‼ CVE-2020-27132 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28439 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26264 ‼
📖 Read
via "National Vulnerability Database".
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27134 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28440 ‼
📖 Read
via "National Vulnerability Database".
All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7791 ‼
📖 Read
via "National Vulnerability Database".
This affects the package i18n before 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29574 ‼
📖 Read
via "National Vulnerability Database".
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27133 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26265 ‼
📖 Read
via "National Vulnerability Database".
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27127 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
❌ PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers ❌
📖 Read
via "Threat Post".
The malware takes aim at PostgreSQL database servers with never-before-seen techniques.📖 Read
via "Threat Post".
Threat Post
PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers
The malware takes aim at PostgreSQL database servers with never-before-seen techniques.
❌ Adrozek Malware Delivers Fake Ads to 30K Devices a Day ❌
📖 Read
via "Threat Post".
The Adrozek ad-injecting browser modifier malware also extracts device data and steals credentials, making it an even more dangerous threat.📖 Read
via "Threat Post".
Threat Post
Adrozek Malware Delivers Fake Ads to 30K Devices a Day
The Adrozek ad-injecting browser modifier malware also extracts device data and steals credentials, making it an even more dangerous threat.
❌ Security Issues in PoS Terminals Open Consumers to Fraud ❌
📖 Read
via "Threat Post".
Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers found the devices use default passwords.📖 Read
via "Threat Post".
Threat Post
Security Issues in PoS Terminals Open Consumers to Fraud
Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers found the devices use default passwords.
‼ CVE-2020-29574 ‼
📖 Read
via "National Vulnerability Database".
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27133 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26265 ‼
📖 Read
via "National Vulnerability Database".
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27127 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
❌ PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers ❌
📖 Read
via "Threat Post".
The malware takes aim at PostgreSQL database servers with never-before-seen techniques.📖 Read
via "Threat Post".
Threat Post
PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers
The malware takes aim at PostgreSQL database servers with never-before-seen techniques.
❌ Adrozek Malware Delivers Fake Ads to 30K Devices a Day ❌
📖 Read
via "Threat Post".
The Adrozek ad-injecting browser modifier malware also extracts device data and steals credentials, making it an even more dangerous threat.📖 Read
via "Threat Post".
Threat Post
Adrozek Malware Delivers Fake Ads to 30K Devices a Day
The Adrozek ad-injecting browser modifier malware also extracts device data and steals credentials, making it an even more dangerous threat.
❌ Security Issues in PoS Terminals Open Consumers to Fraud ❌
📖 Read
via "Threat Post".
Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers found the devices use default passwords.📖 Read
via "Threat Post".
Threat Post
Security Issues in PoS Terminals Open Consumers to Fraud
Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers found the devices use default passwords.
‼ CVE-2020-27825 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running in parallel on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.📖 Read
via "National Vulnerability Database".