βΌ CVE-2020-25229 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device.π Read
via "National Vulnerability Database".
βΌ CVE-2019-19289 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link.π Read
via "National Vulnerability Database".
βΌ CVE-2019-19285 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow injections that could lead to XSS attacks if unsuspecting users are tricked into accessing a malicious link.π Read
via "National Vulnerability Database".
βΌ CVE-2020-0466 βΌ
π Read
via "National Vulnerability Database".
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2020-0458 βΌ
π Read
via "National Vulnerability Database".
In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-160265164π Read
via "National Vulnerability Database".
βΌ CVE-2019-19283 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in XHQ (All Versions < 6.1). The application's web server could expose non-sensitive information about the server's architecture. This could allow an attacker to adapt further attacks to the version in place.π Read
via "National Vulnerability Database".
βΌ CVE-2019-19284 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users.π Read
via "National Vulnerability Database".
βΌ CVE-2020-0469 βΌ
π Read
via "National Vulnerability Database".
In addEscrowToken of LockSettingsService.java, there is a possible loss of the synthetic password due to logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168692734π Read
via "National Vulnerability Database".
βΌ CVE-2020-25231 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25230 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device.π Read
via "National Vulnerability Database".
βΌ CVE-2020-0465 βΌ
π Read
via "National Vulnerability Database".
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2020-25707 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020-28916π Read
via "National Vulnerability Database".
βΌ CVE-2020-35470 βΌ
π Read
via "National Vulnerability Database".
Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).π Read
via "National Vulnerability Database".
βΌ CVE-2020-35471 βΌ
π Read
via "National Vulnerability Database".
Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.π Read
via "National Vulnerability Database".
β Phishing tricks that really work β and how to avoid them β
π Read
via "Naked Security".
Get inside the mindset of your adversaries to increase your chances of spotting a phish.π Read
via "Naked Security".
Naked Security
Phishing tricks that really work β and how to avoid them
Get inside the mindset of your adversaries to increase your chances of spotting a phish.
π΄ The Private Sector Needs a Cybersecurity Transformation π΄
π Read
via "Dark Reading".
Cybersecurity must get to the point where it's equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away.π Read
via "Dark Reading".
Dark Reading
The Private Sector Needs a Cybersecurity Transformation - Dark Reading
Cybersecurity must get to the point where it's equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away.
π¦Ώ How understanding cognitive science can strengthen cybersecurity's weak links π¦Ώ
π Read
via "Tech Republic".
Learn how applying cognitive science is one way to thwart cybercriminals' abilities to get unsuspecting users to do their bidding.π Read
via "Tech Republic".
TechRepublic
How understanding cognitive science can strengthen cybersecurity's weak links
Learn how applying cognitive science is one way to thwart cybercriminals' abilities to get unsuspecting users to do their bidding.
π1
β Naked Security Live β How to avoid βbig brandβ email scams β
π Read
via "Naked Security".
Here's the latest Naked Security video - watch now (and please share with your friends)!π Read
via "Naked Security".
Naked Security
Naked Security Live β How to avoid βbig brandβ email scams
Hereβs the latest Naked Security video β watch now (and please share with your friends)!
βΌ CVE-2020-28203 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service).π Read
via "National Vulnerability Database".
π American Fuzzy Lop plus plus 3.0c π
π Read
via "Packet Storm Security".
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.π Read
via "Packet Storm Security".
Packetstormsecurity
American Fuzzy Lop plus plus 3.0c β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ The lines between corporate and tech strategy continue to blur π¦Ώ
π Read
via "Tech Republic".
Strategic platforms with advanced analytics, automation, and AI are on tap for 2021, according to Deloitte.π Read
via "Tech Republic".
TechRepublic
The lines between corporate and tech strategy continue to blur
Strategic platforms with advanced analytics, automation, and AI are on tap for 2021, according to Deloitte.