‼ CVE-2020-26265 ‼
📖 Read
via "National Vulnerability Database".
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27127 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29590 ‼
📖 Read
via "National Vulnerability Database".
Versions of the Official teamspeak Docker images through 3.6.0 contain a blank password for the root user. Systems deployed using affected versions of the teamspeak container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29254 ‼
📖 Read
via "National Vulnerability Database".
TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-15023 ‼
📖 Read
via "National Vulnerability Database".
Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted (and even failed) WPS authentication attempt, it is possible to brute force the overall authentication exchange. This allows an attacker to obtain the recovered WPS PIN in minutes or even seconds, and eventually obtain the Wi-Fi PSK key, gaining access to the Wi=Fi network.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12149 ‼
📖 Read
via "National Vulnerability Database".
The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects ll current ECOS versions: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29591 ‼
📖 Read
via "National Vulnerability Database".
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29589 ‼
📖 Read
via "National Vulnerability Database".
Versions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4633 ‼
📖 Read
via "National Vulnerability Database".
IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27508 ‼
📖 Read
via "National Vulnerability Database".
In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.📖 Read
via "National Vulnerability Database".
❌ Feds: K-12 Cyberattacks Dramatically on the Rise ❌
📖 Read
via "Threat Post".
Attackers are targeting students and faculty alike with malware, phishing, DDoS, Zoom bombs and more, the FBI and CISA said.📖 Read
via "Threat Post".
Threat Post
Feds: K-12 Cyberattacks Dramatically on the Rise
Attackers are targeting students and faculty alike with malware, phishing, DDoS, Zoom bombs and more, the FBI and CISA said.
🕴 Microsoft Warns of Powerful New Adware 🕴
📖 Read
via "Dark Reading".
The new adware, dubbed Adrozek, is being distributed by large, well organized threat actors, according to Microsoft research.📖 Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
‼ CVE-2020-27132 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28439 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26264 ‼
📖 Read
via "National Vulnerability Database".
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27134 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28440 ‼
📖 Read
via "National Vulnerability Database".
All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7791 ‼
📖 Read
via "National Vulnerability Database".
This affects the package i18n before 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29574 ‼
📖 Read
via "National Vulnerability Database".
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27133 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26265 ‼
📖 Read
via "National Vulnerability Database".
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version.📖 Read
via "National Vulnerability Database".