βΌ CVE-2020-13519 βΌ
π Read
via "National Vulnerability Database".
A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26280 βΌ
π Read
via "National Vulnerability Database".
OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting (XSS). In the web applications users can enter rich text in various places, e.g. for personal notes or in motions. These fields can be used to store arbitrary JavaScript Code that will be executed when other users read the respective text. An attacker could utilize this vulnerability be used to manipulate votes of other users, hijack the moderators session or simply disturb the meeting. The vulnerability was introduced with 6eae497abeab234418dfbd9d299e831eff86ed45 on 16.04.2020, which is first included in the 3.2 release. It has been patched in version 3.3 ( in commit f3809fc8a97ee305d721662a75f788f9e9d21938, merged in master on 20.11.2020).π Read
via "National Vulnerability Database".
βΌ CVE-2020-13513 βΌ
π Read
via "National Vulnerability Database".
A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0dc gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20277 βΌ
π Read
via "National Vulnerability Database".
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20299 βΌ
π Read
via "National Vulnerability Database".
WeiPHP 5.0 does not properly restrict access to pages, related to using POST.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20285 βΌ
π Read
via "National Vulnerability Database".
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2020-20300 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in the wp_where function in WeiPHP 5.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13515 βΌ
π Read
via "National Vulnerability Database".
A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability.π Read
via "National Vulnerability Database".
π¦Ώ COVID-19 has not slowed global zero trust implementations π¦Ώ
π Read
via "Tech Republic".
Enterprise Management Associates and Pulse Secure report that 60% of organizations have accelerated their zero trust projects during the pandemic, while only 15% have slowed down.π Read
via "Tech Republic".
TechRepublic
COVID-19 has not slowed global zero trust implementations
Enterprise Management Associates and Pulse Secure report that 60% of organizations have accelerated their zero trust projects during the pandemic, while only 15% have slowed down.
βΌ CVE-2020-7203 βΌ
π Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. The vulnerability could be exploited to allow remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14224 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14271 βΌ
π Read
via "National Vulnerability Database".
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7201 βΌ
π Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and HPE StoreEver 1/8 G2 Tape Autoloaders. The vulnerability could be remotely exploited to allow Cross-site Request Forgery (CSRF).π Read
via "National Vulnerability Database".
βΌ CVE-2020-7200 βΌ
π Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29447 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35590 βΌ
π Read
via "National Vulnerability Database".
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious user is not limited to perform a brute force attack, because the client IP header accepts any arbitrary string. When randomizing the header input, the login count does not ever reach the maximum allowed retries.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35589 βΌ
π Read
via "National Vulnerability Database".
The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims.π Read
via "National Vulnerability Database".
β Naked Security Live β Watch out for Messenger scams β
π Read
via "Naked Security".
Here's the latest Naked Security video talk - watch now! (And please share with your friends...)π Read
via "Naked Security".
Naked Security
Naked Security Live β Watch out for Messenger scams
Hereβs the latest Naked Security video talk β watch now! (And please share with your friendsβ¦)
β Telemed Poll Uncovers Biggest Risks and Best Practices β
π Read
via "Threat Post".
What are the riskiest links in the virtual healthcare chain? Threatpost readers weigh in as part of an exclusive telemed poll.π Read
via "Threat Post".
Threat Post
Telemed Poll Uncovers Biggest Risks and Best Practices
What are the riskiest links in the virtual healthcare chain? Threatpost readers weigh in as part of an exclusive telemed poll.
π΄ We Have a National Cybersecurity Emergency -- Here's How We Can Respond π΄
π Read
via "Dark Reading".
Let's prioritize bipartisan strategic actions that can ensure our national security and strengthen the economy. Here are five ideas for how to do that.π Read
via "Dark Reading".
Dark Reading
We Have a National Cybersecurity Emergency -- Here's How We Can Respond
Let's prioritize bipartisan strategic actions that can ensure our national security and strengthen the economy. Here are five ideas for how to do that.
π¦Ώ 6 modern data stack trends to look for in 2021 π¦Ώ
π Read
via "Tech Republic".
TechRepublic spoke with dozens of experts who said the influx of companies interested in doing more with their data is only increasing.π Read
via "Tech Republic".
TechRepublic
6 modern data stack trends to look for in 2021
TechRepublic spoke with dozens of experts who said the influx of companies interested in doing more with their data is only increasing.