Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device’s web management interface allows attackers to inject specific code and execute system commands without privilege.

CVE-2020-24655
YAYINLANAN: 2020-09-10

A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices (effectively bypassing the PIN requirement).

CVE-2020-25220
YAYINLANAN: 2020-09-10

The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.

CVE-2020-15173
YAYINLANAN: 2020-09-09

In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. If your application is used in open networks or there are untrusted nodes in the network it is …

CVE-2020-15903
YAYINLANAN: 2020-09-09

An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.