Making Sense of Security

Securing your Digital World.

Making Sense of Security

Cisco Drops a Dozen Vulnerability Patches

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-20334
PUBLISHED: 2020-01-04

In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.

PUBLISHED: 2020-01-04

Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in which, sometimes, two global IDs are the same.

PUBLISHED: 2020-01-04

Chamilo LMS through allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.

PUBLISHED: 2020-01-04

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.

PUBLISHED: 2020-01-03

Use-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

View original Article HERE