βΌ CVE-2020-6907 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6911 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21234 βΌ
π Read
via "National Vulnerability Database".
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin (spring boot actuator) HTTP endpoints. Both the filename to view and a base folder (relative to the logging folder root) can be specified via request parameters. While the filename parameter was checked to prevent directory traversal exploits (so that `filename=../somefile` would not work), the base folder parameter was not sufficiently checked, so that `filename=somefile&base=../` could access a file outside the logging base directory). The vulnerability has been patched in release 0.2.13. Any users of 0.2.12 should be able to update without any issues as there are no other changes in that release. There is no workaround to fix the vulnerability other than updating or removing the dependency. However, removing read access of the user the application is run with to any directory not required for running the application can limit the impact. Additionally, access to the logview endpoint can be limited by deploying the application behind a reverse proxy.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3022 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on LG mobile devices with Android OS 10 software. There was no write protection for the MTK protect2 partition. The LG ID is LVE-SMP-200028 (January 2021).π Read
via "National Vulnerability Database".
βΌ CVE-2020-6897 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6887 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27844 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27842 βΌ
π Read
via "National Vulnerability Database".
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6885 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22492 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Broadcom Bluetooth chipsets) software. The Bluetooth UART driver has a buffer overflow. The Samsung ID is SVE-2020-18731 (January 2021).π Read
via "National Vulnerability Database".
βΌ CVE-2020-6905 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22495 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) (Exynos chipsets) software. The Mali GPU driver allows out-of-bounds access and a device reset. The Samsung ID is SVE-2020-19174 (January 2021).π Read
via "National Vulnerability Database".
βΌ CVE-2020-6895 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6906 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6904 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.π Read
via "National Vulnerability Database".
π Sabre Agrees to $2.4M Settlement Following 2017 Data Breach π
π Read
via "Digital Guardian".
The travel company Sabre has agreed to pay $2.4 million and make changes to its cybersecurity policies following a 2017 data breach that exposed 1.3 million consumer credit cards.π Read
via "Digital Guardian".
Digital Guardian
Sabre Agrees to $2.4M Settlement Following 2017 Data Breach
The travel company Sabre has agreed to pay $2.4 million and make changes to its cybersecurity policies following a 2017 data breach that exposed 1.3 million consumer credit cards.
β Google Warns of Critical Android Remote Code Execution Bug β
π Read
via "Threat Post".
Google's Android security update addressed 43 bugs overall affecting Android handsets, including Samsung phones.π Read
via "Threat Post".
Threat Post
Google Warns of Critical Android Remote Code Execution Bug
Google's Android security update addressed 43 bugs overall affecting Android handsets, including Samsung phones.
β Telegram Triangulation Pinpoints Usersβ Exact Locations β
π Read
via "Threat Post".
The "People Nearby" feature in the secure messaging app can be abused to unmask a user's precise location, a researcher said.π Read
via "Threat Post".
Threat Post
Telegram Triangulation Pinpoints Usersβ Exact Locations
The "People Nearby" feature in the secure messaging app can be abused to unmask a user's precise location, a researcher said.
βΌ CVE-2020-5052 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5090 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5099 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.π Read
via "National Vulnerability Database".