Read the original article: Vulnerability Summary for the Week of September 28, 2020
Original release date: October 5, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cpanel — cpanel | cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). | 2020-09-25 | 7.5 | CVE-2020-26108 MISC |
| cpanel — cpanel | chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). | 2020-09-25 | 7.5 | CVE-2020-26100 MISC |
| cpanel — cpanel | cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). | 2020-09-25 | 7.5 | CVE-2020-26098 MISC |
| foxitsoftware — foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak). | 2020-10-02 | 7.5 | CVE-2020-26539 MISC |
| foxitsoftware — foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write. | 2020-10-02 | 7.5 | CVE-2020-26537 MISC |
| foxitsoftware — foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation). | 2020-10-02 | 7.5 | CVE-2020-26535 MISC |
| foxitsoftware — foxit_reader | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution. | 2020-10-02 | 7.5 | CVE-2020-26534 MISC |
| gitlab — gitlab | An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens | 2020-09-30 | 7.5 | CVE-2020-13296 CONFIRM MISC MISC |
| hoosk — hoosk | An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php | 2020-09-30 | 7.5 | CVE-2020-26042 MISC |
| hoosk — hoosk | An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php | 2020-09-30 | 7.5 | CVE-2020-26041 MISC |
| metinfo — metinfo | An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI. | 2020-09-30 | 7.5 | CVE-2020-20800 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because of includes/authenticate.inc.php. | 2020-09-25 | 7.5 | CVE-2020-25147 MISC |
| observium — observium | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass of core SQL Injection sanitization. Users are able to inject malicious statements in multiple functions. This vulnerability leads to full authentication bypass: any unauthorized user with access to the application is able to exploit this vulnerability. This can occur via the Cookie header to the default URI, within includes/authenticate.inc.php. | 2020-09-25 | 7.5 | CVE-2020-25132 MISC |
| pexip — infinity | Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP). | 2020-09-25 | 7.8 | CVE-2018-10432 CONFIRM MISC |
| pexip — pexip_infinity | Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. | 2020-09-25 | 9.3 | CVE-2020-11805 CONFIRM |
| pexip — pexip_infinity | Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin. | 2020-09-25 | 9 | CVE-2019-7177 MISC CONFIRM |
| pexip — pexip_infinity | Pexip Infinity before 18 allows remote Denial of Service (XML parsing). | 2020-09-25 | 7.8 | CVE-2018-10585 CONFIRM MISC |
| pexip — pexip_infinity | Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup. | 2020-09-25 | 9 | CVE-2019-7178 MISC CONFIRM |
| rainbowfishsoftware — pacsone_server | RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page. | 2020-09-30 | Advertise on IT Security News.
Read the original article: Vulnerability Summary for the Week of September 28, 2020
Post navigation |