Log

AVG-1202 edited at 08 Jul 2020 08:11:39
Issues
+ CVE-2020-10730
CVE-2020-10745
+ CVE-2020-10760
+ CVE-2020-14303
References
https://www.samba.org/samba/security/CVE-2020-10745.html
+ https://www.samba.org/samba/security/CVE-2020-10730.html
+ https://www.samba.org/samba/security/CVE-2020-10760.html
+ https://www.samba.org/samba/security/CVE-2020-14303.html
CVE-2020-10760 created at 08 Jul 2020 08:11:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-1202 created at 08 Jul 2020 08:01:46
Packages
+ samba
Issues
+ CVE-2020-10745
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 4.12.3-2
Fixed
Ticket
Advisory qualified
+ Yes
References
+ https://www.samba.org/samba/security/CVE-2020-10745.html
Notes
+ Fixed in 4.12.4
CVE-2020-10745 created at 08 Jul 2020 08:01:46
AVG-1200 edited at 08 Jul 2020 08:00:33
Severity
- Unknown
+ High
CVE-2020-15096 edited at 08 Jul 2020 08:00:33
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ A context isolation bypass has been found in electron, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
References
+ https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg
Notes
AVG-1201 edited at 08 Jul 2020 08:00:33
Severity
- Unknown
+ High
CVE-2020-15096 edited at 08 Jul 2020 08:00:33
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ A context isolation bypass has been found in electron, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
References
+ https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg
Notes
AVG-1201 created at 08 Jul 2020 07:59:46
Packages
+ electron7
Issues
+ CVE-2020-15096
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 7.1.14-6
Fixed
Ticket
Advisory qualified
+ Yes
References
+ https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg
Notes
+ Fixed in 7.2.4
AVG-1200 created at 08 Jul 2020 07:58:46
Packages
+ electron6
Issues
+ CVE-2020-15096
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 6.1.9-6
Fixed
Ticket
Advisory qualified
+ Yes
References
+ https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg
Notes
+ Fixed in 6.1.11
CVE-2020-15096 created at 08 Jul 2020 07:58:46
ASA-202007-1 edited at 07 Jul 2020 15:15:40
Workaround
+ Disable the webserver or set a password via "webserver-password". Additionally, restrict the binding address using the `webserver-address` setting to local addresses only and/or use a firewall to disallow web requests from untrusted sources reaching the webserver listening address.
Impact
+ A remote attacker can bypass the ACL restriction set on the internal webserver.
ASA-202007-1 created at 07 Jul 2020 15:14:06
AVG-1199 edited at 07 Jul 2020 15:11:39
Severity
- Unknown
+ Low
CVE-2020-14196 edited at 07 Jul 2020 15:11:39
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ An issue has been found in PowerDNS Recursor before 4.3.2 where the ACL applied to the internal web server via `webserver-allow-from` is not properly enforced, allowing a remote attacker to send HTTP queries to the internal web server, bypassing the restriction. Note that the web server is not enabled by default. Only installations using a non-default value for `webserver` and `webserver-address` are affected.
+
+ Workarounds are: disable the webserver or set a password or an API key. Additionally, restrict the binding address using the `webserver-address` setting to local addresses only and/or use a firewall to disallow web requests from untrusted sources reaching the webserver listening address.
References
+ https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-04.html
+ https://github.com/PowerDNS/pdns/commit/3bba454b35c883d20297a772c13f3e82b115ac88
Notes
AVG-1199 created at 07 Jul 2020 15:08:25
Packages
+ powerdns-recursor
Issues
+ CVE-2020-14196
Status
+ Fixed
Severity
+ Unknown
Affected
+ 4.3.1-1
Fixed
+ 4.3.2-1
Ticket
Advisory qualified
+ Yes
References
+ https://www.openwall.com/lists/oss-security/2020/07/01/1
+ https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-04.html
Notes
CVE-2020-14196 created at 07 Jul 2020 15:08:25