βΌ CVE-2020-36066 βΌ
π Read
via "National Vulnerability Database".
GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36052 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29501 βΌ
π Read
via "National Vulnerability Database".
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29490 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2019-20484 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26181 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29489 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36067 βΌ
π Read
via "National Vulnerability Database".
GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29437 βΌ
π Read
via "National Vulnerability Database".
SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsForm[profileUserId] parameter to the buzz/loadMoreProfile endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2019-20483 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26199 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29502 βΌ
π Read
via "National Vulnerability Database".
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23250 βΌ
π Read
via "National Vulnerability Database".
GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7336 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3026 βΌ
π Read
via "National Vulnerability Database".
Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment.π Read
via "National Vulnerability Database".
β Feds Pinpoint Russia as βLikelyβ Culprit Behind SolarWinds Attack β
π Read
via "Threat Post".
The widespread compromise affecting key government agencies is ongoing, according to the U.S. government.π Read
via "Threat Post".
Threat Post
Feds Pinpoint Russia as βLikelyβ Culprit Behind SolarWinds Attack
The widespread compromise affecting key government agencies is ongoing, according to the U.S. government.
βΌ CVE-2020-4336 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8884 βΌ
π Read
via "National Vulnerability Database".
rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows Agent) before 7.9 allows remote authenticated users to execute arbitrary code as SYSTEM because of improper deserialization over named pipes.π Read
via "National Vulnerability Database".
βΌ CVE-2020-10657 βΌ
π Read
via "National Vulnerability Database".
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remote attacker (with admin or config-admin privileges in the console) to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.π Read
via "National Vulnerability Database".
βΌ CVE-2020-10658 βΌ
π Read
via "National Vulnerability Database".
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.π Read
via "National Vulnerability Database".
βΌ CVE-2020-10655 βΌ
π Read
via "National Vulnerability Database".
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.π Read
via "National Vulnerability Database".