‼ CVE-2020-36227 ‼
📖 Read
via "National Vulnerability Database".
A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27098 ‼
📖 Read
via "National Vulnerability Database".
In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible way to access contacts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-138791358📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5442 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22698 ‼
📖 Read
via "National Vulnerability Database".
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35576 ‼
📖 Read
via "National Vulnerability Database".
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28304 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13187 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36205 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28295 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5480 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13216 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-25015 ‼
📖 Read
via "National Vulnerability Database".
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28299 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5478 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21146 ‼
📖 Read
via "National Vulnerability Database".
Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28300 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
🕴 BEC Scammers Find New Ways to Navigate Microsoft 365 🕴
📖 Read
via "Dark Reading".
Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.📖 Read
via "Dark Reading".
Darkreading
BEC Scammers Find New Ways to Navigate Microsoft 365
Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.
❌ 23M Gamer Records Exposed in VIPGames Leak ❌
📖 Read
via "Threat Post".
The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds.📖 Read
via "Threat Post".
Threat Post
23M Gamer Records Exposed in VIPGames Leak
The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds.
🔏 Hacker Who Ransomed Companies Pleads Guilty 🔏
📖 Read
via "Digital Guardian".
The man admitted he accessed sites, stole data, and demanded companies pay a ransom to prevent the release of the data.📖 Read
via "Digital Guardian".
Digital Guardian
Hacker Who Ransomed Companies Pleads Guilty
The man admitted he accessed sites, stole data, and demanded companies pay a ransom to prevent the release of the data.
🕴 Mimecast: Recent Certificate Compromise Tied to SolarWinds Attacks 🕴
📖 Read
via "Dark Reading".
Yet another security firm hit in the sweeping attack campaign believed to be out of Russia.📖 Read
via "Dark Reading".
Dark Reading
Mimecast: Recent Certificate Compromise Tied to SolarWinds Attacks
Yet another security firm hit in the sweeping attack campaign believed to be out of Russia.
🕴 Privacy Teams Helped Navigate the Pivot to Work-from-Home 🕴
📖 Read
via "Dark Reading".
Annual Cisco privacy study also reports that 90% of organizations say their customers won't buy from them if they are not clear about data policy practices.📖 Read
via "Dark Reading".
Dark Reading
Privacy Teams Helped Navigate the Pivot to Work-from-Home
Annual Cisco privacy study also reports that 90% of organizations say their customers won't buy from them if they are not clear about data policy practices.