βΌ CVE-2020-4846 (security_key_lifecycle_manager) βΌ
π Read
via "National Vulnerability Database".
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190290.π Read
via "National Vulnerability Database".
β Nuclear Weapons Agency Hacked in Widening Cyberattack β Report β
π Read
via "Threat Post".
Sources said the DoE suffered "damage" in the attack, which also likely extends beyond the initially known SolarWinds Orion attack vector.π Read
via "Threat Post".
Threat Post
Nuclear Weapons Agency Hacked in Widening Cyberattack
The DoE suffered "damage" in the attack, which also likely extends beyond the initially known SolarWinds Orion attack vector.
β How to Increase Your Security Posture with Fewer Resources β
π Read
via "Threat Post".
Plixer's Justin Jett, Compliance & Audit director, discusses how to do more with less when your security resources are thin.π Read
via "Threat Post".
Threat Post
How to Increase Your Security Posture with Fewer Resources
Plixer's Justin Jett, Compliance & Audit director, discusses how to prioritize when your security resources are thin.
βΌ CVE-2020-8465 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8464 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8463 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8466 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8462 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27010 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8461 βΌ
π Read
via "National Vulnerability Database".
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.π Read
via "National Vulnerability Database".
β βIs it you in the video?β β donβt fall for this Messenger scam β
π Read
via "Naked Security".
If a friend asks "is it you in the video", don't be in hurry to find out!π Read
via "Naked Security".
Naked Security
βIs it you in the video?β β donβt fall for this Messenger scam
If a friend asks βis it you in the videoβ, donβt be in hurry to find out!
βΌ CVE-2020-12521 βΌ
π Read
via "National Vulnerability Database".
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13509 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) Using the IRP 0x9c4060cc gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability and this access could allow for information leakage of sensitive data.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14232 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13528 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13516 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12517 βΌ
π Read
via "National Vulnerability Database".
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).π Read
via "National Vulnerability Database".
βΌ CVE-2020-12518 βΌ
π Read
via "National Vulnerability Database".
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20138 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20140 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13511 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d4 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability.π Read
via "National Vulnerability Database".