‼ CVE-2020-27696 ‼
📖 Read
via "National Vulnerability Database".
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-3441 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-3482 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow the attacker to send traffic through the affected software to destinations beyond the application, possibly allowing the attacker to gain unauthorized network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-3419 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-3531 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-3470 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28578 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28572 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28581 ‼
📖 Read
via "National Vulnerability Database".
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27697 ‼
📖 Read
via "National Vulnerability Database".
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-3471 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled.📖 Read
via "National Vulnerability Database".
❌ Widespread Scans Underway for RCE Bugs in WordPress Websites ❌
📖 Read
via "Threat Post".
WordPress websites using buggy Epsilon Framework themes are being hunted by hackers.📖 Read
via "Threat Post".
Threat Post
Widespread Scans Underway for RCE Bugs in WordPress Websites
WordPress websites using buggy Epsilon Framework themes are being hunted by hackers.
🕴 Online Shopping Surge Puts Focus on Consumer Security Habits 🕴
📖 Read
via "Dark Reading".
Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.📖 Read
via "Dark Reading".
Dark Reading
Online Shopping Surge Puts Focus on Consumer Security Habits
Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.
🕴 Cisco Webex Vulns Let 'Ghost' Attendees Spy on Meetings 🕴
📖 Read
via "Dark Reading".
Three vulnerabilities, patched today, could let an attacker snoop on meetings undetected after the host removes them.📖 Read
via "Dark Reading".
Dark Reading
Cisco Webex Vulns Let 'Ghost' Attendees Spy on Meetings
Three vulnerabilities, patched today, could let an attacker snoop on meetings undetected after the host removes them.
‼ CVE-2020-26215 ‼
📖 Read
via "National Vulnerability Database".
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-22723 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-15301 ‼
📖 Read
via "National Vulnerability Database".
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26226 ‼
📖 Read
via "National Vulnerability Database".
In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14208 ‼
📖 Read
via "National Vulnerability Database".
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-15300 ‼
📖 Read
via "National Vulnerability Database".
SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13799 ‼
📖 Read
via "National Vulnerability Database".
Western Digital iNAND devices through 2020-06-03 allow Authentication Bypass via a capture-replay attack.📖 Read
via "National Vulnerability Database".