‼ CVE-2020-13573 ‼
📖 Read
via "National Vulnerability Database".
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-6656 ‼
📖 Read
via "National Vulnerability Database".
Eaton's easySoft software v7.20 and prior are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-19418 ‼
📖 Read
via "National Vulnerability Database".
Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-18689 ‼
📖 Read
via "National Vulnerability Database".
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4892 ‼
📖 Read
via "National Vulnerability Database".
IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4898 ‼
📖 Read
via "National Vulnerability Database".
IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27835 ‼
📖 Read
via "National Vulnerability Database".
A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-20315 ‼
📖 Read
via "National Vulnerability Database".
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-20311 ‼
📖 Read
via "National Vulnerability Database".
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4896 ‼
📖 Read
via "National Vulnerability Database".
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-20309 ‼
📖 Read
via "National Vulnerability Database".
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4895 ‼
📖 Read
via "National Vulnerability Database".
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-20312 ‼
📖 Read
via "National Vulnerability Database".
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25476 ‼
📖 Read
via "National Vulnerability Database".
Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected and reflected in the calendar of the user who submitted the payload. An attacker could escalate its privileges in case an admin visits the calendar that injected the payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-20313 ‼
📖 Read
via "National Vulnerability Database".
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-18688 ‼
📖 Read
via "National Vulnerability Database".
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25680 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from this vulnerability is to data integrity.📖 Read
via "National Vulnerability Database".
🦿 How to quickly check to see if your Linux server is under a DDoS attack from a single IP address 🦿
📖 Read
via "Tech Republic".
Jack Wallen shows you an easy way to determine if your Linux server is under a DDoS attack and how to quickly stop it.📖 Read
via "Tech Republic".
TechRepublic
How to quickly check to see if your Linux server is under a DoS attack from a single IP address
Jack Wallen shows you an easy way to determine if your Linux server is under a DDoS attack and how to quickly stop it.
❌ Fired Healthcare Exec Stalls Critical PPE Shipment for Months ❌
📖 Read
via "Threat Post".
A fired Stradis Healthcare employee sought revenge by tampering with shipping data for desperately needed healthcare PPE.📖 Read
via "Threat Post".
Threat Post
Fired Healthcare Exec Stalls Critical PPE Shipment for Months
A fired Stradis Healthcare employee sought revenge by tampering with shipping data for desperately needed healthcare PPE.
🕴 Ransomware Victims' Data Published via DDoSecrets 🕴
📖 Read
via "Dark Reading".
Activists behind Distributed Denial of Secrets has shared 1TB of data pulled from Dark Web sites where it was shared by ransomware attackers.📖 Read
via "Dark Reading".
Dark Reading
Ransomware Victims' Data Published via DDoSecrets
Activists behind Distributed Denial of Secrets has shared 1TB of data pulled from Dark Web sites where it was shared by ransomware attackers.
🕴 How the Shady Zero-Day Sales Game Is Evolving 🕴
📖 Read
via "Dark Reading".
Zero-day vulns are cold, while access-as-a-service is hot. Here's how black market (and gray market) deals go down.📖 Read
via "Dark Reading".
Darkreading
How the Shady Zero-Day Sales Game Is Evolving
Zero-day vulns are cold, while access-as-a-service is hot. Here's how black market (and gray market) deals go down.