β German COVID-19 Contact-Tracing Vulnerability Allowed RCE β
π Read
via "Threat Post".
Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration.π Read
via "Threat Post".
Threat Post
German COVID-19 Contact-Tracing Vulnerability Allowed RCE
Bug hunters at GitHub Security Lab help shore up German contact tracing app security, crediting open-source collaboration.
β Robot Vacuums Suck Up Sensitive Audio in βLidarPhoneβ Hack β
π Read
via "Threat Post".
Researchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums.π Read
via "Threat Post".
Threat Post
Robot Vacuums Suck Up Sensitive Audio in βLidarPhoneβ Hack
Researchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums.
π¦Ώ How phishing attacks are exploiting Google's own tools and services π¦Ώ
π Read
via "Tech Republic".
Cybercriminals are taking advantage of Google's open and accessible online tools to skirt past the usual security filters, says Armorblox.π Read
via "Tech Republic".
TechRepublic
How phishing attacks are exploiting Google's own tools and services
Cybercriminals are taking advantage of Google's open and accessible online tools to skirt past the usual security filters, says Armorblox.
π΄ Cybercriminals Get Creative With Google Services π΄
π Read
via "Dark Reading".
Attacks take advantage of popular services, including Google Forms and Google Docs.π Read
via "Dark Reading".
Dark Reading
Cybercriminals Get Creative With Google Services
Attacks take advantage of popular services, including Google Forms and Google Docs.
βΌ CVE-2020-7566 βΌ
π Read
via "National Vulnerability Database".
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7551 βΌ
π Read
via "National Vulnerability Database".
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7554 βΌ
π Read
via "National Vulnerability Database".
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7571 βΌ
π Read
via "National Vulnerability Database".
A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7567 βΌ
π Read
via "National Vulnerability Database".
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28210 βΌ
π Read
via "National Vulnerability Database".
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7557 βΌ
π Read
via "National Vulnerability Database".
A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7570 βΌ
π Read
via "National Vulnerability Database".
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7568 βΌ
π Read
via "National Vulnerability Database".
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25989 βΌ
π Read
via "National Vulnerability Database".
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28213 βΌ
π Read
via "National Vulnerability Database".
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureΓΒͺ Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7561 βΌ
π Read
via "National Vulnerability Database".
A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7555 βΌ
π Read
via "National Vulnerability Database".
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7550 βΌ
π Read
via "National Vulnerability Database".
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28953 βΌ
π Read
via "National Vulnerability Database".
In BigBlueButton before 2.2.29, a user can vote more than once in a single poll.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28350 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7573 βΌ
π Read
via "National Vulnerability Database".
A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control.π Read
via "National Vulnerability Database".