‼ CVE-2020-28939 ‼
📖 Read
via "National Vulnerability Database".
OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14318 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-2321 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-2323 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28938 ‼
📖 Read
via "National Vulnerability Database".
OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users.📖 Read
via "National Vulnerability Database".
❌ Reverse Engineering Tools: Evaluating the True Cost ❌
📖 Read
via "Threat Post".
Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears.📖 Read
via "Threat Post".
Threat Post
Reverse Engineering Tools: Evaluating the True Cost
Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears.
❌ DeathStalker APT Spices Things Up with PowerPepper Malware ❌
📖 Read
via "Threat Post".
A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation.📖 Read
via "Threat Post".
Threat Post
DeathStalker APT Spices Things Up with PowerPepper Malware
A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation.
🕴 Researchers Bypass Next-Generation Endpoint Protection 🕴
📖 Read
via "Dark Reading".
Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show.📖 Read
via "Dark Reading".
Dark Reading
Researchers Bypass Next-Generation Endpoint Protection
Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show.
🕴 US Officials Take Action Against 2,300 Money Mules 🕴
📖 Read
via "Dark Reading".
Eight federal law enforcement agencies participated in the Money Mule Initiative, a global crackdown on money laundering.📖 Read
via "Dark Reading".
Dark Reading
US Officials Take Action Against 2,300 Money Mules - Dark Reading
Eight federal law enforcement agencies participated in the Money Mule Initiative, a global crackdown on money laundering.
🕴 Cloud Security Threats for 2021 🕴
📖 Read
via "Dark Reading".
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.📖 Read
via "Dark Reading".
Dark Reading
Cloud Security Threats for 2021
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.
‼ CVE-2020-13524 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27760 ‼
📖 Read
via "National Vulnerability Database".
In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13542 ‼
📖 Read
via "National Vulnerability Database".
A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27763 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14351 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13525 ‼
📖 Read
via "National Vulnerability Database".
The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23726 ‼
📖 Read
via "National Vulnerability Database".
There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23735 ‼
📖 Read
via "National Vulnerability Database".
In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Attackers can use the constructed program to increase user privileges📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13543 ‼
📖 Read
via "National Vulnerability Database".
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23727 ‼
📖 Read
via "National Vulnerability Database".
There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27759 ‼
📖 Read
via "National Vulnerability Database".
In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.📖 Read
via "National Vulnerability Database".