βΌ CVE-2020-7551 βΌ
π Read
via "National Vulnerability Database".
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7554 βΌ
π Read
via "National Vulnerability Database".
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7571 βΌ
π Read
via "National Vulnerability Database".
A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7567 βΌ
π Read
via "National Vulnerability Database".
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28210 βΌ
π Read
via "National Vulnerability Database".
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7557 βΌ
π Read
via "National Vulnerability Database".
A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7570 βΌ
π Read
via "National Vulnerability Database".
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7568 βΌ
π Read
via "National Vulnerability Database".
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25989 βΌ
π Read
via "National Vulnerability Database".
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28213 βΌ
π Read
via "National Vulnerability Database".
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureΓΒͺ Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7561 βΌ
π Read
via "National Vulnerability Database".
A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7555 βΌ
π Read
via "National Vulnerability Database".
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7550 βΌ
π Read
via "National Vulnerability Database".
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28953 βΌ
π Read
via "National Vulnerability Database".
In BigBlueButton before 2.2.29, a user can vote more than once in a single poll.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28350 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7573 βΌ
π Read
via "National Vulnerability Database".
A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7565 βΌ
π Read
via "National Vulnerability Database".
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7544 βΌ
π Read
via "National Vulnerability Database".
A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureΓΒͺ Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureΓΒͺ Operator Terminal Expert.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7556 βΌ
π Read
via "National Vulnerability Database".
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.π Read
via "National Vulnerability Database".
π΄ ISP Security: Do We Expect Too Much? π΄
π Read
via "Dark Reading".
With so many people now connecting to business networks from home routers, ISP security takes on heightened importance. The question becomes, is the security provided by ISPs good enough to be the only security SMBs and remote employees need?π Read
via "Dark Reading".
Dark Reading
ISP Security: Do We Expect Too Much?
With so many people now connecting to business networks from home routers, ISP security takes on heightened importance. But is the security provided by ISPs good enough to be the only security SMBs and remote employees need?
π΄ Telos Goes Public π΄
π Read
via "Dark Reading".
Nearly a month after McAfee made its second appearance on the public market, the Virginia-based provider of security services to government and commercial organizations makes its own debut.π Read
via "Dark Reading".
Dark Reading
Telos Goes Public
Nearly a month after McAfee made its second appearance on the public market, the Virginia-based provider of security services to government and commercial organizations makes its own debut.