βΌ CVE-2020-25074 βΌ
π Read
via "National Vulnerability Database".
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26818 βΌ
π Read
via "National Vulnerability Database".
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26822 βΌ
π Read
via "National Vulnerability Database".
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26821 βΌ
π Read
via "National Vulnerability Database".
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service.π Read
via "National Vulnerability Database".
π΄ Cloud Usage, Biometrics Surge As Remote Work Grows Permanent π΄
π Read
via "Dark Reading".
A new report reveals organizations are increasing their adoption of biometric authentication and disallowing SMS as a login method.π Read
via "Dark Reading".
Dark Reading
Cloud Usage, Biometrics Surge As Remote Work Grows Permanent
A new report reveals organizations are increasing their adoption of biometric authentication and disallowing SMS as a login method.
π New Government Contractor Cybersecurity Requirements Loom π
π Read
via "Digital Guardian".
A new cybersecurity rule will go into effect for DoD contractors at the end of the month to enhance the protection of unclassified information within the supply chain.π Read
via "Digital Guardian".
Digital Guardian
New Government Contractor Cybersecurity Requirements Loom
A new cybersecurity rule will go into effect for DoD contractors at the end of the month to enhance the protection of unclassified information within the supply chain.
β Scalper-Bots Shake Down Desperate PS5, Xbox Series X Shoppers β
π Read
via "Threat Post".
Retail bots are helping scalpers scoop up PS5, Xbox Series X inventory and charge massive markups.π Read
via "Threat Post".
Threat Post
Scalper-Bots Shake Down Desperate PS5, Xbox Series X Shoppers
Retail bots are helping scalpers scoop up PS5, Xbox Series X inventory and charge massive markups.
β Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs β
π Read
via "Threat Post".
Intel released 40 security advisories in total, addressing critical- and high-severity flaws across its Active Management Technology, Wireless Bluetooth and NUC products.π Read
via "Threat Post".
Threat Post
Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs
Intel released 40 security advisories in total, addressing critical- and high-severity flaws across its Active Management Technology, Wireless Bluetooth and NUC products.
βΌ CVE-2020-28368 βΌ
π Read
via "National Vulnerability Database".
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.π Read
via "National Vulnerability Database".
βΌ CVE-2019-7357 βΌ
π Read
via "National Vulnerability Database".
Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23968 βΌ
π Read
via "National Vulnerability Database".
Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27165 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-28050. Reason: This candidate is a reservation duplicate of CVE-2020-28050. Notes: All CVE users should reference CVE-2020-28050 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
β Microsoft Patch Tuesday Update Fixes 17 Critical Bugs β
π Read
via "Threat Post".
Remote code execution vulnerabilities dominate this monthβs security bulletin of warnings and patches.π Read
via "Threat Post".
Threat Post
Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Remote code execution vulnerabilities dominate this monthβs security bulletin of warnings and patches.
π΄ Microsoft Patches Windows Kernel Flaw Under Active Attack π΄
π Read
via "Dark Reading".
This month's Patch Tuesday addressed a Windows zero-day in a release of 112 vulnerabilities, 17 of which are critical.π Read
via "Dark Reading".
Darkreading
Microsoft Patches Windows Kernel Flaw Under Active Attack
This month's Patch Tuesday addressed a Windows zero-day in a release of 112 vulnerabilities, 17 of which are critical.
π΄ Claroty Details Vulnerabilities in Schneider PLCs π΄
π Read
via "Dark Reading".
The vulnerabilities in a common line of programmable logic controllers could allow attackers to gain control of industrial equipment.π Read
via "Dark Reading".
Dark Reading
Claroty Details Vulnerabilities in Schneider PLCs
The vulnerabilities in a common line of programmable logic controllers could allow attackers to gain control of industrial equipment.
βΌ CVE-2020-25268 βΌ
π Read
via "National Vulnerability Database".
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25267 βΌ
π Read
via "National Vulnerability Database".
An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28408 βΌ
π Read
via "National Vulnerability Database".
The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28409 βΌ
π Read
via "National Vulnerability Database".
The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. occur.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24367 βΌ
π Read
via "National Vulnerability Database".
Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24063 βΌ
π Read
via "National Vulnerability Database".
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF.π Read
via "National Vulnerability Database".