Rewterz Threat Alert –Raccoon Infostealer – Active IOCs
August 4, 2021Rewterz Threat Advisory – Multiple Node.js Vulnerabilities
August 4, 2021Rewterz Threat Alert –Raccoon Infostealer – Active IOCs
August 4, 2021Rewterz Threat Advisory – Multiple Node.js Vulnerabilities
August 4, 2021Severity
High
Analysis Summary
CVE-2019-17006
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
CVE-2019-8675
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.
CVE-2019-8696
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.
CVE-2020-12321
Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2020-15862
Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
Impact
- Privilege Escalation
- Code Execution
Affected Vendors
Juniper
Affected Products
- Junos Space Log Collector 20.1
- Junos Space Log Collector 20.2
- Junos Space Log Collector 20.3
Remediation
Refer to Juniper advisory for the complete list of affected products and their respective patches.
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11209&cat=SIRT_1&actp=LIST