----Vulners.com High Sev. Last 3 Days----
CVSS: 6.8 Security update for chromium (important)
CVSS: 7.5 Security update for libqt4 (moderate)
CVSS: 6.8 Ubuntu 16.04 LTS : Gnuplot vulnerabilities (USN-4541-1)
CVSS: 7.1 Ubuntu 16.04 LTS : libquicktime vulnerabilities (USN-4545-1)
CVSS: 6.8 Ubuntu 20.04 LTS : Sanitize vulnerability (USN-4543-1)
CVSS: 6.8 Security update for chromium (important)
CVSS: 9.3 Security update for samba (important)
CVSS: 6.8 Security update for jasper (moderate)
CVSS: 7.5 Ubuntu 18.04 LTS : atftpd vulnerabilities (USN-4540-1)
CVSS: 7.2 Cisco IOS XR Software Authenticated User Privilege Escalation (cisco-sa-iosxr-LJtNFjeN)
CVSS: 6.8 Microsoft Edge (Chromium) < 85.0.564.44 RCE
CVSS: 6.8 Sanitize vulnerability
CVSS: 7.1 libquicktime vulnerabilities
CVSS: 6.8 Gnuplot vulnerabilities
CVSS: 9.3 openSUSE Security Update : samba (openSUSE-2020-1513)
CVSS: 9.0 Citrix SD-WAN WANOP Multiple Vulnerabilities (CTX281474)
CVSS: 8.5 Xen PCI Passthrough Code Reading Back Hardware Registers DoS (XSA-337)
CVSS: 9.0 Citrix ADC and Citrix NetScaler Gateway Multiple Vulnerabilities (CTX281474)
CVSS: 7.5 Debian DSA-4766-1 : rails - security update
CVSS: 7.1 Node.js multiple vulnerabilities (September 2020 Security Releases).
CVSS: 7.5 Feds Hit with Successful Cyberattack, Data Stolen
CVSS: 7.5 Security update for roundcubemail (moderate)
CVSS: 6.8 Security update for jasper (moderate)
CVSS: 9.3 Security update for samba (important)
CVSS: 7.5 CVE-2020-13508
CVSS: 7.5 CVE-2020-13500
CVSS: 7.5 CVE-2020-13507
CVSS: 7.5 CVE-2020-13503
CVSS: 7.5 CVE-2020-13505
CVSS: 7.5 CVE-2020-13499
CVSS: 7.5 CVE-2020-13501
CVSS: 7.2 (RHSA-2020:3836) Important: kernel security update
CVSS: 6.8 Major Instagram App Bug Could've Given Hackers Remote Access to Your Phone
CVSS: 9.3 Fedora 32 : 2:samba (2020-0be2776ed3)
CVSS: 7.8 olcne nginx security update
CVSS: 7.8 Linux kernel vulnerabilities
CVSS: 10.0 3S CoDeSys (Update A)
CVSS: 6.5 Ubuntu 18.04 LTS : SPIP vulnerabilities (USN-4536-1)
CVSS: 9.3 HP iLO 3 < 1.93 / HP iLO 4 < 2.75 / HP iLO 5 < 2.18 Ripple20 Multiple vulnerabilities
CVSS: 7.2 RHEL 6 : kernel (RHSA-2020:3836)
CVSS: 6.8 VMware Fusion 11.x Privilege Escalation (VMSA-2020-0020)
CVSS: 7.5 atftpd vulnerabilities
CVSS: 6.5 SPIP vulnerabilities
----NVD Last 3 Days----
CVE#: CVE-2015-4719 Published Date: 2020-09-24 CVSS: NO CVSS Description: The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
CVE#: CVE-2016-11086 Published Date: 2020-09-24 CVSS: NO CVSS Description: lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.
CVE#: CVE-2017-17477 Published Date: 2020-09-25 CVSS: NO CVSS Description: Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.
CVE#: CVE-2018-10432 Published Date: 2020-09-25 CVSS: NO CVSS Description: Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).
CVE#: CVE-2018-10585 Published Date: 2020-09-25 CVSS: NO CVSS Description: Pexip Infinity before 18 allows remote Denial of Service (XML parsing).
CVE#: CVE-2018-6447 Published Date: 2020-09-25 CVSS: NO CVSS Description: A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.
CVE#: CVE-2018-6448 Published Date: 2020-09-25 CVSS: NO CVSS Description: A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.
CVE#: CVE-2018-6449 Published Date: 2020-09-25 CVSS: NO CVSS Description: Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers
CVE#: CVE-2019-11556 Published Date: 2020-09-25 CVSS: NO CVSS Description: Pagure before 5.6 allows XSS via the templates/blame.html blame view.
CVE#: CVE-2019-16211 Published Date: 2020-09-25 CVSS: NO CVSS Description: Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.
CVE#: CVE-2019-16212 Published Date: 2020-09-25 CVSS: NO CVSS Description: A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process.
CVE#: CVE-2019-7177 Published Date: 2020-09-25 CVSS: NO CVSS Description: Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin.
CVE#: CVE-2019-7178 Published Date: 2020-09-25 CVSS: NO CVSS Description: Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.
CVE#: CVE-2020-11805 Published Date: 2020-09-25 CVSS: NO CVSS Description: Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.
CVE#: CVE-2020-12280 Published Date: 2020-09-24 CVSS: NO CVSS Description: iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php.
CVE#: CVE-2020-12281 Published Date: 2020-09-24 CVSS: NO CVSS Description: iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php.
CVE#: CVE-2020-12282 Published Date: 2020-09-24 CVSS: NO CVSS Description: iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)
CVE#: CVE-2020-12811 Published Date: 2020-09-24 CVSS: NO CVSS Description: An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field.
CVE#: CVE-2020-12815 Published Date: 2020-09-24 CVSS: NO CVSS Description: An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.
CVE#: CVE-2020-12816 Published Date: 2020-09-24 CVSS: NO CVSS Description: An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users.
CVE#: CVE-2020-12817 Published Date: 2020-09-24 CVSS: NO CVSS Description: An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.
CVE#: CVE-2020-12818 Published Date: 2020-09-24 CVSS: NO CVSS Description: An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.
CVE#: CVE-2020-12824 Published Date: 2020-09-25 CVSS: NO CVSS Description: Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.
CVE#: CVE-2020-12837 Published Date: 2020-09-24 CVSS: NO CVSS Description: ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used.
CVE#: CVE-2020-12838 Published Date: 2020-09-24 CVSS: NO CVSS Description: ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php.
CVE#: CVE-2020-12839 Published Date: 2020-09-24 CVSS: NO CVSS Description: ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php.
CVE#: CVE-2020-12840 Published Date: 2020-09-24 CVSS: NO CVSS Description: ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php
CVE#: CVE-2020-12841 Published Date: 2020-09-24 CVSS: NO CVSS Description: ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php
CVE#: CVE-2020-12842 Published Date: 2020-09-24 CVSS: NO CVSS Description: ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php.
CVE#: CVE-2020-12843 Published Date: 2020-09-24 CVSS: NO CVSS Description: ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.
CVE#: CVE-2020-13119 Published Date: 2020-09-24 CVSS: NO CVSS Description: ismartgate PRO 1.5.9 is vulnerable to clickjacking.
CVE#: CVE-2020-13387 Published Date: 2020-09-25 CVSS: NO CVSS Description: Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.
CVE#: CVE-2020-13499 Published Date: 2020-09-24 CVSS: 5.9 Description: An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.
CVE#: CVE-2020-13500 Published Date: 2020-09-24 CVSS: 5.9 Description: SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter ClassName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.
CVE#: CVE-2020-13501 Published Date: 2020-09-24 CVSS: 5.9 Description: An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstanceName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.
CVE#: CVE-2020-13502 Published Date: 2020-09-24 CVSS: NO CVSS Description: An exploitable SQL injection vulnerability exists in the DNAPoints.asmx web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. A specially crafted SOAP web request can cause an SQL injection resulting in data compromise. An attacker can send an unauthenticated HTTP request to trigger this vulnerability.
CVE#: CVE-2020-13503 Published Date: 2020-09-24 CVSS: NO CVSS Description: Parameter AttFilterName in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.
CVE#: CVE-2020-13504 Published Date: 2020-09-24 CVSS: NO CVSS Description: Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.
CVE#: CVE-2020-13505 Published Date: 2020-09-24 CVSS: NO CVSS Description: Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.
CVE#: CVE-2020-13507 Published Date: 2020-09-24 CVSS: NO CVSS Description: An SQL injection vulnerability exists in the Alias.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Parameter OrigID in Alias.asmx is vulnerable to unauthenticated SQL injection attacks An attacker can send unauthenticated HTTP requests to trigger this vulnerability.
CVE#: CVE-2020-13508 Published Date: 2020-09-24 CVSS: NO CVSS Description: An SQL injection vulnerability exists in the Alias.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Parameter AliasName in Alias.asmx is vulnerable to unauthenticated SQL injection attacks. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.
CVE#: CVE-2020-13521 Published Date: 2020-09-24 CVSS: NO CVSS Description: Parameter psAttribute in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks.Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.
CVE#: CVE-2020-13991 Published Date: 2020-09-24 CVSS: NO CVSS Description: vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register.
CVE#: CVE-2020-13995 Published Date: 2020-09-25 CVSS: NO CVSS Description: U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DES_info or image_info. By controlling that pointer, one achieves an arbitrary write when its fields are assigned. The data written is from a potentially untrusted NITF file in the form of an integer. The attacker can gain control of the instruction pointer.
CVE#: CVE-2020-14495 Published Date: 2020-09-25 CVSS: NO CVSS Description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE#: CVE-2020-15160 Published Date: 2020-09-24 CVSS: NO CVSS Description: PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8
CVE#: CVE-2020-15161 Published Date: 2020-09-24 CVSS: NO CVSS Description: In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8
CVE#: CVE-2020-15162 Published Date: 2020-09-24 CVSS: NO CVSS Description: In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.
CVE#: CVE-2020-15190 Published Date: 2020-09-25 CVSS: NO CVSS Description: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CVE#: CVE-2020-15191 Published Date: 2020-09-25 CVSS: NO CVSS Description: In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.
CVE#: CVE-2020-15192 Published Date: 2020-09-25 CVSS: NO CVSS Description: In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `status` argument during validation failures is not properly checked. Since each of the above methods can return an error status, the `status` value must be checked before continuing. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.
CVE#: CVE-2020-15193 Published Date: 2020-09-25 CVSS: NO CVSS Description: In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a `reinterpret_cast` Since the `PyObject` is a Python object, not a TensorFlow Tensor, the cast to `EagerTensor` fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.
CVE#: CVE-2020-15194 Published Date: 2020-09-25 CVSS: NO CVSS Description: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
CVE#: CVE-2020-15195 Published Date: 2020-09-25 CVSS: NO CVSS Description: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CVE#: CVE-2020-15196 Published Date: 2020-09-25 CVSS: NO CVSS Description: In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.
CVE#: CVE-2020-15197 Published Date: 2020-09-25 CVSS: NO CVSS Description: In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has rank 2. This tensor must be a matrix because code assumes its elements are accessed as elements of a matrix. However, malicious users can pass in tensors of different rank, resulting in a `CHECK` assertion failure and a crash. This can be used to cause denial of service in serving installations, if users are allowed to control the components of the input sparse tensor. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.
CVE#: CVE-2020-15198 Published Date: 2020-09-25 CVSS: NO CVSS Description: In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as the `values` one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.
CVE#: CVE-2020-15199 Published Date: 2020-09-25 CVSS: NO CVSS Description: In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since `BatchedMap` is equivalent to a vector, it needs to have at least one element to not be `nullptr`. If user passes a `splits` tensor that is empty or has exactly one element, we get a `SIGABRT` signal raised by the operating system. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.
CVE#: CVE-2020-15200 Published Date: 2020-09-25 CVSS: NO CVSS Description: In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A `BatchedMap` is equivalent to a vector where each element is a hashmap. However, if the first element of `splits_values` is not 0, `batch_idx` will never be 1, hence there will be no hashmap at index 0 in `per_batch_counts`. Trying to access that in the user code results in a segmentation fault. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.
CVE#: CVE-2020-15201 Published Date: 2020-09-25 CVSS: NO CVSS Description: In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Hence, the code is prone to heap buffer overflow. If `split_values` does not end with a value at least `num_values` then the `while` loop condition will trigger a read outside of the bounds of `split_values` once `batch_idx` grows too large. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.
CVE#: CVE-2020-15202 Published Date: 2020-09-25 CVSS: NO CVSS Description: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CVE#: CVE-2020-15203 Published Date: 2020-09-25 CVSS: NO CVSS Description: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CVE#: CVE-2020-15204 Published Date: 2020-09-25 CVSS: NO CVSS Description: In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CVE#: CVE-2020-15205 Published Date: 2020-09-25 CVSS: NO CVSS Description: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CVE#: CVE-2020-15206 Published Date: 2020-09-25 CVSS: NO CVSS Description: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using `tensorflow-serving` or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0 and 2.3.0 but not yet backported to earlier versions). However, this was not enough, as #41097 reports a different failure mode. The issue is patched in commit adf095206f25471e864a8e63a0f1caef53a0e3a6, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CVE#: CVE-2020-15207 Published Date: 2020-09-25 CVSS: NO CVSS Description: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the `DCHECK` does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CVE#: CVE-2020-15208 Published Date: 2020-09-25 CVSS: NO CVSS Description: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CVE#: CVE-2020-15209 Published Date: 2020-09-25 CVSS: NO CVSS Description: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CVE#: CVE-2020-15210 Published Date: 2020-09-25 CVSS: NO CVSS Description: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CVE#: CVE-2020-15211 Published Date: 2020-09-25 CVSS: NO CVSS Description: In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.
CVE#: CVE-2020-15212 Published Date: 2020-09-25 CVSS: NO CVSS Description: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `output_data` buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are all positive, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.
CVE#: CVE-2020-15213 Published Date: 2020-09-25 CVSS: NO CVSS Description: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor, attackers can use a very large value to trigger a large allocation. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.
CVE#: CVE-2020-15214 Published Date: 2020-09-25 CVSS: NO CVSS Description: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimensionality of output tensor. This results in allocating insufficient memory for the output tensor and in a write outside the bounds of the output array. This usually results in a segmentation fault, but depending on runtime conditions it can provide for a write gadget to be used in future memory corruption-based exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are sorted, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.
CVE#: CVE-2020-15222 Published Date: 2020-09-24 CVSS: NO CVSS Description: In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. When using client authentication method "private_key_jwt", OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties". Hydra does not seem to check the uniqueness of this `jti` value. This problem is fixed in version 0.31.0.
CVE#: CVE-2020-15223 Published Date: 2020-09-24 CVSS: NO CVSS Description: In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0
CVE#: CVE-2020-15369 Published Date: 2020-09-25 CVSS: NO CVSS Description: Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.
CVE#: CVE-2020-15370 Published Date: 2020-09-25 CVSS: NO CVSS Description: Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.
CVE#: CVE-2020-15371 Published Date: 2020-09-25 CVSS: NO CVSS Description: Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.
CVE#: CVE-2020-15372 Published Date: 2020-09-25 CVSS: NO CVSS Description: A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.
CVE#: CVE-2020-15373 Published Date: 2020-09-25 CVSS: NO CVSS Description: Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.
CVE#: CVE-2020-15374 Published Date: 2020-09-25 CVSS: NO CVSS Description: Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.
CVE#: CVE-2020-15394 Published Date: 2020-09-25 CVSS: NO CVSS Description: The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.
CVE#: CVE-2020-15521 Published Date: 2020-09-25 CVSS: NO CVSS Description: Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .
CVE#: CVE-2020-15604 Published Date: 2020-09-24 CVSS: NO CVSS Description: An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified.
CVE#: CVE-2020-15840 Published Date: 2020-09-24 CVSS: NO CVSS Description: In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.
CVE#: CVE-2020-15843 Published Date: 2020-09-24 CVSS: NO CVSS Description: ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\. The folder permissions allow "Full Control" to "Everyone". An authenticated local attacker can exploit this to replace the TSClientB.exe binary in the Terminal directory, which is executed on logon for every user. Alternatively, the attacker can replace any of the binaries in the Client or Install directories. The latter requires additional user interaction, for example starting the client.
CVE#: CVE-2020-15850 Published Date: 2020-09-24 CVSS: NO CVSS Description: Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.
CVE#: CVE-2020-15851 Published Date: 2020-09-24 CVSS: NO CVSS Description: Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories.
CVE#: CVE-2020-15930 Published Date: 2020-09-24 CVSS: NO CVSS Description: An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.
CVE#: CVE-2020-16147 Published Date: 2020-09-24 CVSS: NO CVSS Description: The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network.
CVE#: CVE-2020-16148 Published Date: 2020-09-24 CVSS: NO CVSS Description: The ping page of the administration panel in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via authenticated code injection over the network.
CVE#: CVE-2020-16242 Published Date: 2020-09-25 CVSS: NO CVSS Description: The affected product is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.
CVE#: CVE-2020-17365 Published Date: 2020-09-24 CVSS: NO CVSS Description: Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
CVE#: CVE-2020-19447 Published Date: 2020-09-24 CVSS: NO CVSS Description: SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter.
CVE#: CVE-2020-19450 Published Date: 2020-09-25 CVSS: NO CVSS Description: SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter.
CVE#: CVE-2020-19451 Published Date: 2020-09-25 CVSS: NO CVSS Description: SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter.
CVE#: CVE-2020-19455 Published Date: 2020-09-25 CVSS: NO CVSS Description: SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter.
CVE#: CVE-2020-22453 Published Date: 2020-09-24 CVSS: NO CVSS Description: Untis WebUntis before 2020.9.6 allows XSS in multiple functions that store information.
CVE#: CVE-2020-23837 Published Date: 2020-09-25 CVSS: NO CVSS Description: A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL.
CVE#: CVE-2020-24365 Published Date: 2020-09-24 CVSS: NO CVSS Description: An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.)
CVE#: CVE-2020-24560 Published Date: 2020-09-24 CVSS: NO CVSS Description: An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server.
CVE#: CVE-2020-24592 Published Date: 2020-09-25 CVSS: NO CVSS Description: Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization.
CVE#: CVE-2020-24593 Published Date: 2020-09-25 CVSS: NO CVSS Description: Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation.
CVE#: CVE-2020-24594 Published Date: 2020-09-25 CVSS: NO CVSS Description: Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.
CVE#: CVE-2020-24595 Published Date: 2020-09-25 CVSS: NO CVSS Description: Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control.
CVE#: CVE-2020-24615 Published Date: 2020-09-25 CVSS: NO CVSS Description: Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.
CVE#: CVE-2020-24621 Published Date: 2020-09-25 CVSS: NO CVSS Description: A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed.
CVE#: CVE-2020-24692 Published Date: 2020-09-25 CVSS: NO CVSS Description: The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.
CVE#: CVE-2020-24718 Published Date: 2020-09-25 CVSS: NO CVSS Description: bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.
CVE#: CVE-2020-25084 Published Date: 2020-09-25 CVSS: NO CVSS Description: QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.
CVE#: CVE-2020-25085 Published Date: 2020-09-25 CVSS: NO CVSS Description: QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.
CVE#: CVE-2020-25130 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL Injection sanitization. Authenticated users are able to inject malicious SQL queries. This vulnerability leads to full database leak including ckeys that can be used in the authentication process without knowing the username and cleartext password. This can occur via the ajax/actions.php group_id field.
CVE#: CVE-2020-25131 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the role_name or role_descr parameter to the roles/ URI.
CVE#: CVE-2020-25132 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass of core SQL Injection sanitization. Users are able to inject malicious statements in multiple functions. This vulnerability leads to full authentication bypass: any unauthorized user with access to the application is able to exploit this vulnerability. This can occur via the Cookie header to the default URI, within includes/authenticate.inc.php.
CVE#: CVE-2020-25133 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /ports/?format=../ URIs to pages/ports.inc.php.
CVE#: CVE-2020-25134 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php.
CVE#: CVE-2020-25135 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the graphs/ URI.
CVE#: CVE-2020-25136 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=routing&proto=../ URIs to device/routing.inc.php.
CVE#: CVE-2020-25137 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI.
CVE#: CVE-2020-25138 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php.
CVE#: CVE-2020-25139 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_rule, because of syslog_rules.inc.php.
CVE#: CVE-2020-25140 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php.
CVE#: CVE-2020-25141 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI.
CVE#: CVE-2020-25142 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI.
CVE#: CVE-2020-25143 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=netscalervsvr&device_id[]= because of /ajax/device_entities.php.
CVE#: CVE-2020-25144 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /apps/?app=../ URIs.
CVE#: CVE-2020-25145 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=ports&view=../ URIs because of device/port.inc.php.
CVE#: CVE-2020-25146 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for edit_syslog_rule.
CVE#: CVE-2020-25147 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because of includes/authenticate.inc.php.
CVE#: CVE-2020-25148 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php.
CVE#: CVE-2020-25149 Published Date: 2020-09-25 CVSS: NO CVSS Description: An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php.
CVE#: CVE-2020-25203 Published Date: 2020-09-25 CVSS: NO CVSS Description: The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any website/web content into the application's context, which is shown as a full-screen overlay to the user.
CVE#: CVE-2020-25223 Published Date: 2020-09-25 CVSS: NO CVSS Description: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
CVE#: CVE-2020-25625 Published Date: 2020-09-25 CVSS: NO CVSS Description: hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.
CVE#: CVE-2020-25726 Published Date: 2020-09-25 CVSS: NO CVSS Description: A Directory Traversal issue was discovered on Hak5 WiFi Pineapple Mark VII 1.x before 1.0.1-beta.2020091914551 devices. An unauthenticated user can connect to the wireless management network, including the open wireless network, and access all files and subdirectories under /pineapple/ui, regardless of file permissions.
CVE#: CVE-2020-25747 Published Date: 2020-09-25 CVSS: NO CVSS Description: The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings.
CVE#: CVE-2020-25748 Published Date: 2020-09-25 CVSS: NO CVSS Description: A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values.
CVE#: CVE-2020-25749 Published Date: 2020-09-25 CVSS: NO CVSS Description: The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.
CVE#: CVE-2020-26088 Published Date: 2020-09-24 CVSS: NO CVSS Description: A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
CVE#: CVE-2020-26098 Published Date: 2020-09-25 CVSS: NO CVSS Description: cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).
CVE#: CVE-2020-26099 Published Date: 2020-09-25 CVSS: NO CVSS Description: cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491).
CVE#: CVE-2020-26100 Published Date: 2020-09-25 CVSS: NO CVSS Description: chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).
CVE#: CVE-2020-26101 Published Date: 2020-09-25 CVSS: NO CVSS Description: In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).
CVE#: CVE-2020-26102 Published Date: 2020-09-25 CVSS: NO CVSS Description: In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).
CVE#: CVE-2020-26103 Published Date: 2020-09-25 CVSS: NO CVSS Description: In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551).
CVE#: CVE-2020-26104 Published Date: 2020-09-25 CVSS: NO CVSS Description: In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).
CVE#: CVE-2020-26105 Published Date: 2020-09-25 CVSS: NO CVSS Description: In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).
CVE#: CVE-2020-26106 Published Date: 2020-09-25 CVSS: NO CVSS Description: cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558).
CVE#: CVE-2020-26107 Published Date: 2020-09-25 CVSS: NO CVSS Description: cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561).
CVE#: CVE-2020-26108 Published Date: 2020-09-25 CVSS: NO CVSS Description: cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).
CVE#: CVE-2020-26109 Published Date: 2020-09-25 CVSS: NO CVSS Description: cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557).
CVE#: CVE-2020-26110 Published Date: 2020-09-25 CVSS: NO CVSS Description: cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564).
CVE#: CVE-2020-26111 Published Date: 2020-09-25 CVSS: NO CVSS Description: cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).
CVE#: CVE-2020-26112 Published Date: 2020-09-25 CVSS: NO CVSS Description: The email quota cache in cPanel before 90.0.10 allows overwriting of files.
CVE#: CVE-2020-26113 Published Date: 2020-09-25 CVSS: NO CVSS Description: cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569).
CVE#: CVE-2020-26114 Published Date: 2020-09-25 CVSS: 2.7 Description: cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).
CVE#: CVE-2020-26115 Published Date: 2020-09-25 CVSS: 2.7 Description: cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).
CVE#: CVE-2020-3141 Published Date: 2020-09-24 CVSS: NO CVSS Description: Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE#: CVE-2020-3359 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device. A successful exploit could cause a device to reload, resulting in a DoS condition.
CVE#: CVE-2020-3390 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of the Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation of the information used to generate an SNMP trap in relation to a wireless client connection. An attacker could exploit this vulnerability by sending an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection. A successful exploit could allow the attacker to cause the device to reload, causing a DoS condition.
CVE#: CVE-2020-3393 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the underlying Linux operating system. These commands could be run as the root user. The vulnerability is due to a combination of two factors: (a) incomplete input validation of the user payload of CLI commands, and (b) improper role-based access control (RBAC) when commands are issued at the command line within the application-hosting subsystem. An attacker could exploit this vulnerability by using a CLI command with crafted user input. A successful exploit could allow the lower-privileged attacker to execute arbitrary CLI commands with root privileges. The attacker would need valid user credentials to exploit this vulnerability.
CVE#: CVE-2020-3396 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.
CVE#: CVE-2020-3399 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient input validation during CAPWAP packet processing. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device, resulting in a buffer over-read. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.
CVE#: CVE-2020-3400 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web UI. A successful exploit could allow the attacker to utilize parts of the web UI for which they are not authorized. This could allow a Read-Only user to perform actions of an Admin user.
CVE#: CVE-2020-3403 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the device. The vulnerability is due to insufficient protection of values passed to a script that executes during device startup. An attacker could exploit this vulnerability by writing values to a specific file. A successful exploit could allow the attacker to execute commands with root privileges each time the affected device is restarted.
CVE#: CVE-2020-3404 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the persistent Telnet/SSH CLI on an affected device and requesting shell access. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS with root privileges.
CVE#: CVE-2020-3407 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.
CVE#: CVE-2020-3408 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes the DNS name list configuration. An attacker could exploit this vulnerability by trying to resolve an address or hostname that the affected device handles. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
CVE#: CVE-2020-3409 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted PROFINET packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted PROFINET packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to crash and reload, resulting in a DoS condition on the device.
CVE#: CVE-2020-3414 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the packet processing of Cisco IOS XE Software for Cisco 4461 Integrated Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IPv4 or IPv6 traffic to or through an affected device. An attacker could exploit this vulnerability by sending IP traffic to or through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
CVE#: CVE-2020-3416 Published Date: 2020-09-24 CVSS: NO CVSS Description: Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.
CVE#: CVE-2020-3417 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the attacker to execute persistent code on the underlying OS. To exploit this vulnerability, the attacker would need access to the root shell on the device or have physical access to the device.
CVE#: CVE-2020-3418 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being placed into RUN state. The vulnerability is due to an incomplete access control list (ACL) being applied prior to RUN state. An attacker could exploit this vulnerability by connecting to the associated service set identifier (SSID) and sending ICMPv6 traffic. A successful exploit could allow the attacker to send ICMPv6 traffic prior to RUN state.
CVE#: CVE-2020-3421 Published Date: 2020-09-24 CVSS: NO CVSS Description: Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory.
CVE#: CVE-2020-3422 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing port, resulting in a denial of service (DoS) condition. The vulnerability exists because the IP SLA responder could consume a port that could be used by another feature. An attacker could exploit this vulnerability by sending specific IP SLA control packets to the IP SLA responder on an affected device. The control packets must include the port number that could be used by another configured feature. A successful exploit could allow the attacker to cause an in-use port to be consumed by the IP SLA responder, impacting the feature that was using the port and resulting in a DoS condition.
CVE#: CVE-2020-3423 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. The vulnerability is due to insufficient restrictions on Lua function calls within the context of user-supplied Lua scripts. An attacker with valid administrative credentials could exploit this vulnerability by submitting a malicious Lua script. When this file is processed, an exploitable buffer overflow condition could occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux OS of the affected device.
CVE#: CVE-2020-3425 Published Date: 2020-09-24 CVSS: NO CVSS Description: Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE#: CVE-2020-3426 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition.
CVE#: CVE-2020-3428 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect parsing of HTTP packets while performing HTTP-based endpoint device classifications. An attacker could exploit this vulnerability by sending a crafted HTTP packet to an affected device. A successful exploit could cause an affected device to reboot, resulting in a DoS condition.
CVE#: CVE-2020-3429 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the WPA2 and WPA3 security implementation of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect packet processing during the WPA2 and WPA3 authentication handshake when configured for dot1x or pre-shared key (PSK) authentication key management (AKM) with 802.11r BSS Fast Transition (FT) enabled. An attacker could exploit this vulnerability by sending a crafted authentication packet to an affected device. A successful exploit could cause an affected device to reload, resulting in a DoS condition.
CVE#: CVE-2020-3465 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames onto the Ethernet segment. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.
CVE#: CVE-2020-3474 Published Date: 2020-09-24 CVSS: NO CVSS Description: Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
CVE#: CVE-2020-3475 Published Date: 2020-09-24 CVSS: NO CVSS Description: Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
CVE#: CVE-2020-3476 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system.
CVE#: CVE-2020-3477 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible.
CVE#: CVE-2020-3479 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of Border Gateway Protocol (BGP) update messages that contain crafted EVPN attributes. An attacker could exploit this vulnerability by sending BGP update messages with specific, malformed attributes to an affected device. A successful exploit could allow the attacker to cause an affected device to crash, resulting in a DoS condition.
CVE#: CVE-2020-3480 Published Date: 2020-09-24 CVSS: NO CVSS Description: Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory.
CVE#: CVE-2020-3486 Published Date: 2020-09-24 CVSS: NO CVSS Description: Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.
CVE#: CVE-2020-3487 Published Date: 2020-09-24 CVSS: NO CVSS Description: Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.
CVE#: CVE-2020-3488 Published Date: 2020-09-24 CVSS: NO CVSS Description: Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.
CVE#: CVE-2020-3489 Published Date: 2020-09-24 CVSS: NO CVSS Description: Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.
CVE#: CVE-2020-3492 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers and Cisco AireOS Software for Cisco Wireless LAN Controllers (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of certain parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by spoofing the address of an existing Access Point on the network and sending a Control and Provisioning of Wireless Access Points (CAPWAP) packet that includes a crafted Flexible NetFlow Version 9 record to an affected device. A successful exploit could allow the attacker to cause a process crash that would lead to a reload of the device.
CVE#: CVE-2020-3493 Published Date: 2020-09-24 CVSS: NO CVSS Description: Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.
CVE#: CVE-2020-3494 Published Date: 2020-09-24 CVSS: NO CVSS Description: Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.
CVE#: CVE-2020-3497 Published Date: 2020-09-24 CVSS: NO CVSS Description: Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.
CVE#: CVE-2020-3503 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators.
CVE#: CVE-2020-3508 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a malicious series of IP ARP messages to an affected device. A successful exploit could allow the attacker to exhaust system resources, which would eventually cause the affected device to reload.
CVE#: CVE-2020-3509 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when DHCP version 4 (DHCPv4) messages are parsed. An attacker could exploit this vulnerability by sending a malicious DHCPv4 message to or through a WAN interface of an affected device. A successful exploit could allow the attacker to cause a reload of the affected device. Note: On Cisco cBR-8 Converged Broadband Routers, all of the following are considered WAN interfaces: 10 Gbps Ethernet interfaces 100 Gbps Ethernet interfaces Port channel interfaces that include multiple 10 and/or 100 Gbps Ethernet interfaces
CVE#: CVE-2020-3510 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error handling when parsing DNS requests. An attacker could exploit this vulnerability by sending a series of malicious DNS requests to an Umbrella Connector client interface of an affected device. A successful exploit could allow the attacker to cause a crash of the iosd process, which triggers a reload of the affected device.
CVE#: CVE-2020-3511 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the ISDN Q.931 messages are processed. An attacker could exploit this vulnerability by sending a malicious ISDN Q.931 message to an affected device. A successful exploit could allow the attacker to cause the process to crash, resulting in a reload of the affected device.
CVE#: CVE-2020-3512 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of LLDP messages in the PROFINET LLDP message handler. An attacker could exploit this vulnerability by sending a malicious LLDP message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.
CVE#: CVE-2020-3513 Published Date: 2020-09-24 CVSS: NO CVSS Description: Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.
CVE#: CVE-2020-3516 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the web server authentication of Cisco IOS XE Software could allow an authenticated, remote attacker to crash the web server on the device. The vulnerability is due to insufficient input validation during authentication. An attacker could exploit this vulnerability by entering unexpected characters during a valid authentication. A successful exploit could allow the attacker to crash the web server on the device, which must be manually recovered by disabling and re-enabling the web server.
CVE#: CVE-2020-3524 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to break the chain of trust and load a compromised software image on an affected device. The vulnerability is due to the presence of a debugging configuration option in the affected software. An attacker could exploit this vulnerability by connecting to an affected device through the console, forcing the device into ROMMON mode, and writing a malicious pattern using that specific option on the device. A successful exploit could allow the attacker to break the chain of trust and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.
CVE#: CVE-2020-3526 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the Common Open Policy Service (COPS) engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a malformed COPS message to the device. A successful exploit could allow the attacker to crash the device.
CVE#: CVE-2020-3527 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames or frames larger than the configured MTU size to the management interface of this device. A successful exploit could allow the attacker to crash the device fully before an automatic recovery.
CVE#: CVE-2020-3552 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device.
CVE#: CVE-2020-3559 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.
CVE#: CVE-2020-3560 Published Date: 2020-09-24 CVSS: NO CVSS Description: A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention.
CVE#: CVE-2020-4531 Published Date: 2020-09-25 CVSS: NO CVSS Description: IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715.
CVE#: CVE-2020-4727 Published Date: 2020-09-25 CVSS: NO CVSS Description: IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
CVE#: CVE-2020-5929 Published Date: 2020-09-25 CVSS: NO CVSS Description: In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability.
CVE#: CVE-2020-5930 Published Date: 2020-09-25 CVSS: NO CVSS Description: In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed methods.
CVE#: CVE-2020-6020 Published Date: 2020-09-24 CVSS: NO CVSS Description: Check Point Security Management's Internal CA web management before Jumbo HFAs R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator.
CVE#: CVE-2020-6153 Published Date: 2020-09-24 CVSS: NO CVSS Description: An exploitable SQL injection vulnerability exists in the FavoritesService.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. A specially crafted SOAP web request can cause an SQL injection resulting in data compromise. An attacker can send an unauthenticated HTTP request to trigger this vulnerability.
CVE#: CVE-2020-7735 Published Date: 2020-09-25 CVSS: 5.9 Description: The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.
CVE#: CVE-2020-8325 Published Date: 2020-09-24 CVSS: NO CVSS Description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE#: CVE-2020-8328 Published Date: 2020-09-24 CVSS: NO CVSS Description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE#: CVE-2020-8333 Published Date: 2020-09-24 CVSS: NO CVSS Description: A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution
CVE#: CVE-2020-8343 Published Date: 2020-09-24 CVSS: NO CVSS Description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE#: CVE-2020-8344 Published Date: 2020-09-24 CVSS: NO CVSS Description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE#: CVE-2020-8347 Published Date: 2020-09-24 CVSS: NO CVSS Description: A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing.
CVE#: CVE-2020-8348 Published Date: 2020-09-24 CVSS: NO CVSS Description: A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing.
Video Feed 
Blast from the past! Windows XP source code allegedly leaked online
Ring's Flying In-Home Camera Drone Escalates Privacy Worries
Texas Software Provider Reports Cyber-attack
Meet the researcher who wants employers to write better infosec help wanted ads
International Society of Automation - ISA Official – Medium
Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging - Schneier on Security
Office365 Advanced Threat Protection
Defend Your Web Apps from Cross-Site Scripting (XSS)
Court rules NSA phone snooping illegal — after 7-year delay
COVID-19 Cyber Attacks - WebARX Security
This hacked coffee maker demands ransom, highlights IoT vulnerability
Firefox to remove support for the FTP protocol | ZDNet
Google exploring using location info to slow coronavirus spread
TalosSecurity: @k4otix @Cisco Welcome to the team @k4otix !
abuse_ch: Sharing is caring ❤️🇨🇭 https://t.co/5ZeOymuryQ
makflwana: #malware #opendir #lokibot #azorult hxxp://adtechsolutions.in/bin/
ransomleaks: @NatSecGeek I'm still learning to read
inj3ct0r: #0daytoday #Framer Preview 12 Content Injection #Vulnerability https://t.co/6jBl7EOCrj
malwrhunterteam: Interesting targeting/theme, but not that quality work... 🤔 https://t.co/QkYFnXsKJo
malware_traffic: Like this one https://t.co/b3aWQt1h4u
James_inthe_box: @KorbenD_Intel @pastebin @pmelson Oh dear...🤦
pmelson: @malcomvetter Hex bar DLs are way more thigh-friendly.
demonslay335: Sample: https://t.co/vHtCXo1UPD
hackerfantastic: 🤦♂️ https://t.co/4CNgD96wCR
VK_Intel: @Marco_Ramilli Thank you, Marco, for the kind words!
DrunkBinary: https://t.co/2ICm4YxhV5 https://t.co/RdJJDaCtHY
KorbenD_Intel: @James_inthe_box @pastebin @pmelson 😭
ItsReallyNick: 🗳✅ https://t.co/yvc8tScXS2
58_158_177_102: 曇り https://t.co/tRxV7w7lVg
aboutsecurity: @SANSInstitute @ErikVaBu Congrats Erik!!
DissectMalware: @reecdeep Fantastic! Thanks for sharing. Seems it is fixed. https://t.co/t3kcgUYCVp
Hexacorn: one more pic.... https://t.co/Ghr49QC3Am
nullcookies: @Viking_Sec Demons
SBousseaden: @Tarek_Radah https://t.co/yaiMNWA199
lazyactivist192: @MalwareJake Ah like Saturday cartoons! This'll go swell!
FewAtoms: @James_inthe_box thanks
luc4m: And .... 😅😅🤣 https://t.co/3v8Amo81GG https://t.co/aV6j9jvHdB
3xp0rtblog: The mentioned function is adding clipper to startup tasks.
abhimirzapur: What is despising ? It's size 421 mb but folder at no any file . Is my system hack ? #Hacked #hackingthevirus… https://t.co/TBepZDiJTA Link with Tweet
CBRN_Analyst: RT @DailyOsint: Domain IPs with malicious executables ➡️https://t.co/Lpb0FFjmhv #osint #domain #blacklist #malicious #malware #cybersec ht… Link with Tweet
RuthSilva: RT @threatpost: The #cyberattack featured a unique, multistage #malware and a likely PulseSecure VPN exploit. https://t.co/AAfk4F9izL Link with Tweet
HeliosCert: Sample submitted 2020-09-27 03:45:02 Dionaea Honeypot Protocol: smbd Sources: ::ffff:49.32.62.95 e3ffc8cc1a73e81… https://t.co/dF0ECXw298 Link with Tweet
CyberSecDN: Organizations facing nearly 1,200 #phishing attacks each month https://t.co/4BEDae2Pa8 via @Sec_Cyber Link with Tweet
JEMPradio: Phish - Everything's Right>thru>Carini (12-1-19) #CommunityRadio #Phish https://t.co/s9i3jkbCBt Link with Tweet
cephalopodluke2: RT @keepnetlabs: The Services That Were Used For Ransomware Infection? https://t.co/VCWVcNkRXB #Security #infosec #spearphishing #phishing… Link with Tweet
Mivax0: Trending tweet RT OSINTtechniques: #OSINT Resources from the OSINT Framework jnordine https://t.co/wtKzAJfUg5… https://t.co/GPPHag3JI1 Link with Tweet Link with Tweet
cyscol: RT @lautyb: [#OSINT] [#linkedIn] A guide to searching LinkedIn by email address https://t.co/jLlvJdLn7J Link with Tweet
Dataeternum: RT @secou: [OSINT] OSINT tools explained in detail, for investigative journalists, and EVERYONE else! (pdf, 52 p.) https://t.co/GJrOnJpcIi… Link with Tweet
RyansNotAHacker: If you're up, you can help #OSINT #missingpersons #OSINTforGood @TraceLabs @wondersmith_rae anybody local that can… https://t.co/DOZTdnwkc1 Link with Tweet
KirkDBorne: .@Rapid7 was named a @Gartner_inc Magic Quadrant Leader for Security Information & Event Management #SIEM. Get the… https://t.co/tiFWE2a2h9 Link with Tweet
0xthreatintel: INTL: "Android Trojan " IP: 3.234.101[.]92 Subnet: 3.224.0[.]0/12 Host: AS 14618 ( Amazon[.]com, Inc. ) US [ 🇺🇸]… https://t.co/g5B5UiVWdu Link with Tweet
cyberreport_io: Fermenting Yogurt With The Help Of Hardware https://t.co/2MdSuGIwJS #cybersecurity #threatintelligence #cybernews https://t.co/CUWBWRTmyC Link with Tweet
RedPacketSec: SharpSecDump - .Net Port Of The Remote SAM + LSA Secrets Dumping Functionality Of Impacket'S… https://t.co/bTIEyjcMxe Link with Tweet
cyberinform: Neutralizing #Ransomware: The medicine you need to better protect your business https://t.co/SnJFtnlqBH… https://t.co/n0Yyi7woeG Link with Tweet Link with Tweet
LogRhythm: In this webcast, Randy Franklin Smith from Ultimate Windows Security shares insights of recent high-profile attacks… https://t.co/3QR7O5hwEv Link with Tweet
slnged: Ransom. Appliances hacked! A possibility in IoT. #cybersecurity #IoT #ConnectedDevices #technology #Ransomware https://t.co/NKber4HiBh Link with Tweet
Gurgling_MrD: RT @keepnetlabs: The Services That Were Used For Ransomware Infection? https://t.co/VCWVcNkRXB #Security #infosec #spearphishing #phishing… Link with Tweet
MaltrakN: RT @keepnetlabs: The Services That Were Used For Ransomware Infection? https://t.co/VCWVcNkRXB #Security #infosec #spearphishing #phishing… Link with Tweet
3XS0: #opendir #formbook hxxp://serv.webpaybox[.]com/~pahkeysc/ https://t.co/8v5t0bREfz https://t.co/xadXikyLwp Link with Tweet
ecarlesi: Possible threat on hxxp://decsoftutils[.]com #opendir
Marco_Ramilli: Nice #phishingkit with #opendir 🔗: fb-copyright-reviews100051374 .com 🖊: help/step1.txt 👹: ahmedhetta9@ gmail .co… https://t.co/A7kbTtsna2 Link with Tweet
Orelpery: RT @James_inthe_box: Fresh #bazaloader via sendgrid #malspam: https://t.co/wrZKAFFp5u Subject: Re: <firstname>, our meeting Link with Tweet
Malwaredev: RT @James_inthe_box: Fresh #bazaloader via sendgrid #malspam: https://t.co/wrZKAFFp5u Subject: Re: <firstname>, our meeting Link with Tweet
panda_zheng: RT @MBThreatIntel: #Emotet spam run for 2020-09-25. IOCs: https://t.co/zjhPcV48hz https://t.co/uhWAsXs7QM Link with Tweet
Irsan34681813: hello everyone, I want to offer a unique and cute twitch emotes and badges and You can get 2 emotes for $5 Check my… https://t.co/S3Sz8Ihlko Link with Tweet
peric0: Look at the Analysis of "Arc-20200925-U76889.doc" with malicious activity. https://t.co/rPgiuyL1jU #macros… https://t.co/hsyjnwx4WH Link with Tweet Link with Tweet
AcooEdi: RT @AcooEdi: Threat Roundup for September 18 to September 25 https://t.co/0sgDAvOkSa #Bifrost #CiscoTalos #Dridex #Emotet #Malware via @Tal… Link with Tweet
shadyproject: RT @0xf0x_: Video #8 of my #Malware Analysis course is now online: https://t.co/Ny6O7Wg5J0 This video includes some useful tips & techniq… Link with Tweet
materaj: RT @0xf0x_: Video #8 of my #Malware Analysis course is now online: https://t.co/Ny6O7Wg5J0 This video includes some useful tips & techniq… Link with Tweet
zibudada: RT @0xf0x_: Video #8 of my #Malware Analysis course is now online: https://t.co/Ny6O7Wg5J0 This video includes some useful tips & techniq… Link with Tweet
Gamliel_InfoSec: A checklist for security testing of #Android & #iOS applications. #mobile #hacking #pentesting #bugbounty https://t.co/MTmHMYacxH Link with Tweet
Geva_7: RT @0xINT3: Good end to this week on @Bugcrowd! 🥳🥳 #bugbountytip: Highly recommend to check out https://t.co/seqdhDwz3Z if you haven't al… Link with Tweet
dhakal_ananda: Different moods according to the report states: Triaged: Satisfaction Rewarded: Happiness Informative: Disappoin… https://t.co/Nbzo5BLam8 Link with Tweet
BionicBeauty: RT @Hakin9: Sharingan is a recon multitool for offensive security and bug bounty https://t.co/uKB4oNZApD #infosec #hacking #hackers #Pent… Link with Tweet
LatentSolution1: Your #business should be protected from all the possible Cyber Threats. To know more: Call: +971 - 5 2975 4547 Ema… https://t.co/ReCDC4TOMs Link with Tweet
oscargcervella: RT @C3Darmour: 4 HACKERS ARRESTED IN POLAND IN NATION-WIDE ACTION AGAINST CYBERCRIME https://t.co/gCmji5Lrqs #CYBERCRIME Link with Tweet
NationalCsirtCy: #Cybercrime is growing at an “alarming pace” as a result of the ongoing #COVID19 crisis and is expected to accelera… https://t.co/p30qfw1i8q Link with Tweet
gdorn1: RT @EvanKirstel: 🚗 🚊 ✈️ The cybersecurity challenges with connected vehicles https://t.co/8bG7BM1Ymv #Security #Cybersecurity #Hackers #D… Link with Tweet
CommunityIT: Learn about common #cyberthreats and the best techniques for dealing with them. Learn how to balance convenience an… https://t.co/FUpd0fFTJ3 Link with Tweet
smesecurity: #Cybercrime Outsourcing your digital protection, here is what to look for. #smallbusiness https://t.co/2Cq7TftwIL Link with Tweet
threatshub: ThreatsHub Cybersecurity News | Pastebin adds 'Burn After Read' and 'Password Protected Pastes' to the dismay of th… https://t.co/LzM9HPyfg7 Link with Tweet
cyber_spanish: RT @Norton: School districts from CA to NJ that have been victimized in a rash of #ransomware attacks. Student devices can introduce #malwa…
66Iot: RT @WindowOnTech: MT @fisher85m Copy: @MikeQuindazzi @antgrasso What's the Anatomy of a #botnet #attack? #cybercrime #cyberrisk #Hackers…
SecurityXTV: RT @WindowOnTech: MT @fisher85m Copy: @MikeQuindazzi @antgrasso What's the Anatomy of a #botnet #attack? #cybercrime #cyberrisk #Hackers…
turnerburns: RT @livemusicblog: .@Phish will show the Polaris '99 show from Columbus, OH for their next #DinnerAndAMovie livestream this coming Wednesda…
Tere3452: RT @osintcombine: Excited to release a FREE new Reddit tool to allow for rapid review of posts. View content, sentiment & users in a tabula…
Fabriciosx: RT @KirkDBorne: .@Rapid7 was named a @Gartner_inc Magic Quadrant Leader for Security Information & Event Management #SIEM. Get the report F…
ineelbot: RT @KirkDBorne: .@Rapid7 was named a @Gartner_inc Magic Quadrant Leader for Security Information & Event Management #SIEM. Get the report F…
botnowa: RT @KirkDBorne: .@Rapid7 was named a @Gartner_inc Magic Quadrant Leader for Security Information & Event Management #SIEM. Get the report F…
MrMikeRobertson: RT @bad_packets: Mass scanning activity detected from 185.64.105.27 (🇱🇹) checking for F5 BIG-IP servers vulnerable to remote code execution…
RDSWEB: RT @thisisgulshan: Iranian #hacker group developed #Android #malware to steal 2FA SMS codes #CyberSecurity #osint #infosec #cyberthreats…
techopcode: RT @thisisgulshan: Iranian #hacker group developed #Android #malware to steal 2FA SMS codes #CyberSecurity #osint #infosec #cyberthreats…
tinni_cfi: RT @bad_packets: Mass scanning activity detected from 185.64.105.27 (🇱🇹) checking for F5 BIG-IP servers vulnerable to remote code execution…
ro0ted: RT @bad_packets: Mass scanning activity detected from 185.64.105.27 (🇱🇹) checking for F5 BIG-IP servers vulnerable to remote code execution…
Wulf_9: RT @bad_packets: Mass scanning activity detected from 159.69.15.131 (🇩🇪) checking for Citrix (NetScaler) servers vulnerable to CVE-2019-197…
Greg42nato: RT @Cohesity: Legacy approaches to #backup aren't equipped to solve the needs of the modern organization, including meeting demanding SLAs…
fredrosewag: RT @Cohesity: Look closely. Your legacy data backup system is hiding something. It’s time for a modern backup and data management solution…
JasonJoder: RT @Cohesity: Look closely. Your legacy data backup system is hiding something. It’s time for a modern backup and data management solution…
LlnuxBot: RT @thisisgulshan: Top 6 Books On #CyberSecurity and #Ransomware for Pros. #BigData #Analytics #DataScience #AI #CISO #infosec #MachineLear…
javascript_bot_: RT @thisisgulshan: Top 6 Books On #CyberSecurity and #Ransomware for Pros. #BigData #Analytics #DataScience #AI #CISO #infosec #MachineLear…
stefan47162232: RT @FewAtoms: #malware #cybersecurity #opendir #infosec #threathunting hxxp://thdyprivatecloudshareandfileprotectgent.duckdns.org/receipt/…
CyberCh4r0n: RT @Marco_Ramilli: Nice #phishingkit with #opendir 🔗: fb-copyright-reviews100051374 .com 🖊: help/step1.txt 👹: ahmedhetta9@ gmail .com 👹:…
phishunt_io: RT @Marco_Ramilli: Nice #phishingkit with #opendir 🔗: fb-copyright-reviews100051374 .com 🖊: help/step1.txt 👹: ahmedhetta9@ gmail .com 👹:…
iamthefrogy: RT @InQuest: We have been busy collating #maldoc coercive lures. Do any look familiar? Does anyone have any additions to the gallery? ht…
Ali_Saif_Aldeen: RT @malware_traffic: 2020-09-24 (Wed) - FedEx-themed #malspam with links for #Dridex - Dridex installer is an EXE file with an .scr file ex…
slaughterjames: RT @malware_traffic: 2020-09-24 (Wed) - FedEx-themed #malspam with links for #Dridex - Dridex installer is an EXE file with an .scr file ex…
0xT11: RT @malware_traffic: 2020-09-24 (Wed) - FedEx-themed #malspam with links for #Dridex - Dridex installer is an EXE file with an .scr file ex…
adriananglin: RT @malware_traffic: 2020-09-24 (Wed) - FedEx-themed #malspam with links for #Dridex - Dridex installer is an EXE file with an .scr file ex…
gh0std4ncer: RT @malware_traffic: 2020-09-24 (Wed) - FedEx-themed #malspam with links for #Dridex - Dridex installer is an EXE file with an .scr file ex…
KanbeWorks: RT @malware_traffic: 2020-09-24 (Wed) - FedEx-themed #malspam with links for #Dridex - Dridex installer is an EXE file with an .scr file ex…
MalwareMisty: RT @malware_traffic: 2020-09-24 (Wed) - FedEx-themed #malspam with links for #Dridex - Dridex installer is an EXE file with an .scr file ex…
Bowflexin91: RT @malware_traffic: 2020-09-24 (Wed) - FedEx-themed #malspam with links for #Dridex - Dridex installer is an EXE file with an .scr file ex…
ExplodingLiger: RT @malware_traffic: 2020-09-24 (Wed) - FedEx-themed #malspam with links for #Dridex - Dridex installer is an EXE file with an .scr file ex…
Cyb3rFun: RT @malware_traffic: 2020-09-25 (Friday) - Generated an #Emotet infection earlier today that had #Trickbot gtag mor124 as the follow-up mal…
good_sector: RT @malware_traffic: 2020-09-25 (Friday) - Generated an #Emotet infection earlier today that had #Trickbot gtag mor124 as the follow-up mal…
MalFuzzer: RT @malware_traffic: 2020-09-25 (Friday) - Generated an #Emotet infection earlier today that had #Trickbot gtag mor124 as the follow-up mal…
JRoosen: RT @malware_traffic: 2020-09-25 (Friday) - Generated an #Emotet infection earlier today that had #Trickbot gtag mor124 as the follow-up mal…
anand_tendolkar: RT @executemalware: It looks like #emotet volume is way down today and I'm no exception - I only saw 3 emails. 2 with .doc files and 1 wi…
ArmanSameer95: RT @dhakal_ananda: Different moods according to the report states: Triaged: Satisfaction Rewarded: Happiness Informative: Disappointment…
debangshu_kundu: RT @dhakal_ananda: Different moods according to the report states: Triaged: Satisfaction Rewarded: Happiness Informative: Disappointment…
SuzeanneSpeir: RT @0xInfection: I learnt today that IP addresses can be shortened by dropping the zeroes. Examples: http://1.0.0.1 → http://1.1 http://192…
Usher786: RT @ITSecurityguard: I just uploaded some of the most common file types for my Patrik's Bug Bounty Tools mind map here: SVG: https://t.co/…
ashutoshkmonu: RT @ashutoshkmonu: Just got HackTheBox invite code #HackTheBox #hacker #Ethicalhacking #bugbounty #penetrationtesting https://t.co/iRZd5qn…
Alejand48068303: RT @trbughunters: 🚀a XSS payload with <img> tag, for Cookie Stealing🚀 #cybersecurity #infosec #ethicalhacking #bugbounty #bugbountytips #b…
ManosKyriacou: RT @NationalCsirtCy: #Cybercrime is growing at an “alarming pace” as a result of the ongoing #COVID19 crisis and is expected to accelerate…
SecdevB: RT @threatshub: ThreatsHub Cybersecurity News | Pastebin adds 'Burn After Read' and 'Password Protected Pastes' to the dismay of the infose…
StartingPointAI: RT @StartingPointAI: How to combat cyber threats amid the shift to remote working - TechRepublic @TechRepublic #CyberSecurity #cybercrim…
