7 Security Tips for Gamers

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-29563
PUBLISHED: 2020-12-12

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.

CVE-2020-29654
PUBLISHED: 2020-12-12

Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account.

CVE-2020-35176
PUBLISHED: 2020-12-12

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.

CVE-2020-24339
PUBLISHED: 2020-12-11

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing…

CVE-2020-24340
PUBLISHED: 2020-12-11

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response data available in th…

Read More HERE

Leave a Reply