‼ CVE-2020-25758 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14302 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.📖 Read
via "National Vulnerability Database".
❌ Subway Sandwich Loyalty-Card Users Suffer Ham-Handed Phishing Scam ❌
📖 Read
via "Threat Post".
Subway loyalty program members in U.K. and Ireland have been sent scam emails to trick them into downloading malware.📖 Read
via "Threat Post".
Threat Post
Subway Sandwich Loyalty-Card Users Suffer Ham-Handed Phishing Scam
Subway loyalty program members in U.K. and Ireland have been sent scam emails to trick them into downloading malware.
🕴 Twitter Fined in Irish GDPR Action 🕴
📖 Read
via "Dark Reading".
The $547K fine results from an issue Twitter reported in 2019.📖 Read
via "Dark Reading".
Dark Reading
Twitter Fined in Irish GDPR Action
The $547K fine results from an issue Twitter reported in 2019.
‼ CVE-2020-35381 ‼
📖 Read
via "National Vulnerability Database".
jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35380 ‼
📖 Read
via "National Vulnerability Database".
GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23957 ‼
📖 Read
via "National Vulnerability Database".
Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35416 ‼
📖 Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28072 ‼
📖 Read
via "National Vulnerability Database".
A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29606 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
🕴 Concerns Run High as More Details of SolarWinds Hack Emerge 🕴
📖 Read
via "Dark Reading".
Enterprises running company's Orion network management software should assume compromise and respond accordingly, security experts say.📖 Read
via "Dark Reading".
Dark Reading
Concerns Run High as More Details of SolarWinds Hack Emerge
Enterprises running company's Orion network management software should assume compromise and respond accordingly, security experts say.
🦿 How to prepare for quantum computing cybersecurity threats 🦿
📖 Read
via "Tech Republic".
Find out two steps your business can take now to prepare employees, as well as infrastructure, for possible quantum computing-related cybersecurity risks.📖 Read
via "Tech Republic".
TechRepublic
How to prepare for quantum computing cybersecurity threats
Find out two steps your business can take now to prepare employees, as well as infrastructure, for possible quantum computing-related cybersecurity risks.
‼ CVE-2020-35467 ‼
📖 Read
via "National Vulnerability Database".
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35466 ‼
📖 Read
via "National Vulnerability Database".
The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29663 ‼
📖 Read
via "National Vulnerability Database".
Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-16243 ‼
📖 Read
via "National Vulnerability Database".
SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35468 ‼
📖 Read
via "National Vulnerability Database".
The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35121 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35193 ‼
📖 Read
via "National Vulnerability Database".
The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35465 ‼
📖 Read
via "National Vulnerability Database".
The FullArmor HAPI File Share Mount Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the FullArmor HAPI File Share Mount container may allow the remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35463 ‼
📖 Read
via "National Vulnerability Database".
Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".