‼ CVE-2020-13216 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-25015 ‼
📖 Read
via "National Vulnerability Database".
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28299 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5478 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21146 ‼
📖 Read
via "National Vulnerability Database".
Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28300 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
🕴 BEC Scammers Find New Ways to Navigate Microsoft 365 🕴
📖 Read
via "Dark Reading".
Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.📖 Read
via "Dark Reading".
Darkreading
BEC Scammers Find New Ways to Navigate Microsoft 365
Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.
❌ 23M Gamer Records Exposed in VIPGames Leak ❌
📖 Read
via "Threat Post".
The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds.📖 Read
via "Threat Post".
Threat Post
23M Gamer Records Exposed in VIPGames Leak
The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds.
🔏 Hacker Who Ransomed Companies Pleads Guilty 🔏
📖 Read
via "Digital Guardian".
The man admitted he accessed sites, stole data, and demanded companies pay a ransom to prevent the release of the data.📖 Read
via "Digital Guardian".
Digital Guardian
Hacker Who Ransomed Companies Pleads Guilty
The man admitted he accessed sites, stole data, and demanded companies pay a ransom to prevent the release of the data.
🕴 Mimecast: Recent Certificate Compromise Tied to SolarWinds Attacks 🕴
📖 Read
via "Dark Reading".
Yet another security firm hit in the sweeping attack campaign believed to be out of Russia.📖 Read
via "Dark Reading".
Dark Reading
Mimecast: Recent Certificate Compromise Tied to SolarWinds Attacks
Yet another security firm hit in the sweeping attack campaign believed to be out of Russia.
🕴 Privacy Teams Helped Navigate the Pivot to Work-from-Home 🕴
📖 Read
via "Dark Reading".
Annual Cisco privacy study also reports that 90% of organizations say their customers won't buy from them if they are not clear about data policy practices.📖 Read
via "Dark Reading".
Dark Reading
Privacy Teams Helped Navigate the Pivot to Work-from-Home
Annual Cisco privacy study also reports that 90% of organizations say their customers won't buy from them if they are not clear about data policy practices.
‼ CVE-2020-27299 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27295 ‼
📖 Read
via "National Vulnerability Database".
The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27274 ‼
📖 Read
via "National Vulnerability Database".
Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27297 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13582 ‼
📖 Read
via "National Vulnerability Database".
A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22159 ‼
📖 Read
via "National Vulnerability Database".
Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3308 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23272 ‼
📖 Read
via "National Vulnerability Database".
The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below.📖 Read
via "National Vulnerability Database".
❌ DanaBot Malware Roars Back into Relevancy ❌
📖 Read
via "Threat Post".
Sophisticated and dangerous, DanaBot has resurfaced after laying dormant for seven months.📖 Read
via "Threat Post".
Threat Post
DanaBot Malware Roars Back into Relevancy
Sophisticated and dangerous, DanaBot has resurfaced after laying dormant for seven months.
❌ Nvidia Squashes High-Severity Jetson DoS Flaw ❌
📖 Read
via "Threat Post".
If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products.📖 Read
via "Threat Post".
Threat Post
Nvidia Squashes High-Severity Jetson DoS Flaw
If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products like drones.