‼ CVE-2020-27713 ‼
📖 Read
via "National Vulnerability Database".
In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the connection is reset and the Traffic Management Microkernel (TMM) leaks memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26418 ‼
📖 Read
via "National Vulnerability Database".
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35149 ‼
📖 Read
via "National Vulnerability Database".
lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29455 ‼
📖 Read
via "National Vulnerability Database".
A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter (e.g., street or country).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27730 ‼
📖 Read
via "National Vulnerability Database".
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26419 ‼
📖 Read
via "National Vulnerability Database".
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5949 ‼
📖 Read
via "National Vulnerability Database".
On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5950 ‼
📖 Read
via "National Vulnerability Database".
On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5948 ‼
📖 Read
via "National Vulnerability Database".
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19165 ‼
📖 Read
via "National Vulnerability Database".
PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26420 ‼
📖 Read
via "National Vulnerability Database".
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.📖 Read
via "National Vulnerability Database".
🕴 FBI, CISA, MS-ISAC: Cybercriminals Increasingly Attacking K-12 Distance Learning 🕴
📖 Read
via "Dark Reading".
Ransomware attacks reported against US K-12 schools jumped from 28% in January through July to 57% in August and September.📖 Read
via "Dark Reading".
Dark Reading
FBI, CISA, MS-ISAC: Cybercriminals Increasingly Attacking K-12 Distance Learning
Ransomware attacks reported against US K-12 schools jumped from 28% in January through July to 57% in August and September.
‼ CVE-2020-26421 ‼
📖 Read
via "National Vulnerability Database".
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27713 ‼
📖 Read
via "National Vulnerability Database".
In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the connection is reset and the Traffic Management Microkernel (TMM) leaks memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26418 ‼
📖 Read
via "National Vulnerability Database".
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35149 ‼
📖 Read
via "National Vulnerability Database".
lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29455 ‼
📖 Read
via "National Vulnerability Database".
A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter (e.g., street or country).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27730 ‼
📖 Read
via "National Vulnerability Database".
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26419 ‼
📖 Read
via "National Vulnerability Database".
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5949 ‼
📖 Read
via "National Vulnerability Database".
On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5950 ‼
📖 Read
via "National Vulnerability Database".
On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.📖 Read
via "National Vulnerability Database".