Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-14058
PUBLISHED: 2020-06-30

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because u…

CVE-2020-14059
PUBLISHED: 2020-06-30

An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.

CVE-2020-14474
PUBLISHED: 2020-06-30

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running…

CVE-2020-7049
PUBLISHED: 2020-06-30

Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection.

CVE-2020-14482
PUBLISHED: 2020-06-30

Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Opening a specially crafted project file may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.

Follow me for more information.

X