‼ CVE-2020-27716 ‼
📖 Read
via "National Vulnerability Database".
On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when a BIG-IP APM virtual server processes traffic of an undisclosed nature, the Traffic Management Microkernel (TMM) stops responding and restarts.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9120 ‼
📖 Read
via "National Vulnerability Database".
CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded normally.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27728 ‼
📖 Read
via "National Vulnerability Database".
On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon (AVRD) may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35680 ‼
📖 Read
via "National Vulnerability Database".
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9201 ‼
📖 Read
via "National Vulnerability Database".
There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28187 ‼
📖 Read
via "National Vulnerability Database".
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to /include/core/index.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28188 ‼
📖 Read
via "National Vulnerability Database".
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35679 ‼
📖 Read
via "National Vulnerability Database".
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27729 ‼
📖 Read
via "National Vulnerability Database".
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI.📖 Read
via "National Vulnerability Database".
🦿 Why AI and security pros need to work together to fight cybercrime 🦿
📖 Read
via "Tech Republic".
Cybercriminals sometimes use AI to their benefit. In order to defeat these cyber bad guys, security pros and AI should focus on what they do best.📖 Read
via "Tech Republic".
TechRepublic
Why AI and security pros need to work together to fight cybercrime
Cybercriminals sometimes use AI to their benefit. In order to defeat these cyber bad guys, security pros and AI should focus on what they do best.
🕴 Amazon Gift Card Scam Delivers Dridex This Holiday Season 🕴
📖 Read
via "Dark Reading".
Dridex operators launch a social engineering scam that promises victims a $100 gift card but delivers a banking Trojan.📖 Read
via "Dark Reading".
Dark Reading
Amazon Gift Card Scam Delivers Dridex This Holiday Season
Dridex operators launch a social engineering scam that promises victims a $100 gift card but delivers a banking Trojan.
‼ CVE-2020-24658 ‼
📖 Read
via "National Vulnerability Database".
Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes a guard value to the stack prior to (above) any vulnerable arrays in the stack. The guard value is checked for corruption on function return; corruption leads to an error-handler call. In certain circumstances, the reference value that is compared against the guard value is itself also written to the stack (after any vulnerable arrays). The reference value is written to the stack when the function runs out of registers to use for other temporary data. If both the reference value and the guard value are written to the stack, then the stack protection will fail to spot corruption when both values are overwritten with the same value. For both the reference value and the guard value to be corrupted, there would need to be both a buffer overflow and a buffer underflow in the vulnerable arrays (or some other vulnerability that causes two separated stack entries to be corrupted).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35693 ‼
📖 Read
via "National Vulnerability Database".
On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia's COVIDSafe app, Singapore's TraceTogether app, or France's TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26282 ‼
📖 Read
via "National Vulnerability Database".
BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests. A Server-Side Template Injection was identified in BrowserUp Proxy enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. This has been patched in version 2.1.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35702 ‼
📖 Read
via "National Vulnerability Database".
DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document.📖 Read
via "National Vulnerability Database".
🦿 Why cybersecurity tools fail when it comes to ambiguity 🦿
📖 Read
via "Tech Republic".
Artificial intelligence will likely help with cybersecurity, though figuring out how to handle ambiguous situations is critical.📖 Read
via "Tech Republic".
TechRepublic
Why cybersecurity tools fail when it comes to ambiguity
Artificial intelligence will likely help with cybersecurity, though figuring out how to handle ambiguous situations is critical.
‼ CVE-2020-35707 ‼
📖 Read
via "National Vulnerability Database".
Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35708 ‼
📖 Read
via "National Vulnerability Database".
phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35705 ‼
📖 Read
via "National Vulnerability Database".
Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35706 ‼
📖 Read
via "National Vulnerability Database".
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35704 ‼
📖 Read
via "National Vulnerability Database".
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen.📖 Read
via "National Vulnerability Database".