‼ CVE-2020-13986 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-15375 ‼
📖 Read
via "National Vulnerability Database".
Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. The vulnerability could allow a local authenticated user to run arbitrary commands and perform escalation of privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13984 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13988 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13985 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-15376 ‼
📖 Read
via "National Vulnerability Database".
Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13987 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.📖 Read
via "National Vulnerability Database".
🦿 Security moves from blocker to driver of open source adoption 🦿
📖 Read
via "Tech Republic".
Commentary: Companies used to look to open source to lower costs. That's still true, but an even bigger driver is security, according to a new developer survey.📖 Read
via "Tech Republic".
TechRepublic
Security moves from blocker to driver of open source adoption
Commentary: Companies used to look to open source to lower costs. That's still true, but an even bigger driver is security, according to a new developer survey.
‼ CVE-2020-27713 ‼
📖 Read
via "National Vulnerability Database".
In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the connection is reset and the Traffic Management Microkernel (TMM) leaks memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26418 ‼
📖 Read
via "National Vulnerability Database".
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35149 ‼
📖 Read
via "National Vulnerability Database".
lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29455 ‼
📖 Read
via "National Vulnerability Database".
A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter (e.g., street or country).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27730 ‼
📖 Read
via "National Vulnerability Database".
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26419 ‼
📖 Read
via "National Vulnerability Database".
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5949 ‼
📖 Read
via "National Vulnerability Database".
On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5950 ‼
📖 Read
via "National Vulnerability Database".
On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5948 ‼
📖 Read
via "National Vulnerability Database".
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19165 ‼
📖 Read
via "National Vulnerability Database".
PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26420 ‼
📖 Read
via "National Vulnerability Database".
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.📖 Read
via "National Vulnerability Database".
🕴 FBI, CISA, MS-ISAC: Cybercriminals Increasingly Attacking K-12 Distance Learning 🕴
📖 Read
via "Dark Reading".
Ransomware attacks reported against US K-12 schools jumped from 28% in January through July to 57% in August and September.📖 Read
via "Dark Reading".
Dark Reading
FBI, CISA, MS-ISAC: Cybercriminals Increasingly Attacking K-12 Distance Learning
Ransomware attacks reported against US K-12 schools jumped from 28% in January through July to 57% in August and September.
‼ CVE-2020-13986 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.📖 Read
via "National Vulnerability Database".