‼ CVE-2020-35416 ‼
📖 Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28072 ‼
📖 Read
via "National Vulnerability Database".
A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29606 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
🕴 Concerns Run High as More Details of SolarWinds Hack Emerge 🕴
📖 Read
via "Dark Reading".
Enterprises running company's Orion network management software should assume compromise and respond accordingly, security experts say.📖 Read
via "Dark Reading".
Dark Reading
Concerns Run High as More Details of SolarWinds Hack Emerge
Enterprises running company's Orion network management software should assume compromise and respond accordingly, security experts say.
🦿 How to prepare for quantum computing cybersecurity threats 🦿
📖 Read
via "Tech Republic".
Find out two steps your business can take now to prepare employees, as well as infrastructure, for possible quantum computing-related cybersecurity risks.📖 Read
via "Tech Republic".
TechRepublic
How to prepare for quantum computing cybersecurity threats
Find out two steps your business can take now to prepare employees, as well as infrastructure, for possible quantum computing-related cybersecurity risks.
‼ CVE-2020-35467 ‼
📖 Read
via "National Vulnerability Database".
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35466 ‼
📖 Read
via "National Vulnerability Database".
The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29663 ‼
📖 Read
via "National Vulnerability Database".
Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-16243 ‼
📖 Read
via "National Vulnerability Database".
SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35468 ‼
📖 Read
via "National Vulnerability Database".
The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35121 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35193 ‼
📖 Read
via "National Vulnerability Database".
The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35465 ‼
📖 Read
via "National Vulnerability Database".
The FullArmor HAPI File Share Mount Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the FullArmor HAPI File Share Mount container may allow the remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35463 ‼
📖 Read
via "National Vulnerability Database".
Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35462 ‼
📖 Read
via "National Vulnerability Database".
Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35469 ‼
📖 Read
via "National Vulnerability Database".
The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35464 ‼
📖 Read
via "National Vulnerability Database".
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35122 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28458 ‼
📖 Read
via "National Vulnerability Database".
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26258 ‼
📖 Read
via "National Vulnerability Database".
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5682 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to cause a denial of service via unspecified vectors.📖 Read
via "National Vulnerability Database".