βΌ CVE-2020-28856 βΌ
π Read
via "National Vulnerability Database".
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls.π Read
via "National Vulnerability Database".
β Ex-Cisco Employee Convicted for Deleting 16K Webex Accounts β
π Read
via "Threat Post".
The insider threat will go to jail for two years after compromising Cisco's cloud infrastructure.π Read
via "Threat Post".
Threat Post
Ex-Cisco Employee Convicted for Deleting 16K Webex Accounts
The insider threat will go to jail for two years after compromising Cisco's cloud infrastructure.
π¦Ώ Kaspersky: Gamers face high and ongoing risk of identity theft and bullying π¦Ώ
π Read
via "Tech Republic".
A survey of gamers worldwide found that gamers deal with bullying and theft of in-game valuables in addition to identity theft.π Read
via "Tech Republic".
TechRepublic
Kaspersky: Gamers face high and ongoing risk of identity theft and bullying
A survey of gamers worldwide found that gamers deal with bullying and theft of in-game valuables in addition to identity theft.
β Spotify Changes Passwords After Another Data Breach β
π Read
via "Threat Post".
This is the third breach in the past few weeks for the worldβs most popular streaming service.π Read
via "Threat Post".
Threat Post
Spotify Changes Passwords After Another Data Breach
This is the third breach in the past few weeks for the worldβs most popular streaming service.
βΌ CVE-2020-20136 βΌ
π Read
via "National Vulnerability Database".
QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16103 βΌ
π Read
via "National Vulnerability Database".
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8169 βΌ
π Read
via "National Vulnerability Database".
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).π Read
via "National Vulnerability Database".
βΌ CVE-2020-16104 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8257 βΌ
π Read
via "National Vulnerability Database".
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2020-8284 βΌ
π Read
via "National Vulnerability Database".
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8258 βΌ
π Read
via "National Vulnerability Database".
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25183 βΌ
π Read
via "National Vulnerability Database".
Medtronic MyCareLink Smart 25000 all versions contain an authentication protocol vuln where the method used to auth between MCL Smart Patient Reader and MyCareLink Smart mobile app is vulnerable to bypass. This vuln allows attacker to use other mobile device or malicious app on smartphone to auth to the patientΓ’β¬β’s Smart Reader, fools the device into thinking its communicating with the actual smart phone application when executed in range of Bluetooth.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28861 βΌ
π Read
via "National Vulnerability Database".
OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28857 βΌ
π Read
via "National Vulnerability Database".
OpenAsset Digital Asset Management (DAM) through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25187 βΌ
π Read
via "National Vulnerability Database".
Medtronic MyCareLink Smart 25000 all versions are vulnerable when an attacker who gains auth runs a debug command, which is sent to the reader causing heap overflow in the MCL Smart Reader stack. A heap overflow allows attacker to remotely execute code on the MCL Smart Reader, could lead to control of device.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8282 βΌ
π Read
via "National Vulnerability Database".
A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29511 βΌ
π Read
via "National Vulnerability Database".
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8177 βΌ
π Read
via "National Vulnerability Database".
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20183 βΌ
π Read
via "National Vulnerability Database".
Insecure direct object reference vulnerability in ZyxelΓ’β¬β’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29303 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with _drts_form_build_id parameter containing the XSS payload and _t_ parameter set to an invalid or non-existent CSRF token.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20184 βΌ
π Read
via "National Vulnerability Database".
GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection.π Read
via "National Vulnerability Database".