7 Tips for Choosing Security Metrics That Matter

7 Tips for Choosing Security Metrics That Matter
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database CVE-2020-24265PUBLISHED: 2020-10-19

An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.

CVE-2020-24266PUBLISHED: 2020-10-19

An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.

CVE-2020-13778PUBLISHED: 2020-10-19

rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.

CVE-2020-15909PUBLISHED: 2020-10-19

SolarWinds N-central through 2020.1 allows session hijacking.

CVE-2020-15910PUBLISHED: 2020-10-19

SolarWinds N-central through 12.3 does not include the HTTPOnly flag in the Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.