🕴 HelpSystems Acquires Data Security Firm Vera 🕴
📖 Read
via "Dark Reading".
The purchase is intended to increase London-based HelpSystems' file collaboration security capabilities.📖 Read
via "Dark Reading".
Dark Reading
HelpSystems Acquires Data Security Firm Vera
The purchase is intended to increase London-based HelpSystems' file collaboration security capabilities.
🕴 Quarterbacking Vulnerability Remediation 🕴
📖 Read
via "Dark Reading".
It's time that security got out of the armchair and out on the field.📖 Read
via "Dark Reading".
Dark Reading
Quarterbacking Vulnerability Remediation
It's time that security got out of the armchair and out on the field.
❌ Windows Zero-Day Still Circulating After Faulty Fix ❌
📖 Read
via "Threat Post".
The LPE bug could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.📖 Read
via "Threat Post".
Threat Post
Windows Zero-Day Still Circulating After Faulty Fix
The LPE bug could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
‼ CVE-2020-9200 ‼
📖 Read
via "National Vulnerability Database".
There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28169 ‼
📖 Read
via "National Vulnerability Database".
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9119 ‼
📖 Read
via "National Vulnerability Database".
There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27726 ‼
📖 Read
via "National Vulnerability Database".
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27724 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic over the tunnel.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35659 ‼
📖 Read
via "National Vulnerability Database".
The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly query DNS with a malicious hostname can cause arbitrary JavaScript to execute when the Pi-hole administrator visits the Query Log or Long-term data Query Log page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9137 ‼
📖 Read
via "National Vulnerability Database".
There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28184 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27721 ‼
📖 Read
via "National Vulnerability Database".
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.1, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, in a BIG-IP DNS / BIG-IP LTM GSLB deployment, under certain circumstances, the BIG-IP DNS system may stop using a BIG-IP LTM virtual server for DNS response.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28185 ‼
📖 Read
via "National Vulnerability Database".
User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29189 ‼
📖 Read
via "National Vulnerability Database".
Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27716 ‼
📖 Read
via "National Vulnerability Database".
On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when a BIG-IP APM virtual server processes traffic of an undisclosed nature, the Traffic Management Microkernel (TMM) stops responding and restarts.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9120 ‼
📖 Read
via "National Vulnerability Database".
CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded normally.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27728 ‼
📖 Read
via "National Vulnerability Database".
On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon (AVRD) may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35680 ‼
📖 Read
via "National Vulnerability Database".
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9201 ‼
📖 Read
via "National Vulnerability Database".
There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28187 ‼
📖 Read
via "National Vulnerability Database".
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to /include/core/index.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28188 ‼
📖 Read
via "National Vulnerability Database".
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.📖 Read
via "National Vulnerability Database".