Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-26253
PUBLISHED: 2020-12-08

Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don’t have an admin account for the Panel…

CVE-2020-25631
PUBLISHED: 2020-12-08

A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book’s chapter title, which was not escaped on the "Add new chapter" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8.

CVE-2020-25677
PUBLISHED: 2020-12-08

Ceph-ansible 4.0.34.1 creates /etc/ceph/iscsi-gateway.conf with insecure default permissions, allowing any user to read the sensitive information within.

CVE-2020-25692
PUBLISHED: 2020-12-08

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.

CVE-2020-27818
PUBLISHED: 2020-12-08

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.