From DHS/US-CERT’s National Vulnerability Database
PUBLISHED: 2020-10-09HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters….
CVE-2020-9105
PUBLISHED: 2020-10-09
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit…
CVE-2020-26924
PUBLISHED: 2020-10-09
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 before 3.9.1.13 and WAC730 before 3.9.1.13.
CVE-2020-26925
PUBLISHED: 2020-10-09
NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service.
CVE-2020-26926
PUBLISHED: 2020-10-09
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.
