βΌ CVE-2020-4482 βΌ
π Read
via "National Vulnerability Database".
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27196 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26883 βΌ
π Read
via "National Vulnerability Database".
In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.π Read
via "National Vulnerability Database".
β Black Friday β stay safe before, during and after peak retail season β
π Read
via "Naked Security".
Yes, we give Black Friday tips every year - but that's because they're worth doing every year!π Read
via "Naked Security".
Naked Security
Black Friday β stay safe before, during and after peak retail season
Yes, we give Black Friday tips every year β but thatβs because theyβre worth doing every year!
π¦Ώ How to view your SSH keys in Linux, macOS, and Windows π¦Ώ
π Read
via "Tech Republic".
If you're not sure how to view your SSH certificates, Jack Wallen walks you through the steps on Linux, macOS, and Windows.π Read
via "Tech Republic".
TechRepublic
How to View Your SSH Keys in Linux, macOS, and Windows
Learn how to find your SSH key on Linux, macOS, or Windows. Follow these simple steps to locate your SSH key for secure connections and setup.
π Friday Five 11/6 π
π Read
via "Digital Guardian".
New privacy laws, botnet schemes, and Bitcoin seizures - catch up on all the week's infosec news with the Friday Five!π Read
via "Digital Guardian".
Digital Guardian
Friday Five 11/6
New privacy laws, botnet schemes, and Bitcoin seizures - catch up on all the week's infosec news with the Friday Five!
π΄ Name That Toon: Masks and Manners π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Masks and Manners
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
βΌ CVE-2020-8580 βΌ
π Read
via "National Vulnerability Database".
SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2020-7198 βΌ
π Read
via "National Vulnerability Database".
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5795 βΌ
π Read
via "National Vulnerability Database".
UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router.π Read
via "National Vulnerability Database".
β Gitpaste-12 Worm Targets Linux Servers, IoT Devices β
π Read
via "Threat Post".
The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors.π Read
via "Threat Post".
Threat Post
Gitpaste-12 Worm Targets Linux Servers, IoT Devices
The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors.
π΄ The Oracle-Walmart-TikTok Deal Is Not Enough π΄
π Read
via "Dark Reading".
The social media deal raises issues involving data custodianship and trusted tech partnerships.π Read
via "Dark Reading".
Dark Reading
The Oracle-Walmart-TikTok Deal Is Not Enough
The social media deal raises issues involving data custodianship and trusted tech partnerships.
βΌ CVE-2020-25170 βΌ
π Read
via "National Vulnerability Database".
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26214 βΌ
π Read
via "National Vulnerability Database".
In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication mechanism for anonymous authorization are affected. A fix has been implemented in version 8.1.0 that returns HTTP 401 Unauthorized response for any authentication attempts where the password field is empty. As a workaround LDAP administrators can disallow unauthenticated bind requests by clients.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26213 βΌ
π Read
via "National Vulnerability Database".
In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25174 βΌ
π Read
via "National Vulnerability Database".
A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user.π Read
via "National Vulnerability Database".
βΌ CVE-2017-18926 βΌ
π Read
via "National Vulnerability Database".
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).π Read
via "National Vulnerability Database".
βΌ CVE-2020-25172 βΌ
π Read
via "National Vulnerability Database".
A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8577 βΌ
π Read
via "National Vulnerability Database".
SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5794 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.π Read
via "National Vulnerability Database".
β Feds Seize $1B in Bitcoin from Silk Road β
π Read
via "Threat Post".
The illegal marketplace was hacked prior to it's takedown -- the IRS has now tracked down those stolen funds, it said.π Read
via "Threat Post".
Threat Post
Feds Seize $1B in Bitcoin from Silk Road
The illegal marketplace was hacked prior to it's takedown β the IRS has now tracked down those stolen funds, it said.