{"fedora": [{"lastseen": "2021-01-20T04:31:50", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10228", "CVE-2019-25013", "CVE-2020-29562", "CVE-2020-6096"], "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "modified": "2021-01-20T01:28:29", "published": "2021-01-20T01:28:29", "id": "FEDORA:73B0C3094225", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: glibc-2.31-5.fc32", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T04:31:50", "bulletinFamily": "unix", "cvelist": ["CVE-2020-24386", "CVE-2020-25275"], "description": "Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. ", "modified": "2021-01-20T01:27:57", "published": "2021-01-20T01:27:57", "id": "FEDORA:1714C30AA452", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: dovecot-2.3.13-2.fc32", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-19T06:33:09", "bulletinFamily": "unix", "cvelist": [], "description": "flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. ", "modified": "2021-01-19T01:52:27", "published": "2021-01-19T01:52:27", "id": "FEDORA:B6BE0309FF1D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: flatpak-1.8.5-1.fc32", "cvss": {"score": 0.0, "vector": "NONE"}}], "oraclelinux": [{"lastseen": "2021-01-20T05:27:09", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25684", "CVE-2020-25687", "CVE-2020-25685", "CVE-2020-25681", "CVE-2020-25683", "CVE-2020-25682", "CVE-2020-25686"], "description": "[2.79-13.1]\n- Fix various issues in dnssec validation (CVE-2020-25681)\n- Accept responses only on correct sockets (CVE-2020-25684)\n- Use strong verification on queries (CVE-2020-25685)", "edition": 1, "modified": "2021-01-20T00:00:00", "published": "2021-01-20T00:00:00", "id": "ELSA-2021-0150", "href": "http://linux.oracle.com/errata/ELSA-2021-0150.html", "title": "dnsmasq security update", "type": "oraclelinux", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-20T03:29:29", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686"], "description": "[2.76-16.1]\n- Accept responses only on correct sockets (CVE-2020-25684)\n- Use strong verification on queries (CVE-2020-25685)\n- Handle multiple identical DNS queries better (CVE-2020-25686)\n- Link against nettle for sha256 hash implementation", "edition": 2, "modified": "2021-01-19T00:00:00", "published": "2021-01-19T00:00:00", "id": "ELSA-2021-0153", "href": "http://linux.oracle.com/errata/ELSA-2021-0153.html", "title": "dnsmasq security update", "type": "oraclelinux", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-20T03:35:04", "bulletinFamily": "unix", "cvelist": ["CVE-2020-26217"], "description": "[1.3.1-12]\n- Rebuild with OpenJDK 7\n[1.3.1-11]\n- Fix remote code execution vulnerability\n- Resolves: CVE-2020-26217", "edition": 2, "modified": "2021-01-19T00:00:00", "published": "2021-01-19T00:00:00", "id": "ELSA-2021-0162", "href": "http://linux.oracle.com/errata/ELSA-2021-0162.html", "title": "xstream security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2021-01-20T01:14:39", "bulletinFamily": "info", "cvelist": ["CVE-2020-28188", "CVE-2020-7961", "CVE-2021-3007"], "description": "Researchers are warning a novel malware variant is targeting Linux devices, in order to add endpoints to a botnet to then be utilized in distributed-denial-of-service (DDoS) attacks and cryptomining.\n\nThe malware variant, called FreakOut, has a variety of capabilities. Those include port scanning, information gathering and data packet and network sniffing. It is actively adding infected Linux devices to a botnet, and has the ability to launch DDoS and network flooding attacks, as well as cryptomining activity.\n\n[](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit>)\n\nClick to Register \u2013 New Browser Tab Opens\n\n\u201cIf successfully exploited, each device infected by the FreakOut malware can be used as a remote-controlled attack platform by the threat actors behind the attack, enabling them to target other vulnerable devices to expand their network of infected machines,\u201d said researchers with Check Point Research [in a Tuesday analysis](<https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/>).\n\n## **Exploiting Critical Flaws**\n\nFreakOut first targets Linux devices with specific products that have not been patched against various flaws.\n\nThese include a [critical remote command execution flaw](<https://www.tenable.com/cve/CVE-2020-28188>) (CVE-2020-28188) in TerraMaster TOS (TerraMaster Operating System), a popular data storage device vendor. Versions prior to 4.2.06 are affected, while a patch will become available in 4.2.07.\n\nAlso targeted is a critical deserialization glitch (CVE-2021-3007) in Zend Framework, a popular collection of library packages that\u2019s used for building web applications. This flaw exists in versions higher than Zend Framework 3.0.0.\n\n\u201cThe maintainer no longer supports the Zend framework, and the lamins-http vendor released a relevant patch for this vulnerability should use 2.14.x bugfix [release (patch)](<https://github.com/laminas/laminas-http/pull/48>),\u201d researchers said.\n\nFinally attackers target a critical deserialization of untrusted data issue (CVE-2020-7961) in Liferay Portal, a free, open-source enterprise portal, with features for developing web portals and websites. Affected are versions prior to 7.2.1 CE GA2; an update is available in Liferay Portal 7.2 CE GA2 (7.2.1) or later.\n\n\u201cPatches are available for all products impacted in these CVEs, and users of these products are advised to urgently check any of these devices they are using and to update and patch them to close off these vulnerabilities,\u201d said researchers.\n\n## **Attack Surface**\n\nResearchers said that after exploiting one of these critical flaws, attackers then upload an obfuscated Python script called out.py, downloaded from the site https://gxbrowser[.]net.\n\n\u201cAfter the script is downloaded and given permissions (using the \u2018chmod\u2019 command), the attacker tries to run it using Python 2,\u201d they said. \u201cPython 2 reached EOL (end-of-life) last year, meaning the attacker assumes the victim\u2019s device has this deprecated product installed.\u201d\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2021/01/19093745/Freakout.jpg>)\n\nThe top industries targeted by the Freakout malware. Credit: Check Point\n\nThis script has varying capabilities, including a port scanning feature, the ability to collect system fingerprints (such as device addresses and memory information), creating and sending packets and brute-force abilities using hard-coded credentials to infect other network devices.\n\nAccording to a deep dive of the attackers\u2019 main command and control (C2) server, an estimated 185 devices have been hacked thus far.\n\nResearchers said that between Jan. 8 and Jan. 13 they observed 380 (blocked) attack attempts against customers. Most of these attempts were in North America and Western Europe, with the most targeted industries being finance, government and healthcare organizations.\n\nTo protect against FreakOut, researchers recommend Linux device users that utilize TerraMaster TOS, Zend Framework or Liferay Portal make sure they have deployed all patches.\n\n\u201cWe strongly recommend users check and patch their servers and Linux devices in order to prevent the exploitation of such vulnerabilities by FreakOut,\u201d they said.\n\n**Supply-Chain Security: A 10-Point Audit Webinar:** _Is your company\u2019s software supply-chain prepared for an attack? On Wed., Jan. 20 at 2p.m. ET, start identifying weaknesses in your supply-chain with actionable advice from experts \u2013 part of a _[_limited-engagement and LIVE Threatpost webinar_](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>)_. CISOs, AppDev and SysAdmin are invited to ask a panel of A-list cybersecurity experts how they can avoid being caught exposed in a post-SolarWinds-hack world. Attendance is limited: _[_**Register Now**_](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>)_ and reserve a spot for this exclusive Threatpost _[_Supply-Chain Security webinar_](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>)_ \u2013 Jan. 20, 2 p.m._\n", "modified": "2021-01-19T15:51:30", "published": "2021-01-19T15:51:30", "id": "THREATPOST:9ADEC71C063C7D96C17BBC40B54B9892", "href": "https://threatpost.com/linux-attack-freakout-malware/163137/", "type": "threatpost", "title": "Linux Devices Under Attack by New FreakOut Malware", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T01:12:10", "bulletinFamily": "info", "cvelist": [], "description": "The forum supporting the community for OpenWrt suffered a security breach over the weekend, giving hackers access to e-mail addresses, user handles and additional private forum user information.\n\nThose that maintain the forum for the Linux-based open-source firmware said the forum was breached in the early hours of Saturday Jan. 16, though how attackers got in remains unknown, according to a [security notice](<https://archive.fo/e0YBQ>) posted to the [forum\u2019s home page](<https://archive.fo/Zhpwc>). While the account had \u201ca good password,\u201d administrators acknowledged that the forum did not enable two-factor authentication for its users.\n\n[](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit>)\n\nClick to Register \u2013 New Browser Tab Opens\n\nWhile the breach of an open-source forum may not seem on the surface like such a big deal, the forum is often visited by those developing commercial routers, devices and software based on OpenWrt firmware. Targeting these users, then, could be used as a gateway into these companies\u2019 networks by threat actors. Commercial routers compatible with OpenWrt firmware include devices from [Netgear](<https://threatpost.com/netgear-wont-patch-45-router-models-vulnerable-to-serious-flaw/157977/>), [Zyxel](<https://threatpost.com/new-mirai-variant-mukashi-targets-zyxel-nas-devices/153982/>), TP-Link and [Linksys](<https://threatpost.com/20-linksys-router-models-vulnerable-to-attack/125085/>).\n\n\u201cThe intruder was able to download a copy of the user list that contains email addresses, handles, and other statistical information about the users of the forum,\u201d according to the notice, which also was sent out via a [mailing list](<https://lists.openwrt.org/pipermail/openwrt-announce/2021-January/000008.html>) to forum users. This means that users should assume that their email address and handle have been disclosed and \u201cmay get [phishing emails](<https://threatpost.com/microsoft-most-imitated-phishing/160255/>) that include your name,\u201d administrators said.\n\nThe OpenWrt Project is a Linux operating system for embedded devices that provides \u201ca fully writable filesystem with package management,\u201d according to its home page. Its basic components are Linux, util-linux, musl and BusyBox, all of which have been designed specifically to suit the memory and storage available on home networking devices.\n\nOpenWrt provides a framework to build an application without having to develop a complete firmware around it, so users can provide customization for devices in ways that proprietary systems don\u2019t offer, according to its administrators. Developers cite real-time network management, increased network stability, advanced wireless set-up, VPN integration, and increased network speed and security as some of the benefits of using OpenWrt.\n\nThough those that maintain the forum do not believe that attackers accessed the OpenWrt database, they advised users of the community to reset all passwords, providing specific details in the security notice for the proper procedure to do so. They also have flushed API keys from the forum, according to the notice.\n\nAdministrators also advised users to reset and refresh any Github login or OAuth key, if they use it to access the forum. However, since OpenWrt forum credentials are entirely independent of the OpenWrt Wiki that users access for information and updates about the platform, \u201cthere is no reason to believe there has been any compromise to the Wiki credentials,\u201d administrators said.\n\n\u201cWe apologize for the inconvenience caused by this attack,\u201d they said in the notice. \u201cWe will provide updates if we learn any more about the attacker or information that was disclosed.\n\n**Supply-Chain Security: A 10-Point Audit Webinar:** _Is your company\u2019s software supply-chain prepared for an attack? On Wed., Jan. 20 at 2p.m. ET, start identifying weaknesses in your supply-chain with actionable advice from experts \u2013 part of a _[_limited-engagement and LIVE Threatpost webinar_](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>)_. CISOs, AppDev and SysAdmin are invited to ask a panel of A-list cybersecurity experts how they can avoid being caught exposed in a post-SolarWinds-hack world. Attendance is limited: _[**_Register Now_**](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>)_ and reserve a spot for this exclusive Threatpost _[_Supply-Chain Security webinar_](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>)_ \u2013 Jan. 20, 2 p.m._\n", "modified": "2021-01-19T14:45:27", "published": "2021-01-19T14:45:27", "id": "THREATPOST:ACBB8FEA664E65E64AFCF6E0C9CA337B", "href": "https://threatpost.com/attackers-e-mails-openwrt-forum/163136/", "type": "threatpost", "title": "Attackers Steal E-Mails, Info from OpenWrt Forum", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2021-01-19T12:30:06", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16166", "CVE-2020-25211"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n* kernel: information exposure in drivers/char/random.c and kernel/time/timer.c (CVE-2020-16166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* RHEL8.1 - net/smc: fix silent data corruption in SMC (BZ#1882242)\n\n* RHEL8.1 - Random memory corruption may occur due to incorrect tlbflush (BZ#1899210)\n\n* RHEL8.3 Beta - RHEL8.3 hangs on dbginfo.sh execution, crash dump generated (mm-) (BZ#1903021)\n\n* [Azure][RHEL8] IP forwarding issue in netvsc (BZ#1904327)", "modified": "2021-01-19T15:39:55", "published": "2021-01-19T15:21:51", "id": "RHSA-2021:0184", "href": "https://access.redhat.com/errata/RHSA-2021:0184", "type": "redhat", "title": "(RHSA-2021:0184) Important: kernel security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-19T12:28:05", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12321"], "description": "The linux-firmware packages contain all of the firmware files that are required by various devices to operate.\n\nSecurity Fix(es):\n\n* hardware: buffer overflow in bluetooth firmware (CVE-2020-12321)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-19T15:39:54", "published": "2021-01-19T15:21:36", "id": "RHSA-2021:0183", "href": "https://access.redhat.com/errata/RHSA-2021:0183", "type": "redhat", "title": "(RHSA-2021:0183) Important: linux-firmware security update", "cvss": {"score": 5.8, "vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-19T10:26:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-4508"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Kernel: x86_32: BUG in syscall auditing (CVE-2014-4508)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-19T14:13:55", "published": "2021-01-19T14:01:02", "id": "RHSA-2021:0181", "href": "https://access.redhat.com/errata/RHSA-2021:0181", "type": "redhat", "title": "(RHSA-2021:0181) Moderate: kernel security update", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}], "thn": [{"lastseen": "2021-01-19T14:26:28", "bulletinFamily": "info", "cvelist": ["CVE-2020-28188", "CVE-2020-7961", "CVE-2021-3007"], "description": "[](<https://thehackernews.com/images/-flQTRa38Irw/YAazTzMzgRI/AAAAAAAABhg/3lETMZitxXMtIwDYHJLKb4Q2TT8s4GWlQCLcBGAsYHQ/s0/malware.jpg>)\n\nAn ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in network-attached storage (NAS) devices running on Linux systems to co-opt the machines into an [IRC botnet](<https://en.wikipedia.org/wiki/Botnet#IRC>) for launching distributed denial-of-service (DDoS) attacks and mining Monero cryptocurrency.\n\nThe attacks deploy a new malware variant called \"**FreakOut**\" by leveraging critical flaws fixed in Laminas Project (formerly Zend Framework) and Liferay Portal as well as an unpatched security weakness in TerraMaster, according to Check Point Research's new analysis [published](<https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/>) today and shared with The Hacker News.\n\nAttributing the malware to be the work of a long-time cybercrime hacker \u2014 who goes by the aliases Fl0urite and Freak on HackForums and Pastebin at least since 2015 \u2014 the researchers said the flaws \u2014 [CVE-2020-28188](<https://nvd.nist.gov/vuln/detail/CVE-2020-28188>), [CVE-2021-3007](<https://nvd.nist.gov/vuln/detail/CVE-2021-3007>), and [CVE-2020-7961](<https://nvd.nist.gov/vuln/detail/CVE-2020-7961>) \u2014 were weaponized to inject and execute malicious commands in the server.\n\n[](<https://thehackernews.com/images/-3xY_UuyIhxY/YAaxohEPwOI/AAAAAAAABhM/rd23yGFEmzAU-YktCiAweyxonHSY790QgCLcBGAsYHQ/s0/cyberattack-1.jpg>)\n\nRegardless of the vulnerabilities exploited, the end goal of the attacker appears to be to download and execute a Python script named \"out.py\" using Python 2, which [reached end-of-life](<https://www.python.org/doc/sunset-python-2/>) last year \u2014 implying that the threat actor is banking on the possibility that that victim devices have this deprecated version installed.\n\n\"The malware, downloaded from the site hxxp://gxbrowser[.]net, is an obfuscated Python script which contains polymorphic code, with the obfuscation changing each time the script is downloaded,\" the researchers said, adding the first attack attempting to download the file was observed on January 8.\n\nAnd indeed, three days later, cybersecurity firm F5 Labs [warned](<https://twitter.com/F5Labs/status/1348683108695072768>) of a series of attacks targeting NAS devices from TerraMaster (CVE-2020-28188) and Liferay CMS (CVE-2020-7961) in an attempt to spread N3Cr0m0rPh IRC bot and Monero cryptocurrency miner.\n\nAn IRC Botnet is a collection of machines infected with malware that can be controlled remotely via an IRC channel to execute malicious commands.\n\nIn FreakOut's case, the compromised devices are configured to communicate with a hardcoded command-and-control (C2) server from where they receive command messages to execute.\n\nThe malware also comes with extensive capabilities that allow it to perform various tasks, including port scanning, information gathering, creation and sending of data packets, network sniffing, and DDoS and flooding.\n\nFurthermore, the hosts can be commandeered as a part of a botnet operation for crypto-mining, spreading laterally across the network, and launching attacks on outside targets while masquerading as the victim company.\n\nWith hundreds of devices already infected within days of launching the attack, the researchers warn, FreakOut will ratchet up to higher levels in the near future.\n\nFor its part, [TerraMaster](<https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/>) is expected to patch the vulnerability in version 4.2.07. In the meantime, it's recommended that users upgrade to [Liferay Portal](<https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.2.1%20GA2/>) 7.2 CE GA2 (7.2.1) or later and [laminas-http 2.14.2](<https://github.com/laminas/laminas-http/releases/tag/2.14.2>) to mitigate the risk associated with the flaws.\n\n\"What we have identified is a live and ongoing cyber attack campaign targeting specific Linux users,\" said Adi Ikan, head of network cybersecurity Research at Check Point. \"The attacker behind this campaign is very experienced in cybercrime and highly dangerous.\"\n\n\"The fact that some of the vulnerabilities exploited were just published, provides us all a good example for highlighting the significance of securing your network on an ongoing basis with the latest patches and updates.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "modified": "2021-01-19T13:40:47", "published": "2021-01-19T10:59:00", "id": "THN:5BBCE1116015542504064D771F8581F1", "href": "https://thehackernews.com/2021/01/freakout-ongoing-botnet-attack.html", "type": "thn", "title": "FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-01-20T12:38:06", "description": "** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior.", "edition": 2, "cvss3": {}, "published": "2021-01-19T07:15:00", "title": "CVE-2021-3178", "type": "cve", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-3178"], "modified": "2021-01-19T13:31:00", "cpe": [], "id": "CVE-2021-3178", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3178", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "exploitdb": [{"lastseen": "2021-01-19T12:27:47", "description": "", "published": "2021-01-19T00:00:00", "type": "exploitdb", "title": "osTicket 1.14.2 - SSRF", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-24881"], "modified": "2021-01-19T00:00:00", "id": "EDB-ID:49441", "href": "https://www.exploit-db.com/exploits/49441", "sourceData": "# Exploit Title: osTicket 1.14.2 - SSRF\r\n# Date: 18-01-2021\r\n# Exploit Author: Talat Mehmood\r\n# Vendor Homepage: https://osticket.com/\r\n# Software Link: https://osticket.com/download/\r\n# Version: <1.14.3 \r\n# Tested on: Linux\r\n# CVE : CVE-2020-24881\r\n\r\nosTicket before 1.14.3 suffers from Server Side Request Forgery [SSRF]. HTML page is rendered on backend server on calling \"Print\" ticket functionality.\r\n\r\nBelow are the steps to reproduce this vulnerability:\r\n\r\n1. Create a new ticket\r\n2. Select \"HTML Format\" format.\r\n3. Add an image tag with your payload in src attribute i.e. \"<img src=https://mymaliciouswebsite.com\">\r\n4. After submitting this comment, print this ticket.\r\n5. You'll receive a hit on your malicious website from the internal server on which osTicket is deployed.\r\n\r\nFor more details, read my following blog:\r\n\r\nhttps://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-24881", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://www.exploit-db.com/download/49441"}], "talos": [{"lastseen": "2021-01-19T19:27:17", "bulletinFamily": "info", "cvelist": [], "description": "# Talos Vulnerability Report\n\n### TALOS-2020-1222\n\n## Prusa Research PrusaSlicer Admesh stl_fix_normal_directions() out-of-bounds write vulnerability\n\n##### January 19, 2021\n\n##### CVE Number\n\nCVE2020-28598\n\n### Summary\n\nAn out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.\n\n### Tested Versions\n\nPrusa Research PrusaSlicer 2.2.0 \nPrusa Research PrusaSlicer Master (commit 4b040b856)\n\n### Product URLs\n\n<https://www.prusa3d.com/prusaslicer/>\n\n### CVSSv3 Score\n\n8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-122 - Heap-based Buffer Overflow\n\n### Details\n\nPrusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model file formats and can output corresponding 3-D printer-readable Gcode.\n\nAfter normalizing a given `.stl`, `.obj`, `.3mf`, `.amf`, `.amf.xml`, `.3mf.xml` or `.prusa` file, assuming basic requirements are met, we end up creating a `TriangleMesh` object, which is then further processed/acted upon. For demonstration purposes, let us examine how the `.amf` file format behaves in this regard. Upon finding a closing `</volume>` tag within the XML, we hit the following code:\n \n \n void AMFParserContext::endElement(const char * /* name */)\n {\n switch (m_path.back()) {\n \n // Constellation transformation:\n case NODE_TYPE_DELTAX:\n case NODE_TYPE_DELTAX:\n case NODE_TYPE_DELTAX:\n //[...]\n \n // Closing the current volume. Create an STL from m_volume_facets pointing to m_object_vertices.\n case NODE_TYPE_VOLUME:\n {\n assert(m_object && m_volume);\n TriangleMesh mesh; // [1]\n stl_file &stl = mesh.stl;\n stl.stats.type = inmemory;\n stl.stats.number_of_facets = int(m_volume_facets.size() / 3); // [2]\n stl.stats.original_num_facets = stl.stats.number_of_facets;\n stl_allocate(&stl);\n \n bool has_transform = ! m_volume_transform.isApprox(Transform3d::Identity(), 1e-10);\n for (size_t i = 0; i < m_volume_facets.size();) { // [3]\n stl_facet &facet = stl.facet_start[i/3];\n for (unsigned int v = 0; v < 3; ++v)\n {\n unsigned int tri_id = m_volume_facets[i++] * 3;\n facet.vertex[v] = Vec3f(m_object_vertices[tri_id + 0], m_object_vertices[tri_id + 1], m_object_vertices[tri_id + 2]);\n }\n }\n stl_get_size(&stl);\n mesh.repair(); // [4]\n //[...]\n \n\nAt [1], we see our desired `TriangleMesh` object being instantiated, and at [2], an important variable `stl.stats.number_of_facets` is set as the amount of `m_volume_facets.size() / 3`; `m_volume_facets` is just a collection of all of the co-ordinates of all the triangles from our input. So if `m_volume_facets` looks like `std::vector of length 9, capacity 16 = {0x2, 0x3, 0x1, 0x2, 0x3, 0x0, 0x4, 0x1, 0x4}`, then this just means we have three triangle objects with three vertices each, each number representing the vertex index. Carrying on in the above example, at [3], the `stl.facet_start` vector is populated with `m_volume_facets.size()` elements, and at [4], we check the resultant set of facets to see if they make sense as a TriangleMesh and to repair if not. For the most part `TriangleMesh::repair()` consists of checks and assertions, but for our purposes, the only one that matters is here:\n \n \n // normal_directions\n #ifdef SLIC3R_TRACE_REPAIR\n BOOST_LOG_TRIVIAL(trace) << \"\\tstl_fix_normal_directions\";\n #endif /* SLIC3R_TRACE_REPAIR */\n stl_fix_normal_directions(&stl); // [1]\n assert(stl_validate(&this->stl));\n \n\nThe assumption is that certain facets in the list might be reversed, and normalization is enforced by [1]. Examining `admesh/normals.cpp:stl_fix_normal_directions()`:\n \n \n void stl_fix_normal_directions(stl_file *stl)\n {\n if (stl->stats.number_of_facets == 0)\n return;\n \n //[...]\n // Initialize linked list.\n boost::object_pool<stl_normal> pool;\n stl_normal *head = pool.construct();\n stl_normal *tail = pool.construct();\n head->next = tail;\n tail->next = tail;\n \n // Initialize list that keeps track of already fixed facets.\n std::vector<char> norm_sw(stl->stats.number_of_facets, 0); // stats.number_of_facets % 3 != 0 => oob write.\n // Initialize list that keeps track of reversed facets.\n std::vector<int> reversed_ids(stl->stats.number_of_facets, 0);\n \n\nThe first important characteristic of this function is that we allocate two vectors with a size of `stl->stats.number_of_facets`, which is of size `m_volume_facets.size() / 3`, i.e. the amount of triangles read in from our input. For completeness, this is what a \u2018Triangle\u2019 looks like from a `.amf` or `.3mf` file:\n \n \n <volume materialid=\"2\">/triangle>\n <triangle><v1>0</v1><v2>1</v2><v3>4</v3></triangle>\n <triangle><v1>4</v1><v2>1</v2><v3>2</v3></triangle>\n <triangle><v1>1</v1><v2>3</v2><v3>2</v3></triangle>\n </volume>\n \n\nElements `<v1>`, `<v2>`, `<v3>` all point to different vertex index, which look like such:\n \n \n <vertices>\n <vertex><coordinates><x>11</x><y>0</y><z>0</z></coordinates></vertex> // index 0\n <vertex><coordinates><x>0</x><y>0</y><z>0</z></coordinates></vertex>\n <vertex><coordinates><x>1</x><y>1</y><z>0</z></coordinates></vertex>\n <vertex><coordinates><x>5</x><y>2</y><z>0</z></coordinates></vertex>\n <vertex><coordinates><x>5</x><y>2</y><z>2</z></coordinates></vertex>\n </vertices>\n \n\nThus, to reiterate, `stl->stats.number_of_facets` can be thought of as the number of valid `<triangle>` objects in our input file. Continuing in `admesh/normals.cpp:stl_fix_normal_directions()`:\n \n \n for (;;) {\n // Add neighbors_to_list. Add unconnected neighbors to the list.\n bool force_exit = false;\n for (int j = 0; j < 3; ++ j) { // [1]\n // Reverse the neighboring facets if necessary.\n if (stl->neighbors_start[facet_num].which_vertex_not[j] > 2) {\n // If the facet has a neighbor that is -1, it means that edge isn't shared by another facet\n if (stl->neighbors_start[facet_num].neighbor[j] != -1) {\n if (norm_sw[stl->neighbors_start[facet_num].neighbor[j]] == 1) {\n \n for (int id = reversed_count - 1; id >= 0; -- id)\n reverse_facet(stl, reversed_ids[id]);\n force_exit = true;\n break;\n }\n reverse_facet(stl, stl->neighbors_start[facet_num].neighbor[j]); // if amount of \n reversed_ids[reversed_count ++] = stl->neighbors_start[facet_num].neighbor[j]; // [2] \n }\n }\n //[..]\n \n\nThe only thing that we must pay attention to: until the `for(;;)` loop breaks, [1] always executes three times (assuming we don\u2019t hit the `break`). Thus, the statement at [2] can potentially be hit three times max per `for (;;)` iteration, assuming that a given facet has enough valid neighbors. As mentioned/shown above, the `reversed_ids` vector\u2019s length is equivalent to the amount of triangles in the input file, and also there\u2019s no guarantee that the `(reversed_count % 3) == 0`. \nThus, for example, assume we have an input file in which there\u2019s only four triangles that are connected (e.g. a pyramid) and our `stl->neightbors_start` vector looks like such:\n \n \n [o.o]> p/x stl->neighbors_start\n $17 = std::vector of length 4, capacity 5 = {{neighbor = {0x1, 0x3, 0x2}, which_vertex_not = {0x2, 0x4, 0x3}}, {neighbor = {0x0, 0x2, 0x3}, which_vertex_not = {0x2, 0x2, 0x3}}, {neighbor = {0x1, 0x0, 0x3}, which_vertex_not = {0x0, 0x4, 0x5}}, {neighbor = {0x2, 0x1, 0x0}, which_vertex_not = {0x4, 0x4, 0x3}}}\n \n\nSince each facet/triangle has three neighbors, if each of these neighboring facets needs to be reversed, we can quickly exceed the amount of elements in the `reversed_ids` vector, which again was allocated with `stl->number_of_facets` elements. Given a specific layout of facets/triangles, the same facet may be reversed multiple times, causing the assignment at [2] to write out of bounds, resulting in a out-of-bounds heap write and possible code execution.\n\nA last important note: while this vulnerability is in `admesh/normals.cpp`, it seems that this \u201cadmesh\u201d library is a re-write or alternate of the standard \u201cadmesh\u201d library, which is written in C. It does not appear that this vulnerability applies to the standard \u201cadmesh\u201d library.\n\n### Crash Information\n \n \n =================================================================\n ==2302481==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200002dae0 at pc 0x7f4ae8a14209 bp 0x7fffea4d5fb0 sp 0x7fffea4d5fa8\n WRITE of size 4 at 0x60200002dae0 thread T0\n #0 0x7f4ae8a14208 in stl_fix_normal_directions(stl_file*) //boop/assorted_fuzzing/prusaslicer/PrusaSlicer/src/admesh/normals.cpp:168:47\n #1 0x7f4ae5dfe888 in Slic3r::TriangleMesh::repair(bool) //boop/assorted_fuzzing/prusaslicer/PrusaSlicer/src/libslic3r/TriangleMesh.cpp:178:5\n #2 0x7f4ae4d9d106 in Slic3r::AMFParserContext::endElement(char const*) //boop/assorted_fuzzing/prusaslicer/PrusaSlicer/src/libslic3r/Format/AMF.cpp:642:14\n #3 0x7f4ae4da672c in Slic3r::AMFParserContext::endElement(void*, char const*) //boop/assorted_fuzzing/prusaslicer/PrusaSlicer/src/libslic3r/Format/AMF.cpp:97:14\n #4 0x7f4adf19d9d9 (/lib/x86_64-linux-gnu/libexpat.so.1+0xb9d9)\n #5 0x7f4adf19e6af (/lib/x86_64-linux-gnu/libexpat.so.1+0xc6af)\n #6 0x7f4adf19bb82 (/lib/x86_64-linux-gnu/libexpat.so.1+0x9b82)\n #7 0x7f4adf19d04d (/lib/x86_64-linux-gnu/libexpat.so.1+0xb04d)\n #8 0x7f4adf1a0dbf in XML_ParseBuffer (/lib/x86_64-linux-gnu/libexpat.so.1+0xedbf)\n #9 0x7f4ae4da59cf in Slic3r::load_amf_file(char const*, Slic3r::DynamicPrintConfig*, Slic3r::Model*) //boop/assorted_fuzzing/prusaslicer/PrusaSlicer/src/libslic3r/Format/AMF.cpp:877:13\n #10 0x7f4ae4da8763 in Slic3r::load_amf(char const*, Slic3r::DynamicPrintConfig*, Slic3r::Model*, bool) //boop/assorted_fuzzing/prusaslicer/PrusaSlicer/src/libslic3r/Format/AMF.cpp:1048:16\n #11 0x565a98 in LLVMFuzzerTestOneInput //boop/assorted_fuzzing/prusaslicer/./fuzz_amf_harness.cpp:82:20\n #12 0x46be11 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (//boop/assorted_fuzzing/prusaslicer/amf_fuzzdir/fuzzamf.bin+0x46be11)\n #13 0x457582 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (//boop/assorted_fuzzing/prusaslicer/amf_fuzzdir/fuzzamf.bin+0x457582)\n #14 0x45d036 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (//boop/assorted_fuzzing/prusaslicer/amf_fuzzdir/fuzzamf.bin+0x45d036)\n #15 0x485cf2 in main (//boop/assorted_fuzzing/prusaslicer/amf_fuzzdir/fuzzamf.bin+0x485cf2)\n #16 0x7f4ae0a3e0b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16\n #17 0x431c4d in _start (//boop/assorted_fuzzing/prusaslicer/amf_fuzzdir/fuzzamf.bin+0x431c4d)\n \n 0x60200002dae0 is located 0 bytes to the right of 16-byte region [0x60200002dad0,0x60200002dae0)\n allocated by thread T0 here:\n #0 0x5610cd in operator new(unsigned long) (//boop/assorted_fuzzing/prusaslicer/amf_fuzzdir/fuzzamf.bin+0x5610cd)\n #1 0x7f4ae49ac5cb in __gnu_cxx::new_allocator<int>::allocate(unsigned long, void const*) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/ext/new_allocator.h:114:27\n #2 0x7f4ae49ac4f8 in std::allocator_traits<std::allocator<int> >::allocate(std::allocator<int>&, unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/alloc_traits.h:444:20\n #3 0x7f4ae49abf6f in std::_Vector_base<int, std::allocator<int> >::_M_allocate(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:343:20\n #4 0x7f4ae49ad4eb in std::_Vector_base<int, std::allocator<int> >::_M_create_storage(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:358:33\n #5 0x7f4ae49acf5f in std::_Vector_base<int, std::allocator<int> >::_Vector_base(unsigned long, std::allocator<int> const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:302:9\n #6 0x7f4ae5e9c937 in std::vector<int, std::allocator<int> >::vector(unsigned long, int const&, std::allocator<int> const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:521:9\n #7 0x7f4ae8a139e3 in stl_fix_normal_directions(stl_file*) //boop/assorted_fuzzing/prusaslicer/PrusaSlicer/src/admesh/normals.cpp:136:20\n #8 0x7f4ae5dfe888 in Slic3r::TriangleMesh::repair(bool) //boop/assorted_fuzzing/prusaslicer/PrusaSlicer/src/libslic3r/TriangleMesh.cpp:178:5\n #9 0x7f4ae4d9d106 in Slic3r::AMFParserContext::endElement(char const*) //boop/assorted_fuzzing/prusaslicer/PrusaSlicer/src/libslic3r/Format/AMF.cpp:642:14\n #10 0x7f4ae4da672c in Slic3r::AMFParserContext::endElement(void*, char const*) //boop/assorted_fuzzing/prusaslicer/PrusaSlicer/src/libslic3r/Format/AMF.cpp:97:14\n #11 0x7f4adf19d9d9 (/lib/x86_64-linux-gnu/libexpat.so.1+0xb9d9)\n \n SUMMARY: AddressSanitizer: heap-buffer-overflow //boop/assorted_fuzzing/prusaslicer/PrusaSlicer/src/admesh/normals.cpp:168:47 in stl_fix_normal_directions(stl_file*)\n Shadow bytes around the buggy address:\n 0x0c047fffdb00: fa fa 00 fa fa fa 00 00 fa fa 00 07 fa fa 00 fa\n 0x0c047fffdb10: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fd\n 0x0c047fffdb20: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fd\n 0x0c047fffdb30: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa\n 0x0c047fffdb40: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fd\n =>0x0c047fffdb50: fa fa fd fa fa fa 04 fa fa fa 00 00[fa]fa fa fa\n 0x0c047fffdb60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c047fffdb70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c047fffdb80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c047fffdb90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c047fffdba0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n Shadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07 \n Heap left redzone: fa\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n Left alloca redzone: ca\n Right alloca redzone: cb\n Shadow gap: cc\n ==2302481==ABORTING\n \n\n### Timeline\n\n2021-01-08 - Vendor Disclosure \n2021-01-14 - Vendor patched \n2021-01-19 - Public Release\n\n##### Credit\n\nDiscovered by Lilith >_> of Cisco Talos.\n\n* * *\n\nVulnerability Reports Previous Report\n\nTALOS-2020-1219\n", "edition": 1, "modified": "2021-01-19T00:00:00", "published": "2021-01-19T00:00:00", "id": "TALOS-2020-1222", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1222", "title": "Prusa Research PrusaSlicer Admesh stl_fix_normal_directions() out-of-bounds write vulnerability", "type": "talos", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-19T23:37:44", "bulletinFamily": "info", "cvelist": ["CVE-2020-28595"], "description": "# Talos Vulnerability Report\n\n### TALOS-2020-1219\n\n## Prusa Research PrusaSlicer Obj.cpp load_obj() out-of-bounds write vulnerability\n\n##### January 19, 2021\n\n##### CVE Number\n\nCVE-2020-28595\n\n### Summary\n\nAn out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.\n\n### Tested Versions\n\nPrusa Research PrusaSlicer 2.2.0 \nPrusa Research PrusaSlicer Master (commit 4b040b856)\n\n### Product URLs\n\n<https://www.prusa3d.com/prusaslicer/>\n\n### CVSSv3 Score\n\n8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-122 - Heap-based Buffer Overflow\n\n### Details\n\nPrusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model file formats and can output corresponding 3-D printer-readable Gcode.\n\nOne of the input file formats PrusaSlicer can deal with is `.obj` files, the code mainly handling this can be found in `PrusaSlicer/src/libslic3r/Format/OBJ.cpp` and `PrusaSlicer/src/libslic3r/Format/objparser.cpp`. \nWe now proceed to trace the winding code-path from entry to vulnerability, starting with `load_obj(const char *path, TriangleMesh *meshptr)`.\n \n \n bool load_obj(const char *path, TriangleMesh *meshptr){\n if(meshptr == nullptr) return false;\n \n // Parse the OBJ file.\n ObjParser::ObjData data;\n if (! ObjParser::objparse(path, data)) { // [1]\n // die \"Failed to parse $file\\n\" if !-e $path;\n return false;\n }\n \n\nAt [1], our given `.obj` file is parsed and populated into the ObjData structure, which looks like such:\n \n \n struct ObjData {\n // Version of the data structure for load / store in the private binary format.\n int version;\n \n // x, y, z, w\n std::vector<float> coordinates;\n // u, v, w\n std::vector<float> textureCoordinates;\n // x, y, z\n std::vector<float> normals;\n // u, v, w\n std::vector<float> parameters;\n \n std::vector<std::string> mtllibs;\n std::vector<ObjUseMtl> usemtls;\n std::vector<ObjObject> objects;\n std::vector<ObjGroup> groups;\n std::vector<ObjSmoothingGroup> smoothingGroups;\n \n // List of faces, delimited by an ObjVertex with all members set to -1.\n std::vector<ObjVertex> vertices;\n };\n \n\nAssuming things are going as intended, all of the data from our input file gets populated with data from our `.obj` file, for example, the following `.obj` file segment would populate two floats and two vertices:\n \n \n f 434//434 488//488 563//563\n f 451//451 435//435 436//436\n v 55.986176 26.094831 28.978714\n v -0.024765 -2.100579 -0.128764\n \n\nContinuing on into `load_obj(const char *path, TriangleMesh *meshptr)`, from where we left off:\n \n \n // Count the faces and verify, that all faces are triangular.\n size_t num_faces = 0;\n size_t num_quads = 0;\n for (size_t i = 0; i < data.vertices.size(); ) { // [1]\n size_t j = i;\n for (; j < data.vertices.size() && data.vertices[j].coordIdx != -1; ++ j) ;\n if (i == j)\n continue;\n size_t face_vertices = j - i;\n if (face_vertices != 3 && face_vertices != 4) {\n // Non-triangular and non-quad faces are not supported as of now.\n return false;\n }\n if (face_vertices == 4)\n ++ num_quads; // [2]\n ++ num_faces; // [3]\n i = j + 1;\n }\n \n // Convert ObjData into STL.\n TriangleMesh &mesh = *meshptr;\n stl_file &stl = mesh.stl;\n stl.stats.type = inmemory;\n stl.stats.number_of_facets = uint32_t(num_faces + num_quads); // [4]\n stl.stats.original_num_facets = int(num_faces + num_quads);\n // stl_allocate clears all the allocated data to zero, all normals are set to zeros as well.\n stl_allocate(&stl);\n \n\nThe most important things to note here are that: [1], we enter a loop whose iteration count is determined by the amount of vertices in our `.obj` file. For each iteration, the `num_quads` variable [2] might go up, and the `num_faces` variable [3] always goes up. At [4], these variables are stored together in the `stl.stats.number_of_facets` variable, which is further used inside `stl_allocate` [5] to determine how many `stl_facet` objects get stored into `stl.facet_start`:\n \n \n void stl_allocate(stl_file *stl)\n {\n // Allocate memory for the entire .STL file.\n stl->facet_start.assign(stl->stats.number_of_facets, stl_facet());\n // Allocate memory for the neighbors list.\n stl->neighbors_start.assign(stl->stats.number_of_facets, stl_neighbors());\n }\n \n\nThus, the amount of memory allocated is `sizeof(stl_facet) * (num_faces+num_quads)`, and if we desire further detail we can look at what an `stl_facet` object is:\n \n \n [x.x]> p/x sizeof(stl_facet)\n $11 = 0x34\n \n [^~^]> ptype stl_facet\n type = struct stl_facet {\n stl_normal normal;\n stl_vertex vertex[3];\n char extra[2];\n public:\n stl_facet rotated(const Eigen::Quaternion<float, 2> &) const;\n }\n \n\nTo proceed, let us again continue on inside the `load_obj(const char *path, TriangleMesh *meshptr)` function:\n \n \n stl_allocate(&stl);\n size_t i_face = 0;\n for (size_t i = 0; i < data.vertices.size(); ++ i) { // [1]\n if (data.vertices[i].coordIdx == -1)\n continue;\n stl_facet &facet = stl.facet_start[i_face ++]; // [2]\n size_t num_normals = 0;\n stl_normal normal(stl_normal::Zero());\n for (unsigned int v = 0; v < 3; ++ v) {\n const ObjParser::ObjVertex &vertex = data.vertices[i++]; // [3]\n // [...]\n }\n }\n if (data.vertices[i].coordIdx != -1) { // [4]\n // This is a quad. Produce the other triangle.\n stl_facet &facet2 = stl.facet_start[i_face++]; // [5]\n facet2.vertex[0] = facet.vertex[0]; // [6]\n facet2.vertex[1] = facet.vertex[2];\n const ObjParser::ObjVertex &vertex = data.vertices[i++];\n // [...]\n }\n \n\nAt [1], we again have a loop whose iteration count is determined by the amount of vertices, and at [2] we can see the `i_face` variable being used to index into the previously allocated `stl.facet_start` array and, more importantly, `i_face` is incremented. [3] is only important because it can increment `i`, which lets us enter the branch at [4]. Thus it\u2019s possible to hit the `i_face++` at [2] and the `i_face++` [5] within a single loop of [1]. \nRecall that the size of `stl.facet_start` is `sizeof(stl_facet) * (num_faces+num_quads)`, and also that `num_faces+num_quads` is at least equal to `data.vertices.size()`, since it can either go up by one or two for each fore mentioned loop iteration. Contrast this with the `i_face` variable, which can go up by two in a single loop, and we can quickly see that it\u2019s possible for `i_face` to exceed the amount of actual `stl_facet` objects within `stl.facet_start`, resulting in an out-of-bounds write on the heap. \nDedicated readers might notice and protest that the increment of `i` at [3] can potentially cause `i` to go out of bounds, and those dedicated readers would be decidedly correct, this is in fact a potential out-of-bounds read that allows us to trigger the out-of-bounds write.\n\nTo explain another way, PrusaSlicer expects every `stl_facet` to contain 4 vertices entries. If it\u2019s a triangle, it still has 4 vertices, it\u2019s just that the last `vertices.coordIdx` == -1, whereas a square\u2019s last `.coordIdx` != -1. If a given .obj file contains `x` vertices such that `x % 4 == 1` or `x % 4 == 2` then the file is rejected:\n \n \n for (size_t i = 0; i < data.vertices.size(); ) {\n size_t j = i;\n for (; j < data.vertices.size() && data.vertices[j].coordIdx != -1; ++ j) ;\n if (i == j)\n continue;\n size_t face_vertices = j - i;\n if (face_vertices != 3 && face_vertices != 4) { // rejected here\n // Non-triangular and non-quad faces are not supported as of now.\n return false;\n }\n \n\nBut, if `x % 4 == 3`, then we pass the above sanity check, and hit an oob-read that\u2019s looking for the fourth vertices in a given facet which can then trigger an oob-write as mentioned before.\n\n### Crash Information\n \n \n ================================================================= \n ==897228==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000010860 at pc 0x000000579ce2 bp 0x7ffdd8b355f0 sp 0x7ffdd8b355e8\n WRITE of size 4 at 0x606000010860 thread T0 \n #0 0x579ce1 in Eigen::internal::assign_op<float, float>::assignCoeff(float&, float const&) const /boop/assorted_fuzzing/prusaslicer/./PrusaSlicer/src/eigen/Eigen/src/Core/functors/AssignmentFunctors.h:24:102 \n #1 0x7f65faed2d8e in Eigen::internal::generic_dense_assignment_kernel<Eigen::internal::evaluator<Eigen::Matrix<float, 3, 1, 2, 3, 1> >, Eigen::internal::evaluator<Eigen::Matrix<float, 3, 1, 2, 3, 1> >, Eigen::internal::assign_op<float, float>, 0>::assignCoeff(long, long) /usr/include/eigen3/Eigen/src\n /Core/AssignEvaluator.h:631:15 \n #2 0x7f65faed2ba4 in Eigen::internal::generic_dense_assignment_kernel<Eigen::internal::evaluator<Eigen::Matrix<float, 3, 1, 2, 3, 1> >, Eigen::internal::evaluator<Eigen::Matrix<float, 3, 1, 2, 3, 1> >, Eigen::internal::assign_op<float, float>, 0>::assignCoeffByOuterInner(long, long) /usr/include/eige\n n3/Eigen/src/Core/AssignEvaluator.h:645:5 \n #3 0x7f65faed2aee in Eigen::internal::copy_using_evaluator_DefaultTraversal_CompleteUnrolling<Eigen::internal::generic_dense_assignment_kernel<Eigen::internal::evaluator<Eigen::Matrix<float, 3, 1, 2, 3, 1> >, Eigen::internal::evaluator<Eigen::Matrix<float, 3, 1, 2, 3, 1> >, Eigen::internal::assign_op\n <float, float>, 0>, 0, 3>::run(Eigen::internal::generic_dense_assignment_kernel<Eigen::internal::evaluator<Eigen::Matrix<float, 3, 1, 2, 3, 1> >, Eigen::internal::evaluator<Eigen::Matrix<float, 3, 1, 2, 3, 1> >, Eigen::internal::assign_op<float, float>, 0>&) /usr/include/eigen3/Eigen/src/Core/AssignEvalu\n ator.h:206:12 \n #4 0x7f65faed2a5d in Eigen::internal::dense_assignment_loop<Eigen::internal::generic_dense_assignment_kernel<Eigen::internal::evaluator<Eigen::Matrix<float, 3, 1, 2, 3, 1> >, Eigen::internal::evaluator<Eigen::Matrix<float, 3, 1, 2, 3, 1> >, Eigen::internal::assign_op<float, float>, 0>, 3, 2>::run(Eig\n en::internal::generic_dense_assignment_kernel<Eigen::internal::evaluator<Eigen::Matrix<float, 3, 1, 2, 3, 1> >, Eigen::internal::evaluator<Eigen::Matrix<float, 3, 1, 2, 3, 1> >, Eigen::internal::assign_op<float, float>, 0>&) /usr/include/eigen3/Eigen/src/Core/AssignEvaluator.h:435:5 \n #5 0x7f65faed25d3 in void Eigen::internal::call_dense_assignment_loop<Eigen::Matrix<float, 3, 1, 2, 3, 1>, Eigen::Matrix<float, 3, 1, 2, 3, 1>, Eigen::internal::assign_op<float, float> >(Eigen::Matrix<float, 3, 1, 2, 3, 1>&, Eigen::Matrix<float, 3, 1, 2, 3, 1> const&, Eigen::internal::assign_op<float\n , float> const&) /usr/include/eigen3/Eigen/src/Core/AssignEvaluator.h:741:3 \n #6 0x7f65faed23a4 in Eigen::internal::Assignment<Eigen::Matrix<float, 3, 1, 2, 3, 1>, Eigen::Matrix<float, 3, 1, 2, 3, 1>, Eigen::internal::assign_op<float, float>, Eigen::internal::Dense2Dense, void>::run(Eigen::Matrix<float, 3, 1, 2, 3, 1>&, Eigen::Matrix<float, 3, 1, 2, 3, 1> const&, Eigen::intern\n al::assign_op<float, float> const&) /usr/include/eigen3/Eigen/src/Core/AssignEvaluator.h:879:5\n #7 0x7f65faed231c in void Eigen::internal::call_assignment_no_alias<Eigen::Matrix<float, 3, 1, 2, 3, 1>, Eigen::Matrix<float, 3, 1, 2, 3, 1>, Eigen::internal::assign_op<float, float> >(Eigen::Matrix<float, 3, 1, 2, 3, 1>&, Eigen::Matrix<float, 3, 1, 2, 3, 1> const&, Eigen::internal::assign_op<float, \n float> const&) /usr/include/eigen3/Eigen/src/Core/AssignEvaluator.h:836:3\n #8 0x7f65faed2290 in void Eigen::internal::call_assignment<Eigen::Matrix<float, 3, 1, 2, 3, 1>, Eigen::Matrix<float, 3, 1, 2, 3, 1>, Eigen::internal::assign_op<float, float> >(Eigen::Matrix<float, 3, 1, 2, 3, 1>&, Eigen::Matrix<float, 3, 1, 2, 3, 1> const&, Eigen::internal::assign_op<float, float> co\n nst&, Eigen::internal::enable_if<!(evaluator_assume_aliasing<Eigen::Matrix<float, 3, 1, 2, 3, 1> >::value), void*>::type) /usr/include/eigen3/Eigen/src/Core/AssignEvaluator.h:804:3\n #9 0x7f65faed21b2 in void Eigen::internal::call_assignment<Eigen::Matrix<float, 3, 1, 2, 3, 1>, Eigen::Matrix<float, 3, 1, 2, 3, 1> >(Eigen::Matrix<float, 3, 1, 2, 3, 1>&, Eigen::Matrix<float, 3, 1, 2, 3, 1> const&) /usr/include/eigen3/Eigen/src/Core/AssignEvaluator.h:782:3\n #10 0x7f65faed2046 in Eigen::Matrix<float, 3, 1, 2, 3, 1>& Eigen::PlainObjectBase<Eigen::Matrix<float, 3, 1, 2, 3, 1> >::_set<Eigen::Matrix<float, 3, 1, 2, 3, 1> >(Eigen::DenseBase<Eigen::Matrix<float, 3, 1, 2, 3, 1> > const&) /usr/include/eigen3/Eigen/src/Core/PlainObjectBase.h:714:7\n #11 0x7f65faea9327 in Eigen::Matrix<float, 3, 1, 2, 3, 1>::operator=(Eigen::Matrix<float, 3, 1, 2, 3, 1> const&) /usr/include/eigen3/Eigen/src/Core/Matrix.h:208:20\n #12 0x7f65fb2021e7 in Slic3r::load_obj(char const*, Slic3r::TriangleMesh*) /boop/assorted_fuzzing/prusaslicer/PrusaSlicer/src/libslic3r/Format/OBJ.cpp:83:30\n #13 0x567aaf in LLVMFuzzerTestOneInput /boop/assorted_fuzzing/prusaslicer/./fuzz_obj_harness.cpp:82:20\n #14 0x46ddd1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/boop/assorted_fuzzing/prusaslicer/obj_fuzzdir/fuzzobj.bin+0x46ddd1)\n #15 0x459542 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/boop/assorted_fuzzing/prusaslicer/obj_fuzzdir/fuzzobj.bin+0x459542)\n #16 0x45eff6 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/boop/assorted_fuzzing/prusaslicer/obj_fuzzdir/fuzzobj.bin+0x45eff6)\n #17 0x487cb2 in main (/boop/assorted_fuzzing/prusaslicer/obj_fuzzdir/fuzzobj.bin+0x487cb2)\n #18 0x7f65f6e720b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16\n #19 0x433c0d in _start (/boop/assorted_fuzzing/prusaslicer/obj_fuzzdir/fuzzobj.bin+0x433c0d)\n \n 0x606000010860 is located 12 bytes to the right of 52-byte region [0x606000010820,0x606000010854)\n allocated by thread T0 here:\n #0 0x56308d in operator new(unsigned long) (/boop/assorted_fuzzing/prusaslicer/obj_fuzzdir/fuzzobj.bin+0x56308d)\n #1 0x7f65fb47a238 in __gnu_cxx::new_allocator<stl_facet>::allocate(unsigned long, void const*) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/ext/new_allocator.h:114:27\n #2 0x7f65fb47a168 in std::allocator_traits<std::allocator<stl_facet> >::allocate(std::allocator<stl_facet>&, unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/alloc_traits.h:444:20\n #3 0x7f65fb47a0cf in std::_Vector_base<stl_facet, std::allocator<stl_facet> >::_M_allocate(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:343:20\n #4 0x7f65fb479f1b in std::_Vector_base<stl_facet, std::allocator<stl_facet> >::_M_create_storage(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:358:33\n #5 0x7f65fb479b0f in std::_Vector_base<stl_facet, std::allocator<stl_facet> >::_Vector_base(unsigned long, std::allocator<stl_facet> const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:302:9\n #6 0x7f65fee5cb37 in std::vector<stl_facet, std::allocator<stl_facet> >::vector(unsigned long, stl_facet const&, std::allocator<stl_facet> const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:521:9\n #7 0x7f65fee5c75e in std::vector<stl_facet, std::allocator<stl_facet> >::_M_fill_assign(unsigned long, stl_facet const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/vector.tcc:262:11\n #8 0x7f65fee5b404 in std::vector<stl_facet, std::allocator<stl_facet> >::assign(unsigned long, stl_facet const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:747:9\n #9 0x7f65fee59998 in stl_allocate(stl_file*) /boop/assorted_fuzzing/prusaslicer/PrusaSlicer/src/admesh/stlinit.cpp:248:21\n #10 0x7f65fb201607 in Slic3r::load_obj(char const*, Slic3r::TriangleMesh*) /boop/assorted_fuzzing/prusaslicer/PrusaSlicer/src/libslic3r/Format/OBJ.cpp:55:5\n #11 0x567aaf in LLVMFuzzerTestOneInput /boop/assorted_fuzzing/prusaslicer/./fuzz_obj_harness.cpp:82:20\n #12 0x46ddd1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/boop/assorted_fuzzing/prusaslicer/obj_fuzzdir/fuzzobj.bin+0x46ddd1)\n #13 0x459542 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/boop/assorted_fuzzing/prusaslicer/obj_fuzzdir/fuzzobj.bin+0x459542)\n #14 0x45eff6 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/boop/assorted_fuzzing/prusaslicer/obj_fuzzdir/fuzzobj.bin+0x45eff6)\n #15 0x487cb2 in main (/boop/assorted_fuzzing/prusaslicer/obj_fuzzdir/fuzzobj.bin+0x487cb2)\n #16 0x7f65f6e720b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16\n \n SUMMARY: AddressSanitizer: heap-buffer-overflow /boop/assorted_fuzzing/prusaslicer/./PrusaSlicer/src/eigen/Eigen/src/Core/functors/AssignmentFunctors.h:24:102 in Eigen::internal::assign_op<float, float>::assignCoeff(float&, float const&) const\n Shadow bytes around the buggy address:\n 0x0c0c7fffa0b0: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00\n 0x0c0c7fffa0c0: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00\n 0x0c0c7fffa0d0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa\n 0x0c0c7fffa0e0: 00 00 00 00 00 00 00 00 fa fa fa fa fd fd fd fd\n 0x0c0c7fffa0f0: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd\n =>0x0c0c7fffa100: fa fa fa fa 00 00 00 00 00 00 04 fa[fa]fa fa fa\n 0x0c0c7fffa110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c0c7fffa120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c0c7fffa130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c0c7fffa140: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c0c7fffa150: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n \n\n### Timeline\n\n2020-12-14 - Vendor Disclosure \n2020-01-14 - Vendor patched \n2021-01-19 - Public Release\n\n##### Credit\n\nDiscovered by Lilith >_> of Cisco Talos.\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2020-1220\n\nPrevious Report\n\nTALOS-2020-1174\n", "edition": 2, "modified": "2021-01-19T00:00:00", "published": "2021-01-19T00:00:00", "id": "TALOS-2020-1219", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1219", "title": "Prusa Research PrusaSlicer Obj.cpp load_obj() out-of-bounds write vulnerability", "type": "talos", "cvss": {"score": 0.0, "vector": "NONE"}}], "cert": [{"lastseen": "2021-01-19T23:44:39", "bulletinFamily": "info", "cvelist": ["CVE-2020-25681", "CVE-2020-25682", "CVE-2020-25683", "CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686", "CVE-2020-25687"], "description": "### Overview\n\nDnsmasq is vulnerable to a set of memory corruption issues handling DNSSEC data and a second set of issues validating DNS responses. These vulnerabilities could allow an attacker to corrupt memory on a vulnerable system and perform cache poisoning attacks against a vulnerable environment.\n\nThese vulnerabilities are also tracked as [ICS-VU-668462](<https://us-cert.cisa.gov/ics/advisories/icsa-21-019-01>) and referred to as [DNSpooq](<https://www.jsof-tech.com/disclosures/dnspooq>).\n\n### Description\n\n[Dnsmasq](<http://www.thekelleys.org.uk/dnsmasq/doc.html>) is widely used open-source software that provides DNS forwarding and caching (and also a DHCP server). Dnsmasq is common in Internet-of-Things (IoT) and other embedded devices.\n\nJSOF reported multiple memory corruption vulnerabilities in dnsmasq due to boundary checking errors in DNSSEC handling code.\n\n * CVE-2020-25681: A heap-based buffer overflow in dnsmasq in the way it sorts RRSets before validating them with DNSSEC data in an unsolicited DNS response\n * CVE-2020-25682: A buffer overflow vulnerability in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data\n * CVE-2020-25683: A heap-based buffer overflow in get_rdata subroutine of dnsmasq, when DNSSEC is enabled and before it validates the received DNS entries\n * CVE-2020-25687: A heap-based buffer overflow in sort_rrset subroutine of dnsmasq, when DNSSEC is enabled and before it validates the received DNS entries\n\nJSOF also reported vulnerabilities in DNS response validation that can result in DNS cache poisoning.\n\n * CVE-2020-25684: Dnsmasq does not validate the combination of address/port and the query-id fields of DNS request when accepting DNS responses\n * CVE-2020-25685: Dnsmasq uses a weak hashing algorithm (CRC32) when compiled without DNSSEC to validate DNS responses\n * CVE-2020-25686: Dnsmasq does not check for an existing pending request for the same name and forwards a new request thus allowing an attacker to perform a [\"Birthday Attack\"](<https://tools.ietf.org/html/rfc5452#section-5>) scenario to forge replies and potentially poison the DNS cache\n\nNote: These cache poisoning scenarios and defenses are discussed in [IETF RFC5452](<https://tools.ietf.org/html/rfc5452>).\n\n### Impact\n\nThe memory corruption vulnerabilities can be triggered by a remote attacker using crafted DNS responses that can lead to denial of service, information exposure, and potentially remote code execution. The DNS response validation vulnerabilities allow an attacker to use unsolicited DNS responses to poison the DNS cache and redirect users to arbitrary sites.\n\n### Solution\n\n#### Apply updates\n\nThese vulnerabilities are addressed in [dnsmasq 2.83](<http://www.thekelleys.org.uk/dnsmasq/?C=M;O=D>). Users of IoT and embedded devices that use dnsmasq should contact their vendors.\n\n#### Follow security best-practices\n\nConsider the following security best-practices to protect DNS infrastructure:\n\n * Protect your DNS clients using [stateful-inspection firewall](<https://www.govinfo.gov/content/pkg/GOVPUB-C13-f52fdee3827e2f5d903fa8b4b66d4855/pdf/GOVPUB-C13-f52fdee3827e2f5d903fa8b4b66d4855.pdf>) that provide DNS security (e.g., stateful firewalls and NAT devices can block unsolicited DNS responses, DNS application layer inspection can prevent forwarding of anomalous DNS packets).\n * Provide secure DNS recursion service with features such as DNSSEC validation and the interim [0x20-bit encoding](<https://astrolavos.gatech.edu/articles/increased_dns_resistance.pdf>) as part of enterprise DNS services where applicable. \n * Prevent exposure of IoT devices and lightweight devices directly over the Internet to minimize abuse of DNS.\n * Implement a [Secure By Default](<https://en.wikipedia.org/wiki/Secure_by_default>) configuration suitable for your operating environment (e.g., disable caching on embedded IoT devices when an upstream caching resolver is available).\n\n### Acknowledgements\n\nMoshe Kol and Shlomi Oberman of [JSOF](<https://jsof-tech.com>) researched and reported these vulnerabilities. Simon Kelley (author of dnsmasq) worked closely with collaborative vendors (Cisco, Google, Pi-Hole, Redhat) to develop patches to address these security vulnerabilities. GitHub also supported these collaboration efforts providing support to use their [GitHub Security Advisory](<https://docs.github.com/en/free-pro-team@latest/github/managing-security-vulnerabilities/about-github-security-advisories>) platform for collaboration.\n\nThis document was written by Vijay Sarvepalli.\n\n### Vendor Information \n\n434904\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Arista Networks Inc. Affected\n\nNotified: 2020-09-23 Updated: 2021-01-19\n\n**Statement Date: January 04, 2021**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Affected \n**CVE-2020-25685**| Affected \n**CVE-2020-25686**| Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cisco __ Affected\n\nNotified: 2020-09-24 Updated: 2021-01-19\n\n**Statement Date: January 02, 2021**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Affected \n**CVE-2020-25685**| Affected \n**CVE-2020-25686**| Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g>\n\n### Cradlepoint __ Affected\n\nNotified: 2020-09-24 Updated: 2021-01-19\n\n**Statement Date: January 19, 2021**\n\n**CVE-2020-25681**| Affected \n---|--- \n**CVE-2020-25682**| Affected \n**CVE-2020-25683**| Affected \n**CVE-2020-25684**| Affected \n**CVE-2020-25685**| Affected \n**CVE-2020-25686**| Affected \n**CVE-2020-25687**| Affected \n \n#### Vendor Statement\n\nCradlepoint devices running NetCloud OS (NCOS) use dnsmasq for domain resolution, domain caching and DHCP services on the local LAN. DNS is a configurable service within NCOS therefore possible configuration states and potential impacts are listed.\n\n**Affected Components:** NCOS versions up to 7.21.20\n\n**Recommendations:** \nPromptly test and upgrade to the latest NCOS version upon release \nDisable (do not enable) DNSSEC until patched \nAuthenticate clients to the LAN using 802.1X \nDo not configure firewall to expose DNS services (UDP port 53) on WAN interfaces\n\n### Default Configuration: DNSSEC disabled\n\n**Cradlepoint Severity:** Low/Medium (dependent upon environment) \n**Potentially Impacted:** Local LAN users, clients and services \n**Potential attack path:** Local LAN \n**Associated CVEs:** CVE-2020-25684, CVE-2020-25685, CVE-2020-25686\n\n### Modified Configuration: DNSSEC enabled\n\n**Cradlepoint Severity:** Medium/High (dependent upon environment) \n**Potentially Impacted:** Device and sub-services; Local LAN users, clients and services \n**Potential attack path:** Local LAN \n**Associated CVEs:** CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687\n\n### Modified Configuration: DNS services exposed on WAN\n\n**Cradlepoint Severity:** Critical (dependent upon environment) \n**Potentially Impacted:** See above \n**Potential attack paths:** WAN interfaces; Local LAN \n**Associated CVEs:** See above\n\n#### References\n\n * <https://cradlepoint.com/about-us/trust/>\n\n### dd-wrt Affected\n\nNotified: 2020-09-24 Updated: 2021-01-19\n\n**Statement Date: January 11, 2021**\n\n**CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Affected \n**CVE-2020-25685**| Affected \n**CVE-2020-25686**| Affected \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Digi International Affected\n\nNotified: 2020-09-24 Updated: 2021-01-19\n\n**Statement Date: October 06, 2020**\n\n**CVE-2020-25681**| Affected \n---|--- \n**CVE-2020-25682**| Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Affected \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Netgear Inc. __ Affected\n\nNotified: 2020-09-28 Updated: 2021-01-19\n\n**Statement Date: January 14, 2021**\n\n**CVE-2020-25681**| Affected \n---|--- \n**CVE-2020-25682**| Affected \n**CVE-2020-25683**| Affected \n**CVE-2020-25684**| Affected \n**CVE-2020-25685**| Affected \n**CVE-2020-25686**| Affected \n**CVE-2020-25687**| Affected \n \n#### Vendor Statement\n\nNetgear has released fixes for multiple Dnsmasq security vulnerabilities on the following product affected models: RAX40 running firmware versions prior to v1.0.3.88 RAX35 running firmware versions prior to v1.0.3.88\n\nNETGEAR strongly recommends that you download the latest firmware as soon as possible.\n\nYou and follow the steps mentioned in the security advisory to upgrade it to the latest version. https://kb.netgear.com/000062628/Security-Advisory-for-Multiple-Dnsmasq-Vulnerabilities-on-Some-Routers-PSV-2020-0463\n\nThanks, Rachit Dogra\n\n#### References\n\n * <https://kb.netgear.com/000062628/Security-Advisory-for-Multiple-Dnsmasq-Vulnerabilities-on-Some-Routers-PSV-2020-0463>\n\n### OpenWRT __ Affected\n\nNotified: 2020-09-28 Updated: 2021-01-19\n\n**Statement Date: January 19, 2021**\n\n**CVE-2020-25681**| Affected \n---|--- \n**Vendor Statement:** \nOnly package dnsmasq-full, which is not installed by default, is affected. \n**CVE-2020-25682**| Affected \n**Vendor Statement:** \nOnly package dnsmasq-full, which is not installed by default, is affected. \n**CVE-2020-25683**| Affected \n**Vendor Statement:** \nOnly package dnsmasq-full, which is not installed by default, is affected. \n**CVE-2020-25684**| Affected \n**CVE-2020-25685**| Affected \n**Vendor Statement:** \nOnly package dnsmasq-full, which is not installed by default, is affected. \n**CVE-2020-25686**| Affected \n**CVE-2020-25687**| Affected \n**Vendor Statement:** \nOnly package dnsmasq-full, which is not installed by default, is affected. \n \n#### Vendor Statement\n\nOpenWrt shipps the following variants: * dnsmasq * dnsmasq-dhcpv6 * dnsmasq-full\n\nOnly dnsmasq-full has support for DNSSEC and only this variant is affected by the problems in the DNSSEC code as far as we understand them. The other problems affect all variants. The default installation contains the dnsmasq package only, but the user can install the other variants.\n\n#### References\n\n * <https://openwrt.org/advisory/2021-01-19-1>\n\n### Pi-Hole Affected\n\nNotified: 2020-10-12 Updated: 2021-01-19\n\n**Statement Date: January 11, 2021**\n\n**CVE-2020-25681**| Affected \n---|--- \n**CVE-2020-25682**| Affected \n**CVE-2020-25683**| Affected \n**CVE-2020-25684**| Affected \n**CVE-2020-25685**| Affected \n**CVE-2020-25686**| Affected \n**CVE-2020-25687**| Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Red Hat __ Affected\n\nNotified: 2020-09-25 Updated: 2021-01-19\n\n**Statement Date: January 15, 2021**\n\n**CVE-2020-25681**| Affected \n---|--- \n**Vendor Statement:** \nThis issue affects the versions of dnsmasq as shipped with Red Hat Enterprise Linux 8, but it does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 because they are not compiled with DNSSEC support. \n**CVE-2020-25682**| Affected \n**Vendor Statement:** \nThis issue affects the versions of dnsmasq as shipped with Red Hat Enterprise Linux 8, but it does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 because they are not compiled with DNSSEC support. \n**CVE-2020-25683**| Affected \n**Vendor Statement:** \nThis issue affects the versions of dnsmasq as shipped with Red Hat Enterprise Linux 8, but it does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 because they are not compiled with DNSSEC support. \n**CVE-2020-25684**| Affected \n**Vendor Statement:** \nThis issue affects the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8. Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV) are indirectly affected as well. \n**CVE-2020-25685**| Affected \n**Vendor Statement:** \nThis issue affects the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8. Red Hat Enterprise Linux 8 provides dnsmasq compiled with DNSSEC support, thus SHA-1 is used as a hash for query names instead of CRC32, making collisions harder to find. Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV) are indirectly affected as well. \n**CVE-2020-25686**| Affected \n**Vendor Statement:** \nThis issue affects the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8. Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV) are indirectly affected as well. \n**CVE-2020-25687**| Affected \n**Vendor Statement:** \nThis issue affects the versions of dnsmasq as shipped with Red Hat Enterprise Linux 8, but it does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 because they are not compiled with DNSSEC support. \n \n#### References\n\n * <https://access.redhat.com/security/vulnerabilities/RHSB-2021-001>\n\n### Siemens __ Affected\n\nNotified: 2020-10-12 Updated: 2021-01-19\n\n**Statement Date: January 19, 2021**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Affected \n**CVE-2020-25685**| Affected \n**CVE-2020-25686**| Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nSiemens is aware of the security vulnerabilities in the Open Source component DNSmasq, as disclosed on 2021-01-19 and also known as \"DNSpooq\".\n\nThe impact to Siemens products is described in the Security Advisory SSA-646763, published on the Siemens ProductCERT page (https://www.siemens.com/cert/advisories).\n\nIn case of questions regarding this Security Advisory, please contact Siemens ProductCERT (productcert@siemens.com).\n\n#### References\n\n * <https://cert-portal.siemens.com/productcert/pdf/ssa-646763.pdf>\n\n### Sophos __ Affected\n\nNotified: 2020-09-28 Updated: 2021-01-19\n\n**Statement Date: January 19, 2021**\n\n**CVE-2020-25681**| Affected \n---|--- \n**CVE-2020-25682**| Affected \n**CVE-2020-25683**| Affected \n**CVE-2020-25684**| Affected \n**CVE-2020-25685**| Affected \n**CVE-2020-25686**| Affected \n**CVE-2020-25687**| Affected \n \n#### Vendor Statement\n\nSophos Red devices are impacted. More information to follow\n\n#### References\n\n * <https://community.sophos.com/b/security-blog/posts/advisory-resolved-multiple-dnsmasq-vulnerabilities-aka-dnspooq-in-sophos-red>\n\n### SUSE Linux Affected\n\nNotified: 2020-09-28 Updated: 2021-01-19\n\n**Statement Date: January 14, 2021**\n\n**CVE-2020-25681**| Affected \n---|--- \n**CVE-2020-25682**| Affected \n**CVE-2020-25683**| Affected \n**CVE-2020-25684**| Affected \n**CVE-2020-25685**| Affected \n**CVE-2020-25686**| Affected \n**CVE-2020-25687**| Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Synology Affected\n\nNotified: 2020-09-28 Updated: 2021-01-19\n\n**Statement Date: November 04, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Affected \n**CVE-2020-25685**| Affected \n**CVE-2020-25686**| Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Technicolor __ Affected\n\nNotified: 2020-09-15 Updated: 2021-01-19\n\n**Statement Date: September 29, 2020**\n\n**CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Affected \n**Vendor Statement:** \nwe confirm that dnsmaq is affected by this vulnerability. however it is very unlikely to see real world exploitation of this vulnerability. It requires dnsmasq to be configured to do DNS requests to a rogue DNS that will serve these unrelated CNAME records. Devices are configured to request ISPs DNS. Moreover, these unrelated CNAME records are not valid and cannot be configured in a regular zone file; they require custom DNS server to be served. So, if you control a custom DNS and you can configure dnsmasq to request this DNS, no need to exploit a vulnerability to poison the cache, just answer what you want. Risk level : LOW CVSS v2 : 3.6 \n**CVE-2020-25683**| Not Affected \n**Vendor Statement:** \nDNSSEC is not available on dnsmasq version we use \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n### Wind River Affected\n\nNotified: 2020-09-29 Updated: 2021-01-19\n\n**Statement Date: October 14, 2020**\n\n**CVE-2020-25681**| Affected \n---|--- \n**CVE-2020-25682**| Affected \n**CVE-2020-25683**| Affected \n**CVE-2020-25684**| Affected \n**CVE-2020-25685**| Affected \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Zephyr Project __ Affected\n\nNotified: 2020-09-29 Updated: 2021-01-19\n\n**Statement Date: October 27, 2020**\n\n**CVE-2020-25681**| Affected \n---|--- \n**CVE-2020-25682**| Affected \n**CVE-2020-25683**| Affected \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Affected \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nThe Zephyr project consists of a core RTOS, numerous additional modules, and an extensive suite of test builds and test cases. This vulnerability does not directly affect the RTOS, or the additional modules. However, some of the test cases use the dnsmasq tool, which could render these testing environment vulnerable. In these test cases, the dnsmasq tool is used strictly by RTOS+test code running within the QEMU simulation environment. Attacks on dnsmasq could result in test failures causing a denial of service to the project (due to incorrect failures).\n\n### Actiontec __ Not Affected\n\nNotified: 2020-09-23 Updated: 2021-01-19\n\n**Statement Date: January 19, 2021**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nwe do not use dnsmasq in our products\n\n### Afero Not Affected\n\nNotified: 2020-09-23 Updated: 2021-01-19\n\n**Statement Date: November 02, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Android Open Source Project __ Not Affected\n\nNotified: 2020-09-23 Updated: 2021-01-19\n\n**Statement Date: November 23, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nWhile Android does have Dnsmasq code but it is used in a limited capacity and cannot be attacked or exploited in the manner described in this report.\n\n### ARM mbed TLS Not Affected\n\nNotified: 2020-09-23 Updated: 2021-01-19\n\n**Statement Date: September 24, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AVM GmbH __ Not Affected\n\nNotified: 2020-09-23 Updated: 2021-01-19\n\n**Statement Date: October 30, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**Vendor Statement:** \nAVM does not use dnsmasq \n**CVE-2020-25687**| Not Affected \n**Vendor Statement:** \nAVM does not use dnsmasq \n \n#### Vendor Statement\n\nAVM doesn't use the dnsmasq project within its firmwares.\n\n### Barracuda Networks Not Affected\n\nNotified: 2020-09-23 Updated: 2021-01-19\n\n**Statement Date: January 19, 2021**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Blackberry QNX Not Affected\n\nNotified: 2020-09-23 Updated: 2021-01-19\n\n**Statement Date: October 30, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Brocade Communication Systems __ Not Affected\n\nNotified: 2020-09-24 Updated: 2021-01-19\n\n**Statement Date: November 25, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by these vulnerabilities.\n\n### Check Point __ Not Affected\n\nNotified: 2020-09-24 Updated: 2021-01-19\n\n**Statement Date: January 17, 2021**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nDnsmasq is used in Check Point for local \"zones\" and not actual registered ones. Also, we don't have DNSSEC enabled.\n\n### eCosCentric __ Not Affected\n\nNotified: 2020-09-24 Updated: 2021-01-19\n\n**Statement Date: November 25, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nDo not use/supply Dnsmasq\n\n### eero __ Not Affected\n\nNotified: 2020-09-24 Updated: 2021-01-19\n\n**Statement Date: January 15, 2021**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\neero products do not use the affected functionality of the affected software products, and so are unaffected by these vulnerabilities.\n\n### F5 Networks Inc. __ Not Affected\n\nNotified: 2020-09-24 Updated: 2021-01-19\n\n**Statement Date: December 05, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**Vendor Statement:** \nThe package dnsmasq and/or associated binaries are not installed on F5 products, therefore they are not affected by these vulnerabilities. \n**CVE-2020-25682**| Not Affected \n**Vendor Statement:** \nThe package dnsmasq and/or associated binaries are not installed on F5 products, therefore they are not affected by these vulnerabilities. \n**CVE-2020-25683**| Not Affected \n**Vendor Statement:** \nThe package dnsmasq and/or associated binaries are not installed on F5 products, therefore they are not affected by these vulnerabilities. \n**CVE-2020-25684**| Not Affected \n**Vendor Statement:** \nThe package dnsmasq and/or associated binaries are not installed on F5 products, therefore they are not affected by these vulnerabilities. \n**CVE-2020-25685**| Not Affected \n**Vendor Statement:** \nThe package dnsmasq and/or associated binaries are not installed on F5 products, therefore they are not affected by these vulnerabilities. \n**CVE-2020-25686**| Not Affected \n**Vendor Statement:** \nThe package dnsmasq and/or associated binaries are not installed on F5 products, therefore they are not affected by these vulnerabilities. \n**CVE-2020-25687**| Not Affected \n**Vendor Statement:** \nThe package dnsmasq and/or associated binaries are not installed on F5 products, therefore they are not affected by these vulnerabilities. \n \n#### Vendor Statement\n\nThe package dnsmasq and/or associated binaries are not installed on F5 products, therefore they are not affected by these vulnerabilities.\n\n### FreeBSD Project __ Not Affected\n\nNotified: 2020-09-24 Updated: 2021-01-19\n\n**Statement Date: September 24, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nFreeBSD does not ship with dnsmasq as part of the base system. dnsmasq is available as part of the FreeBSD ports/pkg system, but the responsibility for analysis of risk lies with the administrator that chooses to install and configure dnsmasq.\n\n### Google Not Affected\n\nNotified: 2020-09-24 Updated: 2021-01-19\n\n**Statement Date: December 07, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### HCC Not Affected\n\nNotified: 2020-09-24 Updated: 2021-01-19\n\n**Statement Date: November 26, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Infoblox Not Affected\n\nNotified: 2020-09-25 Updated: 2021-01-19\n\n**Statement Date: October 16, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Intel Not Affected\n\nNotified: 2020-09-25 Updated: 2021-01-19\n\n**Statement Date: January 19, 2021**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Juniper Networks __ Not Affected\n\nNotified: 2020-09-25 Updated: 2021-01-19\n\n**Statement Date: January 19, 2021**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nBased on our investigation we confirm that there are no platforms/products which are affected from these vulnerabilities.\n\nSecurity Incident Response Team Juniper Networks\n\n### LANCOM Systems GmbH __ Not Affected\n\nNotified: 2020-09-25 Updated: 2021-01-19\n\n**Statement Date: January 14, 2021**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nLANCOM Systems products are not affected by these vulnerabilities.\n\n### lwIP __ Not Affected\n\nNotified: 2020-09-25 Updated: 2021-01-19\n\n**Statement Date: December 04, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nlwIP does not use dnsmasq code. We've had similar bugs like 1 and 2 here in the past (with their own CVE), but these have been fixed quite a while ago.\n\n### MikroTik __ Not Affected\n\nNotified: 2020-09-28 Updated: 2021-01-19\n\n**Statement Date: September 29, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**Vendor Statement:** \nDnsmasq not used in MikroTik software \n**CVE-2020-25682**| Not Affected \n**Vendor Statement:** \nDnsmasq not used in MikroTik software \n**CVE-2020-25683**| Not Affected \n**Vendor Statement:** \nDnsmasq not used in MikroTik software \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Not Affected \n**Vendor Statement:** \nDnsmasq not used in MikroTik software \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nDnsmasq not used in MikroTik software\n\n### Miredo __ Not Affected\n\nNotified: 2020-09-28 Updated: 2021-01-19\n\n**Statement Date: January 19, 2021**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\ndnsmasq is not used.\n\n### NetBSD Not Affected\n\nNotified: 2020-09-28 Updated: 2021-01-19\n\n**Statement Date: September 28, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### netsnmp Not Affected\n\nNotified: 2020-09-28 Updated: 2021-01-19\n\n**Statement Date: October 30, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Rockwell Automation Not Affected\n\nNotified: 2020-09-28 Updated: 2021-01-19\n\n**Statement Date: November 30, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Treck __ Not Affected\n\nNotified: 2020-09-29 Updated: 2021-01-19\n\n**Statement Date: October 14, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nTreck does not use Dnsmasq.\n\n### VMware Not Affected\n\nNotified: 2020-09-29 Updated: 2021-01-19\n\n**Statement Date: November 03, 2020**\n\n**CVE-2020-25681**| Not Affected \n---|--- \n**CVE-2020-25682**| Not Affected \n**CVE-2020-25683**| Not Affected \n**CVE-2020-25684**| Not Affected \n**CVE-2020-25685**| Not Affected \n**CVE-2020-25686**| Not Affected \n**CVE-2020-25687**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ceragon Networks Inc __ Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19\n\n**Statement Date: January 18, 2021**\n\n**CVE-2020-25681**| Unknown \n---|--- \n**Vendor Statement:** \nnot relevant \n**CVE-2020-25682**| Unknown \n**Vendor Statement:** \nnot relevant \n**CVE-2020-25683**| Unknown \n**Vendor Statement:** \nnot relevant \n**CVE-2020-25684**| Unknown \n**Vendor Statement:** \nnot relevant \n**CVE-2020-25685**| Unknown \n**Vendor Statement:** \nnot relevant \n**CVE-2020-25686**| Unknown \n**Vendor Statement:** \nnot relevant \n**CVE-2020-25687**| Unknown \n**Vendor Statement:** \nnot relevant \n \n### D-Link Systems Inc. __ Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19\n\n**Statement Date: September 30, 2020**\n\n**CVE-2020-25681**| Unknown \n---|--- \n**Vendor Statement:** \nD-Link has been informed that DNSmasq, a popular caching DNS server and DHCP server, is vulnerable to DNS cache poisoning attacks. We have promptly started our investigation to determine whether D-Link routers are affected, and we will provide updates as soon as we have more information. D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. Please check the D-Link website for updates. \n**CVE-2020-25682**| Unknown \n**Vendor Statement:** \nD-Link has been informed that DNSmasq, a popular caching DNS server and DHCP server, is vulnerable to DNS cache poisoning attacks. We have promptly started our investigation to determine whether D-Link routers are affected, and we will provide updates as soon as we have more information. D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. Please check the D-Link website for updates. \n**CVE-2020-25683**| Unknown \n**Vendor Statement:** \nD-Link has been informed that DNSmasq, a popular caching DNS server and DHCP server, is vulnerable to DNS cache poisoning attacks. We have promptly started our investigation to determine whether D-Link routers are affected, and we will provide updates as soon as we have more information. D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. Please check the D-Link website for updates. \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**Vendor Statement:** \nD-Link has been informed that DNSmasq, a popular caching DNS server and DHCP server, is vulnerable to DNS cache poisoning attacks. We have promptly started our investigation to determine whether D-Link routers are affected, and we will provide updates as soon as we have more information. D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. Please check the D-Link website for updates. \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nD-Link has been informed that DNSmasq, a popular caching DNS server and DHCP server, is vulnerable to DNS cache poisoning attacks. We have promptly started our investigation to determine whether D-Link routers are affected, and we will provide updates as soon as we have more information.\n\nD-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. Please check the D-Link website for updates.\n\n#### References\n\n * [security@dlink.com](<security@dlink.com>)\n\n### IBM Corporation (zseries) __ Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19\n\n**Statement Date: September 29, 2020**\n\n**CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nAs a best practice for IBM Z, IBM strongly recommends that clients obtain access to the IBM Z and LinuxONE Security Portal and subscribe to the Security Portal\u2019s automatic notification process to get access to the latest service information on security and system integrity related APARs for z/OS and z/VM.\n\n### A10 Networks Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ACCESS Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Actelis Networks Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ADATA Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ADTRAN Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Aerohive Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AhnLab Inc Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AirWatch Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Akamai Technologies Inc. Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Allied Telesis Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Alpine Linux Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Altran Intelligent Systems Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Amazon Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ANTlabs Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Apple Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Arch Linux Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ARRIS Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Aruba Networks Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Aspera Inc. Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ASUSTeK Computer Inc. Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Atheros Communications Inc Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AT&T Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Avaya Inc. Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belden Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belkin Inc. Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Bell Canada Enterprises Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### BlackBerry Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### BlueCat Networks Inc. Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Blue Coat Systems Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Blunk Microsystems Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### BoringSSL Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Broadcom Unknown\n\nNotified: 2020-09-23 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Buffalo Technology Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### BullGuard Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cambium Networks Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CA Technologies Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CERT-UBIK Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cesanta Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cirpack Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CMX Systems Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Comcast Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Commscope Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Contiki OS Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cricket Wireless Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cypress Semiconductor Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CZ.NIC Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Debian GNU/Linux Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell EMC Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell SecureWorks Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Deutsche Telekom Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Devicescape Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Diebold Election Systems Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### dnsmasq Unknown\n\nNotified: 2020-09-18 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### EfficientIP Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ENEA Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ericsson Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Espressif Systems Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### European Registry for Internet Domains Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Express Logic Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Extreme Networks Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Fastly Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Fedora Project Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### FNet Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Force10 Networks Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Fortinet Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Foundry Brocade Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### FreeRTOS Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### F-Secure Corporation Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Fujitsu Unknown\n\nNotified: 2020-12-15 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Geexbox Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Gentoo Linux Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### GFI Software Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### GNU adns Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### GNU glibc Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Grandstream Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Green Hills Software Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hewlett Packard Enterprise Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hitachi Unknown\n\nNotified: 2020-09-24 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hitron Unknown\n\nNotified: 2021-01-19 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Honeywell Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### HP Inc. Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### HTC Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Huawei Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Numa-Q Division (Formerly Sequent) Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ICASI Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### InfoExpress Inc. Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Inmarsat Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Internet Systems Consortium Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Internet Systems Consortium - DHCP Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### INTEROP Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IP Infusion Inc. Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### JH Software Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### JPCERT/CC Vulnerability Handling Team Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Kwikset Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lancope Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lantronix Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lenovo Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LG Electronics Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LibreSSL Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Linksys Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LITE-ON Technology Corporation Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LiteSpeed Technologies Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lynx Software Technologies Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### m0n0wall Unknown\n\nNotified: 2020-09-25 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Marconi Inc. Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Marvell Semiconductor Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MaxLinear Unknown\n\nNotified: 2021-01-13 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### McAfee Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MediaTek Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Medtronic Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Men & Mice Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Metaswitch Networks Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Micrium Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Microchip Technology Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Micro Focus Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Microsoft Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Minim Zoom Unknown\n\nNotified: 2021-01-19 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Mitel Networks Inc. Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Monroe Electronics Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Motorola Inc. Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Muonics Inc. Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### National Cyber Security Center Netherlands Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### National Cyber Security Centre Finland Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NCSC-FI Vulnerability Coordinator Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NEC Corporation Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NetBurner Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NetComm Wireless Limited Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NETSCOUT Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### netsnmpj Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NIKSUN Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nixu Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NLnet Labs Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nokia Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Nominum Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OleumTech Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenConnect Ltd Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenDNS Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenSSL Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Oracle Corporation Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Oryx Embedded Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Paessler Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Palo Alto Networks Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Peplink Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### pfSense Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Philips Electronics Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### PHPIDS Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### PowerDNS Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Proxim Inc. Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Pulse Secure Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### QLogic Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### QNAP Unknown\n\nNotified: 2020-10-08 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quadros Systems Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quagga Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Qualcomm Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quantenna Communications Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Riverbed Technologies Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Roku Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ruckus Wireless Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ruijie Networks Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SafeNet Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Samsung Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Samsung Mobile Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Samsung Semiconductor Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Schneider Electric Unknown\n\nNotified: 2020-12-08 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Secure64 Software Corporation Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SEIKO EPSON Corp. / Epson America Inc. Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sierra Wireless Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Slackware Linux Inc. Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SMC Networks Inc. Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SmoothWall Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Snort Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SonicWall Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sonos Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sony Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sourcefire Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Symantec Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Systech Unknown\n\nNotified: 2020-09-28 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### systemd Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TCPWave Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TDS Telecom Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Tenable Network Security Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Thales Group Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19\n\n**Statement Date: September 30, 2020**\n\n**CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TippingPoint Technologies Inc. Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Tizen Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Toshiba Commerce Solutions Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TP-LINK Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Turbolinux Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubee Interactive Unknown\n\nNotified: 2021-01-19 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubiquiti Networks Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubuntu Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Unisys Corporation Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Univention Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Untangle Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vertical Networks Inc. Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### VMware Carbon Black Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vultures List Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### WizNET Technology Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### wolfSSL Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Xiaomi Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Xilinx Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Zebra Technologies Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ZTE Corporation Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Zyxel Unknown\n\nNotified: 2020-09-29 Updated: 2021-01-19 **CVE-2020-25681**| Unknown \n---|--- \n**CVE-2020-25682**| Unknown \n**CVE-2020-25683**| Unknown \n**CVE-2020-25684**| Unknown \n**CVE-2020-25685**| Unknown \n**CVE-2020-25686**| Unknown \n**CVE-2020-25687**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 253 vendors __View less vendors __\n\n \n\n\n### References \n\n * <https://www.kb.cert.org/vuls/id/800113>\n * <https://kb.cert.org/vuls/id/973527>\n * <https://transition.fcc.gov/bureaus/pshs/advisory/csric3/CSRICIII_9-12-12_WG4-FINAL-Report-DNS-Best-Practices.pdf>\n * <https://astrolavos.gatech.edu/articles/increased_dns_resistance.pdf>\n * <https://www.icann.org/news/blog/security-best-practices-dnssec-validation>\n * <http://www.thekelleys.org.uk/dnsmasq/doc.html>\n * <https://www.jsof-tech.com/disclosures/dnspooq>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2020-25681 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25681>) [CVE-2020-25682 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25682>) [CVE-2020-25683 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25683>) [CVE-2020-25684 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25684>) [CVE-2020-25685 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25685>) [CVE-2020-25686 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25686>) [CVE-2020-25687 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25687>) \n---|--- \n**Date Public:** | 2021-01-19 \n**Date First Published:** | 2021-01-19 \n**Date Last Updated: ** | 2021-01-19 22:34 UTC \n**Document Revision: ** | 3 \n", "modified": "2021-01-19T22:34:00", "published": "2021-01-19T00:00:00", "id": "VU:434904", "href": "https://www.kb.cert.org/vuls/id/434904", "type": "cert", "title": "Dnsmasq is vulnerable to memory corruption and cache poisoning", "cvss": {"score": 0.0, "vector": "NONE"}}], "packetstorm": [{"lastseen": "2021-01-19T17:23:26", "description": "", "published": "2021-01-19T00:00:00", "type": "packetstorm", "title": "osTicket 1.14.2 Server-Side Request Forgery", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-24881"], "modified": "2021-01-19T00:00:00", "id": "PACKETSTORM:160995", "href": "https://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html", "sourceData": "`# Exploit Title: osTicket 1.14.2 - SSRF \n# Date: 18-01-2021 \n# Exploit Author: Talat Mehmood \n# Vendor Homepage: https://osticket.com/ \n# Software Link: https://osticket.com/download/ \n# Version: <1.14.3 \n# Tested on: Linux \n# CVE : CVE-2020-24881 \n \nosTicket before 1.14.3 suffers from Server Side Request Forgery [SSRF]. HTML page is rendered on backend server on calling \"Print\" ticket functionality. \n \nBelow are the steps to reproduce this vulnerability: \n \n1. Create a new ticket \n2. Select \"HTML Format\" format. \n3. Add an image tag with your payload in src attribute i.e. \"<img src=https://mymaliciouswebsite.com\"> \n4. After submitting this comment, print this ticket. \n5. You'll receive a hit on your malicious website from the internal server on which osTicket is deployed. \n \nFor more details, read my following blog: \n \nhttps://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0 \nhttps://nvd.nist.gov/vuln/detail/CVE-2020-24881 \n \n`\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://packetstormsecurity.com/files/download/160995/osticket1142-ssrf.txt"}], "rst": [{"lastseen": "2021-01-18T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **magos-linux[.]ru** in [RST Threat Feed](https://rstcloud.net/profeed) with score **24**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-18T03:00:00.\n IOC tags: **generic**.\nDomain has DNS A records: 185[.]199.108.153,185.199.110.153,185.199.109.153,185.199.111.153\nWhois:\n Created: 2009-05-07 20:00:00, \n Registrar: REGRURU, \n Registrant: Private Person.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:238A021A-0F7E-332E-A8A8-6B1297956476", "href": "", "published": "2021-01-19T00:00:00", "title": "RST Threat feed. IOC: magos-linux.ru", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-18T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **linux-archive[.]org** in [RST Threat Feed](https://rstcloud.net/profeed) with score **24**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-18T03:00:00.\n IOC tags: **generic**.\nDomain has DNS A records: 192[.]249.114.15\nWhois:\n Created: 2007-06-02 14:21:53, \n Registrar: unknown, \n Registrant: unknown.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:0477D483-1063-3182-8F00-4EF3FAAB0B8C", "href": "", "published": "2021-01-19T00:00:00", "title": "RST Threat feed. IOC: linux-archive.org", "type": "rst", "cvss": {}}]}
