Due to some Hickups in our CVE/CVSS-detector we issue a collective SecurityBulletin to get the Info out as soon as possible and will deliver analysis later.
RCE in Dell iDRAC (CVE-2020-5344)
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70,
4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated
remote attacker may exploit this vulnerability to crash the affected process or
execute arbitrary code on the system by sending specially crafted input data.
- CVSS: 9.8
- Link
- 110.000 IPs affected
RCE in Zoho ManageEngine ADSelfService (CVE-2020-11518)
Zoho ManageEngine ADSelfService Plus before 5815 allows
unauthenticated remote code execution.
- CVSS: 9.8
- Link
- 2.000 IPs affected
RCE in Paessler PRTG (CVE-2020-10374)
A webserver component in Paessler PRTG Network Monitor 19.2.50
to PRTG 20.1.56 allows unauthenticated remote command execution via a
crafted POST request or the what parameter of the screenshot function
in the Contact Support form.
- CVSS: 9.8
- Link
- 94.000 IPs affected
RCE/Java-EL-Injection in Nexus Repository Manager (CVE-2020-10199)
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
- CVE: 8.8
- Link
- 8.500 IPs affected
Please note: although the official advisory says, the vuln exists only post_auth, the guy who reported the bug claims, it is pre_auth Link to: Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager
File Read in Zoho OpManager (CVE-2020-11527)
In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote
attacker can send a specially crafted URI to read arbitrary files.
- CVSS: 7.5
- Link
- 1.100 IPs affected
Fragen? Kontakt: info@zero.bs