Weekly vulnerability overview: October 2020

Weekly vulnerability overview: October 2020

Vulnerabilities in Cisco IOS XE software, WordPress plug-ins, FoxRider software etc. were detected. Cisco Systems has fixed several vulnerabilities ( CVE-2020-3141 and CVE-2020-3425 ) in its IOS XE software. Their exploitation allowed the remote attacker to increase privileges on the system.

The Libass portable subtitle rendering tool for ASS/SSA (Advanced Substation Alpha / Substation Alpha) contains a dangerous vulnerability with which a remote attacker can execute arbitrary code on the target system. The problem affects libass version 0.14.0 and there is currently no patch for it.



Fortinet, a developer of security software, solutions and services, has released an update that fixes two vulnerabilities in the FortiOS operating system. One of them ( CVE-2020-12819 ) can be used to execute a denial-of-service attack, and the other ( CVE-2020-12820 ) allows remote code execution.

The two popular industrial remote access systems SiteManager and GateManager from B& R Automation ( CVE-2020-11641, CVE-2020-11642, CVE-2020-11643, CVE-2020-11644, CVE-2020-11645 and CVE-2020-11646 ), and mbCONNECT24 from MB Connect Line ( CVE-2020-24569, CVE-2020-24568 and CVE-2020-24570 ) contain dangerous vulnerabilities. They can be used to prevent access to industrial production facilities, hacking into corporate networks, and theft of sensitive data.

Two dangerous vulnerabilities ( CVE-2020-17413 and CVE-2020-17412 ) were detected in the beta version of the Foxit 3D Plugin module, which could allow a remote attacker to execute arbitrary code or compromise a vulnerable system. Another vulnerability, less dangerous ( CVE-2020-17411 ), can be used to gain access to sensitive information.



The Foxit Reader and PhantomPDF solutions have many issues, the most serious of which may allow a remote attacker to compromise a vulnerable system.

A vulnerability has been detected in a number of WordPress plug-ins, allowing a remote attacker to gain unauthorized access to other limited functions. Vulnerable software includes Transcend, Regina Lite, MedZone Lite and Brilliance themes for WordPress.

 

Source: securitylab.



WARNING! All links in the articles may lead to malicious sites or contain viruses. Follow them at your own risk. Those who purposely visit the article know what they are doing. Do not click on everything thoughtlessly.


10 Views

0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments


Do NOT follow this link or you will be banned from the site!
0
Would love your thoughts, please comment.x
()
x

Spelling error report

The following text will be sent to our editors: