βΌ CVE-2020-35507 βΌ
π Read
via "National Vulnerability Database".
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17537 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35495 βΌ
π Read
via "National Vulnerability Database".
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35494 βΌ
π Read
via "National Vulnerability Database".
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36112 βΌ
π Read
via "National Vulnerability Database".
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35493 βΌ
π Read
via "National Vulnerability Database".
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22550 βΌ
π Read
via "National Vulnerability Database".
Veno File Manager 3.5.6 is affected by a directory traversal vulnerability. Using the traversal allows an attacker to download sensitive files from the server.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17535 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.π Read
via "National Vulnerability Database".
β Leading Game Publishers Hit Hard by Leaked-Credential Epidemic β
π Read
via "Threat Post".
Over 500,000 leaked credentials tied to the top two dozen leading gaming companies are for sale online.π Read
via "Threat Post".
Threat Post
Leading Game Publishers Hit Hard by Leaked-Credential Epidemic
Over 500,000 leaked credentials tied to the top two dozen leading gaming companies are for sale online.
π NIST Issues PACS Guidance for Healthcare Delivery Organizations π
π Read
via "Digital Guardian".
NIST's latest guidance is geared towards preventing healthcare organizations that oversee PACS software from exposing patient data.π Read
via "Digital Guardian".
Digital Guardian
NIST Issues PACS Guidance for Healthcare Delivery Organizations
NIST's latest guidance is geared towards preventing healthcare organizations that oversee PACS software from exposing patient data.
βΌ CVE-2021-3014 βΌ
π Read
via "National Vulnerability Database".
In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26293 βΌ
π Read
via "National Vulnerability Database".
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `<style>` tag, an attacker could craft HTML that includes script after passing through the sanitizer. The default settings disallow the `<style>` tag so there is no risk if you have not explicitly allowed the `<style>` tag. The problem has been fixed in version 5.0.372.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26294 βΌ
π Read
via "National Vulnerability Database".
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server configuration. It impacts all users of Vela. An attacker can use Sprig's `env` function to retrieve configuration information, see referenced GHSA for an example. This has been fixed in version 0.6.1. In addition to upgrading, it is recommended to rotate all secrets.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26297 βΌ
π Read
via "National Vulnerability Database".
mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which could allow an attacker to execute arbitrary JavaScript code on the page. The search feature of mdBook (introduced in version 0.1.4) was affected by a cross site scripting vulnerability that allowed an attacker to execute arbitrary JavaScript code on an user's browser by tricking the user into typing a malicious search query, or tricking the user into clicking a link to the search page with the malicious search query prefilled. mdBook 0.4.5 fixes the vulnerability by properly escaping the search query. Owners of websites built with mdBook have to upgrade to mdBook 0.4.5 or greater and rebuild their website contents with it.π Read
via "National Vulnerability Database".
β Researcher Breaks reCAPTCHA With Googleβs Speech-to-Text API β
π Read
via "Threat Post".
Researcher uses an old unCAPTCHA trick against latest the audio version of reCAPTCHA, with a 97 percent success rate.π Read
via "Threat Post".
Threat Post
Researcher Breaks reCAPTCHA With Googleβs Speech-to-Text API
Researcher uses an old unCAPTCHA trick against latest the audio version of reCAPTCHA, with a 97 percent success rate.
βΌ CVE-2020-5361 βΌ
π Read
via "National Vulnerability Database".
Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29498 βΌ
π Read
via "National Vulnerability Database".
Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29497 βΌ
π Read
via "National Vulnerability Database".
Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code under the device tag. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29496 βΌ
π Read
via "National Vulnerability Database".
Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with high privileges could exploit this vulnerability to store malicious HTML or JavaScript code while creating the Enduser. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29492 βΌ
π Read
via "National Vulnerability Database".
Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any target specific station.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29491 βΌ
π Read
via "National Vulnerability Database".
Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the sensitive information on the local network, leading to the potential compromise of impacted thin clients.π Read
via "National Vulnerability Database".