Zephyrnet Logo

WordPress Plug-in Has Critical Zero-Day

Date:

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-24552
PUBLISHED: 2020-09-10

Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device’s web management interface allows attackers to inject specific code and execute system commands without privilege.

CVE-2020-24655
PUBLISHED: 2020-09-10

A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices (effectively bypassing the PIN requirement).

CVE-2020-25220
PUBLISHED: 2020-09-10

The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.

CVE-2020-15173
PUBLISHED: 2020-09-09

In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. If your application is used in open networks or there are untrusted nodes in the network it is …

CVE-2020-15903
PUBLISHED: 2020-09-09

An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.

Source: https://www.darkreading.com/vulnerabilities—threats/wordpress-plug-in-has-critical-zero-day/d/d-id/1338860?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

spot_img

Latest Intelligence

spot_img