Log

ASA-202007-6 edited at 29 Jul 2020 21:13:41
Impact
- A remote attacker is able to recover ECDSA private key.
+ A remote attacker is able to recover an ECDSA private key.
AVG-1210 edited at 29 Jul 2020 20:53:47
Severity
- Medium
+ High
CVE-2020-7017 edited at 29 Jul 2020 20:53:47
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Content spoofing
Description
+ In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization.
References
+ https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786
Notes
AVG-1210 edited at 29 Jul 2020 20:53:11
Severity
- Unknown
+ Medium
CVE-2020-7016 edited at 29 Jul 2020 20:53:11
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
References
+ https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786
Notes
AVG-1210 created at 29 Jul 2020 20:52:47
Packages
+ kibana
Issues
+ CVE-2020-7016
+ CVE-2020-7017
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 7.7.0-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2020-7017 created at 29 Jul 2020 20:52:47
AVG-1210 created at 29 Jul 2020 20:52:47
Packages
+ kibana
Issues
+ CVE-2020-7016
+ CVE-2020-7017
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 7.7.0-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2020-7016 created at 29 Jul 2020 20:52:47
AVG-1209 edited at 29 Jul 2020 20:51:55
Advisory qualified
- Yes
+ No
AVG-1209 edited at 29 Jul 2020 20:51:51
Status
- Unknown
+ Fixed
AVG-1209 edited at 29 Jul 2020 20:51:43
Severity
- Unknown
+ Medium
CVE-2020-15103 edited at 29 Jul 2020 20:51:43
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto
References
+ https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9
+ https://github.com/FreeRDP/FreeRDP/commit/d2ba84a6885f57674098fe8e76c5f99d880e580d
Notes
AVG-1209 created at 29 Jul 2020 20:50:50
Packages
+ freerdp
Issues
+ CVE-2020-15103
Status
+ Unknown
Severity
+ Unknown
Affected
+ 2:2.1.2-1
Fixed
+ 2:2.2.0-1
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2020-15103 created at 29 Jul 2020 20:50:50
AVG-1208 edited at 29 Jul 2020 20:47:59
Severity
- Unknown
+ Medium
CVE-2020-12460 edited at 29 Jul 2020 20:47:59
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag.
References
+ https://github.com/trusteddomainproject/OpenDMARC/issues/64
Notes