CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 1CVE-2020-7465
https://notcve.org/view.php?id=CVE-2020-7465
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption). La implementación L2TP de MPD versiones anteriores a 5.9, permite a un atacante remoto que puede enviar un paquete de control L2TP específicamente diseñado con AVP versión Q.931 Causar Code para ejecutar código arbitrario o causar una denegación de servicio (corrupción de la memoria) • https://sourceforge.net/p/mpd/bugs/70 https://sourceforge.net/p/mpd/svn/2377 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8430
https://notcve.org/view.php?id=CVE-2020-8430
Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string. Los dispositivos Stormshield Network Security versión 310 3.7.10, presentan una vulnerabilidad de Redireccionamiento Abierto de auth/lang.html?rurl= en el portal cautivo. • https://advisories.stormshield.eu/2020-001 https://www.digitemis.com/2020/02/24/digitemis-decouvre-une-vulnerabilite-au-sein-dun-produit-stormshield-cve-2020-8430 https://www.digitemis.com/category/blog/actualite https://www.stormshield.com/products/sn310 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •