From DHS/US-CERT’s National Vulnerability Database CVE-2020-24552
PUBLISHED: 2020-09-10
Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device’s web management interface allows attackers to inject specific code and execute system commands without privilege.
CVE-2020-24655
PUBLISHED: 2020-09-10
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices (effectively bypassing the PIN requirement).
CVE-2020-25220
PUBLISHED: 2020-09-10
The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.
CVE-2020-15173
PUBLISHED: 2020-09-09
In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. If your application is used in open networks or there are untrusted nodes in the network it is …
CVE-2020-15903
PUBLISHED: 2020-09-09
An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.