Making Sense of Security

Securing your Digital World.

Making Sense of Security

Bad Certificate Knocks Teams Offline

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-3939
PUBLISHED: 2020-02-04

SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability.

CVE-2020-3937
PUBLISHED: 2020-02-04

SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database.

CVE-2020-3938
PUBLISHED: 2020-02-04

SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests.

CVE-2020-5235
PUBLISHED: 2020-02-04

There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the array nanopb can en…

CVE-2020-5236
PUBLISHED: 2020-02-04

Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time …

View Original Source Article HERE