βΌ CVE-2020-26988 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23124 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26991 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All Versions < V13.1.0), JT2Go (V 13.1.0), Teamcenter Visualization (All Versions < V13.1.0), Teamcenter Visualization (V 13.1.0). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26985 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26989 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All Versions < V13.1.0), JT2Go (V 13.1.0), Solid Edge (All Versions < SE2021MP2), Teamcenter Visualization (All Versions < V13.1.0), Teamcenter Visualization (V 13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26982 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CG4 and CGM files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26980 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing JT files. A crafted JT file can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28381 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Solid Edge (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23930 βΌ
π Read
via "National Vulnerability Database".
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23936 βΌ
π Read
via "National Vulnerability Database".
OX App Suite through 7.10.4 allows XSS via the subject of a task.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28395 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28391 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23927 βΌ
π Read
via "National Vulnerability Database".
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23932 βΌ
π Read
via "National Vulnerability Database".
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26990 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All Versions < V13.1.0), JT2Go (V 13.1.0), Teamcenter Visualization (All Versions < V13.1.0), Teamcenter Visualization (V 13.1.0). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36191 βΌ
π Read
via "National Vulnerability Database".
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).π Read
via "National Vulnerability Database".
βΌ CVE-2020-28374 βΌ
π Read
via "National Vulnerability Database".
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.π Read
via "National Vulnerability Database".
β CISOs Prep For COVID-19 Exposure Notification in the Workplace β
π Read
via "Threat Post".
Security teams are preparing for the inevitable return to the workplace - and the privacy implications of exposure notification apps that companies may need to adopt.π Read
via "Threat Post".
Threat Post
CISOs Prep For COVID-19 Exposure Notification in the Workplace
Security teams are preparing for the inevitable return to the workplace - and the privacy implications of exposure notification apps that companies may need to adopt.
π΄ The Data-Centric Path to Zero Trust π΄
π Read
via "Dark Reading".
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.π Read
via "Dark Reading".
Dark Reading
The Data-Centric Path to Zero Trust
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
β Home schooling β how to stay secure β
π Read
via "Naked Security".
Whether youβre new to home schooling or an old hand, itβs worth taking a moment to ensure youβre doing it securely.π Read
via "Naked Security".
Naked Security
Home schooling β how to stay secure
Whether youβre new to home schooling or an old hand, itβs worth taking a moment to ensure youβre doing it securely.
β Sophisticated Hacks Against Android, Windows Reveals Zero-Day Trove β
π Read
via "Threat Post".
Watering-hole attacks executed by βexpertsβ exploited Chrome, Windows and Android flaws and were carried out on two servers.π Read
via "Threat Post".
Threat Post
Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove
Watering-hole attacks executed by βexpertsβ exploited Chrome, Windows and Android flaws and were carried out on two servers.