‼ CVE-2020-27133 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26265 ‼
📖 Read
via "National Vulnerability Database".
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27127 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
❌ PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers ❌
📖 Read
via "Threat Post".
The malware takes aim at PostgreSQL database servers with never-before-seen techniques.📖 Read
via "Threat Post".
Threat Post
PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers
The malware takes aim at PostgreSQL database servers with never-before-seen techniques.
❌ Adrozek Malware Delivers Fake Ads to 30K Devices a Day ❌
📖 Read
via "Threat Post".
The Adrozek ad-injecting browser modifier malware also extracts device data and steals credentials, making it an even more dangerous threat.📖 Read
via "Threat Post".
Threat Post
Adrozek Malware Delivers Fake Ads to 30K Devices a Day
The Adrozek ad-injecting browser modifier malware also extracts device data and steals credentials, making it an even more dangerous threat.
❌ Security Issues in PoS Terminals Open Consumers to Fraud ❌
📖 Read
via "Threat Post".
Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers found the devices use default passwords.📖 Read
via "Threat Post".
Threat Post
Security Issues in PoS Terminals Open Consumers to Fraud
Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers found the devices use default passwords.
‼ CVE-2020-27825 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running in parallel on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26421 ‼
📖 Read
via "National Vulnerability Database".
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27713 ‼
📖 Read
via "National Vulnerability Database".
In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the connection is reset and the Traffic Management Microkernel (TMM) leaks memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26418 ‼
📖 Read
via "National Vulnerability Database".
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35149 ‼
📖 Read
via "National Vulnerability Database".
lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29455 ‼
📖 Read
via "National Vulnerability Database".
A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter (e.g., street or country).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27730 ‼
📖 Read
via "National Vulnerability Database".
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26419 ‼
📖 Read
via "National Vulnerability Database".
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5949 ‼
📖 Read
via "National Vulnerability Database".
On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5950 ‼
📖 Read
via "National Vulnerability Database".
On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5948 ‼
📖 Read
via "National Vulnerability Database".
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19165 ‼
📖 Read
via "National Vulnerability Database".
PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26420 ‼
📖 Read
via "National Vulnerability Database".
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.📖 Read
via "National Vulnerability Database".
🕴 FBI, CISA, MS-ISAC: Cybercriminals Increasingly Attacking K-12 Distance Learning 🕴
📖 Read
via "Dark Reading".
Ransomware attacks reported against US K-12 schools jumped from 28% in January through July to 57% in August and September.📖 Read
via "Dark Reading".
Dark Reading
FBI, CISA, MS-ISAC: Cybercriminals Increasingly Attacking K-12 Distance Learning
Ransomware attacks reported against US K-12 schools jumped from 28% in January through July to 57% in August and September.
‼ CVE-2020-27133 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".