Archive for May, 2020

CVE-2020-13425

TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted.
Source: NIST
CVE-2020-13425

CVE-2020-13424

The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure.
Source: NIST
CVE-2020-13424

CVE-2020-13415

An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping.
Source: NIST
CVE-2020-13415

CVE-2020-13416

An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets.
Source: NIST
CVE-2020-13416

CVE-2020-13414

An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.
Source: NIST
CVE-2020-13414

CVE-2020-13417

An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.
Source: NIST
CVE-2020-13417

CVE-2020-13412

An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF.
Source: NIST
CVE-2020-13412

CVE-2020-13413

An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.
Source: NIST
CVE-2020-13413

CVE-2020-12397

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.
Source: NIST
CVE-2020-12397

CVE-2020-13396

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
Source: NIST
CVE-2020-13396