‼ CVE-2020-27160 ‼
📖 Read
via "National Vulnerability Database".
Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3).📖 Read
via "National Vulnerability Database".
‼ CVE-2019-8749 ‼
📖 Read
via "National Vulnerability Database".
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-8771 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9866 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A buffer overflow may result in arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-8850 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may disclose restricted memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-8746 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9932 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-4433 ‼
📖 Read
via "National Vulnerability Database".
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-4339 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-8858 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A user who shares their screen may not be able to end screen sharing.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9941 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. A remote attacker may be able to unexpectedly alter application state.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9782 ‼
📖 Read
via "National Vulnerability Database".
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25765 ‼
📖 Read
via "National Vulnerability Database".
Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-8715 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. An application may be able to execute arbitrary code with system privileges.📖 Read
via "National Vulnerability Database".
🕴 Survey Uncovers High Level of Concern Over Firewalls 🕴
📖 Read
via "Dark Reading".
More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.📖 Read
via "Dark Reading".
Dark Reading
Survey Uncovers High Level of Concern Over Firewalls
More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.
‼ CVE-2020-16140 ‼
📖 Read
via "National Vulnerability Database".
The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27957 ‼
📖 Read
via "National Vulnerability Database".
The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27956 ‼
📖 Read
via "National Vulnerability Database".
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).📖 Read
via "National Vulnerability Database".
🦿 Security firm identifies 5 biggest cybersecurity risks for hospitals and healthcare organizations 🦿
📖 Read
via "Tech Republic".
Wandera finds malicious network traffic and configuration vulnerabilities on mobile devices as popular entry points for cybercriminals.📖 Read
via "Tech Republic".
TechRepublic
The 5 biggest cybersecurity threats for the healthcare industry
Wandera finds malicious network traffic and configuration vulnerabilities on mobile devices as popular entry points for cybercriminals.
❌ Trump Campaign Website Defaced by Cryptocurrency Scam ❌
📖 Read
via "Threat Post".
Hackers claim to have access to classified information linking the president to the origin of the coronavirus and criminal collusion with foreign actors.📖 Read
via "Threat Post".
Threat Post
Trump Campaign Website Defaced by Cryptocurrency Scam
Hackers claim to have access to classified information linking the president to the origin of the coronavirus and criminal collusion with foreign actors.
❌ Experts Weigh in on E-Commerce Security Amid Snowballing Threats ❌
📖 Read
via "Threat Post".
How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.📖 Read
via "Threat Post".
Threat Post
Experts Weigh in on E-Commerce Security Amid Snowballing Threats
How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.