens". The vulnerability is that user sessions are not closed correctly and a user with fewer rights is assigned the higher rights when he logs on.
CVSS Score
9.1
EPSS Score
0.004
Published
2020-11-19
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and Memograph M (Neutral/Private Label) (RSG45, ORSG45) with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to the server, which makes repeating requests and analysis complex enough. Nevertheless, it's possible and during the analysis it was discovered that it also has an issue with the access-control matrix on the server-side. It was found that a user with low rights can get information from endpoints that should not be available to this user.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-11-19
The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for automatic execution upon log in of a user. If a less privileged user has a local account he or she can replace TcSysUI.exe. It will be executed automatically by another user during login. This is also true for users with administrative access. Consequently, a less privileged user can trick a higher privileged user into executing code he or she modified this way. By default Beckhoff’s IPCs are shipped with TwinCAT software installed this way and with just a single local user configured. Thus the vulnerability exists if further less privileged users have been added.
CVSS Score
7.3
EPSS Score
0.002
Published
2020-11-19
The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-11-19