βΌ CVE-2020-29668 βΌ
π Read
via "National Vulnerability Database".
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26407 βΌ
π Read
via "National Vulnerability Database".
A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious projectπ Read
via "National Vulnerability Database".
βΌ CVE-2020-12594 βΌ
π Read
via "National Vulnerability Database".
A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24445 βΌ
π Read
via "National Vulnerability Database".
AEM's Cloud Service offering, as well as versions 6.5.6.0 (and below), 6.4.8.2 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimΓ’β¬β’s browser when they browse to the page containing the vulnerable field.π Read
via "National Vulnerability Database".
β Misery of Ransomware Hits Hospitals the Hardest β
π Read
via "Threat Post".
Ransomware attacks targeting hospitals have exacted a human cost as well as financial.π Read
via "Threat Post".
Threat Post
Misery of Ransomware Hits Hospitals the Hardest
Ransomware attacks targeting hospitals have exacted a human cost as well as financial.
βΌ CVE-2020-8920 βΌ
π Read
via "National Vulnerability Database".
An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8919 βΌ
π Read
via "National Vulnerability Database".
An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2494 βΌ
π Read
via "National Vulnerability Database".
This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2020-27350 βΌ
π Read
via "National Vulnerability Database".
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;π Read
via "National Vulnerability Database".
βΌ CVE-2020-12516 βΌ
π Read
via "National Vulnerability Database".
Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2019-7198 βΌ
π Read
via "National Vulnerability Database".
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2020-27351 βΌ
π Read
via "National Vulnerability Database".
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;π Read
via "National Vulnerability Database".
βΌ CVE-2020-2496 βΌ
π Read
via "National Vulnerability Database".
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2020-2498 βΌ
π Read
via "National Vulnerability Database".
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2020-2495 βΌ
π Read
via "National Vulnerability Database".
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and laterπ Read
via "National Vulnerability Database".
β Critical Steam Flaws Could Let Gamers to Crash Opponentsβ Computers β
π Read
via "Threat Post".
Valve fixed critical bugs in its Steam gaming client, which is a platform for popular video games like Counter Strike: Global Offensive, Dota2 and Half Life.π Read
via "Threat Post".
Threat Post
Critical Steam Flaws Could Let Gamers Crash Opponentsβ Computers
Valve fixed critical bugs in its Steam gaming client, which is a platform for popular video games like Counter Strike: Global Offensive, Dota2 and Half Life.
βΌ CVE-2020-29666 βΌ
π Read
via "National Vulnerability Database".
In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24444 βΌ
π Read
via "National Vulnerability Database".
AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29667 βΌ
π Read
via "National Vulnerability Database".
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12595 βΌ
π Read
via "National Vulnerability Database".
An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29668 βΌ
π Read
via "National Vulnerability Database".
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.π Read
via "National Vulnerability Database".