‼ CVE-2020-13187 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36205 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28295 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5480 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13216 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-25015 ‼
📖 Read
via "National Vulnerability Database".
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28299 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5478 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21146 ‼
📖 Read
via "National Vulnerability Database".
Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28300 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
🕴 BEC Scammers Find New Ways to Navigate Microsoft 365 🕴
📖 Read
via "Dark Reading".
Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.📖 Read
via "Dark Reading".
Darkreading
BEC Scammers Find New Ways to Navigate Microsoft 365
Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.
❌ 23M Gamer Records Exposed in VIPGames Leak ❌
📖 Read
via "Threat Post".
The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds.📖 Read
via "Threat Post".
Threat Post
23M Gamer Records Exposed in VIPGames Leak
The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds.
🔏 Hacker Who Ransomed Companies Pleads Guilty 🔏
📖 Read
via "Digital Guardian".
The man admitted he accessed sites, stole data, and demanded companies pay a ransom to prevent the release of the data.📖 Read
via "Digital Guardian".
Digital Guardian
Hacker Who Ransomed Companies Pleads Guilty
The man admitted he accessed sites, stole data, and demanded companies pay a ransom to prevent the release of the data.
🕴 Mimecast: Recent Certificate Compromise Tied to SolarWinds Attacks 🕴
📖 Read
via "Dark Reading".
Yet another security firm hit in the sweeping attack campaign believed to be out of Russia.📖 Read
via "Dark Reading".
Dark Reading
Mimecast: Recent Certificate Compromise Tied to SolarWinds Attacks
Yet another security firm hit in the sweeping attack campaign believed to be out of Russia.
🕴 Privacy Teams Helped Navigate the Pivot to Work-from-Home 🕴
📖 Read
via "Dark Reading".
Annual Cisco privacy study also reports that 90% of organizations say their customers won't buy from them if they are not clear about data policy practices.📖 Read
via "Dark Reading".
Dark Reading
Privacy Teams Helped Navigate the Pivot to Work-from-Home
Annual Cisco privacy study also reports that 90% of organizations say their customers won't buy from them if they are not clear about data policy practices.
‼ CVE-2020-27299 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27295 ‼
📖 Read
via "National Vulnerability Database".
The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27274 ‼
📖 Read
via "National Vulnerability Database".
Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27297 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13582 ‼
📖 Read
via "National Vulnerability Database".
A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22159 ‼
📖 Read
via "National Vulnerability Database".
Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected.📖 Read
via "National Vulnerability Database".