Donald Trump anuncia banimento do TikTok nos Estados Unidos

Na sexta-feira (31), Donald Trump, presidente dos Estados Unidos, disse que no dia seguinte, ou seja, neste sábado (1º), assinaria uma ordem executiva para que o TikTok, plataforma mantida pela chinesa ByteDance, seja proibido de operar no país."No que diz respeito ao TikTok, estamos proibindo-o nos Estados Unidos. Assinarei o documento amanhã", disse Trump a repórteres que estavam a bordo do Air Force One, avião presidencial.ReproduçãoDecisão será assinada pelo presidente neste sábado (1º). Foto: ReproduçãoA medida seria o resultado das preocupações de autoridades dos Estados Unidos com a segurança do país, já que há acusações de espionagem contra o aplicativo de vídeos curtos. Isso vai resultar em um duro golpe contra a ByteDance, que recentemente se tornou um dos poucos conglomerados chineses verdadeiramente globais graças ao sucesso comercial do TikTok. Compra do aplicativoAinda na sexta, uma fonte anônima supostamente ligada diretamente à negociação declarou que a Microsoft está negociando a compra do TikTok. Se isso se confirmar, não há como saber como o negócio será fechado, já que a plataforma deixará de operar no país.Pode ser que, com a compra concretizada, o aplicativo possa voltar a operar e deixe de ser acompanhado de perto pelo governo Trump que alega que o TikTok é usado pelas autoridades chinesas como instrumento de espionagem.Escrutínio do TikTokO aplicativo passa por um período intenso de verificações desde o fim do ano passado. "Existem vários funcionários do governo que estão analisando o risco de segurança nacional no que diz respeito ao TikTok e outros aplicativos". Esta foi uma afirmação feita em 15 de julho pelo chefe de gabinete de Donald Trump, Mark Meadows a um grupo de repórteres.Além dele, o secretário de Estado, Mike Pompeo e o conselheiro da Casa Branca, Peter Navarro, revelaram à Fox News - canal conservador de notícias americano de televisão a cabo - que os EUA estão pensando em proibir aplicativos chineses, dos quais o TikTok é o mais cotado em questões de segurança.No entanto, as autoridades americanas forneceram poucas evidências de suas alegações sobre o TikTok, além de apontar para seu país de origem. Na China, especialistas dizem que, embora essas possibilidades não possam ser descartadas, o bloqueio do TikTok é uma medida drástica e que não necessariamente resolveria todos os problemas que dizem respeito aos detratores do aplicativo.A empresa disse repetidamente que o Partido Comunista Chinês não exerce influência sobre suas operações. O aplicativo não está disponível na China, embora a ByteDance execute uma plataforma semelhante chamada Douyin no território asiático. Além disso, enfatiza que armazena dados de usuários americanos nos EUA, e que nenhum deles está sujeito às leis chinesas.Via: Reuters

from Olhar Digital :: Segurança https://ift.tt/3k4bEbA

Google reforça segurança para usuários

Duas novas ferramentas do Google chegam para melhorar a segurança dos usuários: elas vão proteger informações e senhas salvas no preenchimento automático do Chrome. Uma delas adiciona o uso de dados biométricos, como impressão digital, para confirmar a identidade no uso de cartão de crédito no navegador.Atualmente, o preenchimento automático requer a inserção do código de segurança do cartão. Com a novidade, isso será feito na primeira vez e o registro biométrico será usado nas ocorrências seguintes. Segundo o Google, isso diminui o risco em caso de perda ou roubo do cartão.A outra novidade é que a caixa de diálogo da ferramenta “toque para preencher” foi atualizada. Agora, não é preciso ir a todos os campos, basta escolher o “par de informação” se tiver mais de um salvo. Ambos os recursos devem chegar aos smartphones nas próximas semanas.

from Olhar Digital :: Segurança https://ift.tt/3k1HjKH

How the Alleged Twitter Hackers Got Caught

Bitcoin payments and IP addresses led investigators to two of the alleged perpetrators in just over two weeks.

from Security Latest https://ift.tt/2EFigwH

Twitter afirma que invasores hackearam os funcionários primeiro

O Twitter continua investigando detalhes sobre o mega-taque que sofreu em 15 de julho. Na ocasião, contas de figuras importantes como Elon Musk e Bill Gates foram invadidas e compartilharam o endereço de uma carteira de Bitcoin, solicitando aos usuários que fizessem depósitos. De acordo com as últimas informações fornecidas pela plataforma, a invasão foi feita por meio de um ataque aos celulares de um pequeno número de funcionários da rede social. Os hackers então obtiveram acesso à rede interna do Twitter, assim como às ferramentas de suporte. Nem todos os funcionários que tiveram seus celulares invadidos tinham permissão para trabalhar com essas ferramentas, mas, portando as credenciais pertencentes a eles, os hackers acessaram o sistema e conseguiram invadir também o perfil dos funcionários que tinham.Dessa forma, os invasores conseguiram hackear 130 perfis, tuitar de 45, acessar as mensagens privadas de 36 e fazer download dos dados de sete.49790335083_167c2423c1_b.jpgBill Gates foi uma das celebridades a terem suas contas hackeadas. Imagem: CreativeCommonsO Twitter explicou que seus funcionários têm acesso "estritamente limitado" aos perfis na plataforma por meio de ferramentas de suporte. Além da utilidade óbvia de resolver problemas relacionados ao suporte, essas ferramentas são utilizadas para revisar, de acordo com as regras da comunidade, o conteúdo publicado. "O acesso é concedido apenas por razões comerciais", afirmou a empresa, "e nós temos tolerância zero ao uso indevido de credenciais ou ferramentas, auditamos regularmente as permissões e tomamos medidas imediatas caso alguém tente acessar informações das contas sem um motivo comercial válido".Depois do incidente, o Twitter limitou o acesso às ferramentas e sistemas internos. A empresa explica que alguns processos serão impactados por isso. Ficarão mais demoradas, por exemplo, as respostas às necessidades de suporte e às denúncias de tuítes."Lamentamos qualquer atraso que isso cause, mas acreditamos que seja uma precaução necessária", informa a companhia.A rede social disse também que está em contato direto com os proprietários das contas afetadas, e que a investigação continua em andamento em conjunto com as autoridades apropriadas. 

from Olhar Digital :: Segurança https://ift.tt/2Pe8ROA

Polícia prende hacker de 17 anos suspeito de mega-ataque ao Twitter

Autoridades federais dos Estados Unidos prenderam na Flórida um homem de 17 anos suspeito de ser responsável pelo ataque de grande escala que atingiu algumas das contas mais influentes da plataforma no último dia 15. Grandes nomes da tecnologia como Bill Gates, Elon Musk e Jeff Bezos tiveram suas contas invadidas, assim como empresas como Apple e Uber.Graham Ivan Clark, morador de Tampa, foi preso e acusado como adulto em conexão com o incidente. A lei da Flórida permite que menores de 18 anos "sejam processados como adultos em casos de fraude financeira, quando apropriado". Clark enfrenta 30 acusações criminais relacionadas ao ciberataque, de acordo com um comunicado do escritório do procurador estadual de Hillsborough, Andrew Warren."Ele é um garoto de 17 anos que aparentemente acabou de se formar no ensino médio", disse Warren. “Mas não se engane, esse não era um garoto comum de 17 anos de idade. Este foi um ataque altamente sofisticado em uma magnitude nunca vista antes", afirmou o procurador.O esquema consistia em roubar as identidades de pessoas proeminentes e depois postar mensagens em seus nomes, direcionando as vítimas a enviar Bitcoin para contas de sua propriedade. A procuradoria estadual disse que Clark recolheu mais de US$ 100 mil em Bitcoin em apenas um dia.Na ação, os perfis roubados divulgavam basicamente a mesma mensagem com o endereço de uma carteira de bitcoins para tentar roubar os seguidores dessas personalidades e companhias gigantes. A promessa é que a criptomoeda depositada nessa conta seria devolvida em dobro. A "oferta" seria válida apenas por 30 minutos, para incentivar a ação rápida e impensada dos seguidores.De acordo com a investigação, Clark ganhou acesso às contas do Twitter e aos controles internos da plataforma de mídia social por meio de um funcionário da empresa. O hacker então vendeu o acesso a essas contas e usou as identidades de pessoas proeminentes para solicitar dinheiro na forma de bitcoin.Segundo o Twitter, das 130 contas que foram utilizadas durante o ataque, 36 tiveram suas DMs acessadas, incluindo uma do parlamentar holandês Geert Wilders. A empresa garante que "nenhum outro político eleito", está entre elas.Entre políticos de destaque que foram vítimas estão o ex-presidente dos EUA, Barack Obama, e seu vice-presidente e atual candidato democrata à presidência do país, Joe Biden. Além deles, bilionários como os já citados Musk, Gates e Bezos, Michael Bloomberg e Warren Buffett foram vítimas, além de músicos como Kanye West.O Twitter não divulgou uma lista das contas que tiveram suas DMs acessadas, e não está claro se o método de ataque não permitiu acesso às mensagens das 94 contas restantes, ou se os hackers simplesmente não se interessaram por elas.Em resposta aos ataques, o Twitter suspendeu temporariamente a redefinição de senhas na plataforma. Contas verificadas foram impedidas de realizarem publicações, para coibir a propagação do golpe.Clark enfrenta acusações de fraude organizada de mais de US$ 50 mil, 17 acusações de fraude em comunicações criminais, uma acusação de roubo de identidade agravado, dez acusações de roubo de identidade e uma acusação de ataque cibernético e acesso ilegal a um computador para promover um esquema de fraude. Via: Wall Street Journal/Tampa Bay

from Olhar Digital :: Segurança https://ift.tt/33cKjxD

17-Year-Old 'Mastermind', 2 Others Behind the Biggest Twitter Hack Arrested

Three young individuals — 17, 19, and 22-year-old — have reportedly been arrested for being the alleged mastermind behind the recent Twitter hack that simultaneously targeted several high-profile accounts as part of a massive bitcoin scam. According to the U.S. Department of Justice, Mason Sheppard, aka "Chaewon," 19, from the United Kingdom, Nima Fazeli, aka "Rolex," 22, from Florida and an

from The Hacker News https://ift.tt/3giBJ4e

Microsoft pode estar negociando compra do TikTok

Nesta sexta-feira (31), uma fonte anônima ligada diretamente ao assunto declarou que a Microsoft está negociando a compra do TikTok, aplicativo de vídeos curtos de propriedade chinesa. O período de conversa ocorre simultaneamente às tensões envolvendo o app e o governo dos Estados Unidos. Recentemente, o presidente norte-americano, Donald Trump, declarou que estudava tomar medidas que proibissem a atuação do aplicativo nos Estados Unidos. A compra do app por uma empresa do próprio país pode ser a solução para mantê-lo funcionando por lá.Em desenvolvimento...

from Olhar Digital :: Segurança https://ift.tt/3givZYe

This Week in Security News: Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902 and Vermont Taxpayers Warned of Data Leak Over the Past Three Years

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how Trend Micro found an IoT Mirai botnet downloader that can be added to new malware variants to scan for exposed Big-IP boxes for intrusion. Also, learn about how the Vermont Department of Taxes may have been exposing taxpayer data for more than three years.

Read on:

Ransomware is Still a Blight on Business

Ransomware has been with us for years, but only really became mainstream after the global WannaCry and NotPetya incidents of 2017. Now mainly targeting organizations in lieu of consumers, and with increasingly sophisticated tools and tactics, the cybercriminals behind these campaigns have been turning up the heat during the COVID-19 pandemic. That’s why we need industry partnerships like No More Ransom.

Garmin Outage Caused by Confirmed WastedLocker Ransomware Attack

Wearable device maker Garmin shut down some of its connected services and call centers last week following what the company called a worldwide outage, now confirmed to be caused by a WastedLocker ransomware attack. Garmin’s product line includes GPS navigation and wearable technology for the automotive, marine, aviation, marine, fitness, and outdoor markets.

Trend Micro Launches Cloud Solution for Microsoft Azure

Trend Micro announced the availability of its Trend Micro Cloud One – Conformity offering to Azure customers, helping global organizations tackle misconfigurations, compliance challenges and cyber-risks in the cloud. The company also achieved the CIS Microsoft Azure Foundation Security Benchmark, certifying that the Conformity product has built-in rules to check for more than 100 best practices in the CIS framework.

Ensiko: A Webshell with Ransomware Capabilities

Ensiko is a PHP web shell with ransomware capabilities that targets platforms such as Linux, Windows, macOS, or any other platform that has PHP installed. The malware has the capability to remotely control the system and accept commands to perform malicious activities on the infected machine. It can also execute shell commands on an infected system and send the results back to the attacker via a PHP reverse shell.

‘Boothole’ Threatens Billions of Linux, Windows Devices

A newly discovered serious vulnerability – dubbed “BootHole” – with a CVSS rating of 8.2 could unleash attacks that could gain total control of billions of Linux and Windows devices. Security firm Eclypsium researchers released details this week about how the flaw can take over nearly any device’s boot process.

Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902

Following the initial disclosure of two F5 BIG-IP vulnerabilities in early July, Trend Micro continued monitoring and analyzing the vulnerabilities and other related activities to further understand their severities. Based on the workaround published for CVE-2020-5902, Trend Micro found an IoT Mirai botnet downloader that can be added to new malware variants to scan for exposed Big-IP boxes for intrusion and deliver the malicious payload.

Hackers Stole GitHub and GitLab OAuth Tokens from Git Analytics Firm Waydev

Waydev, a San Francisco-based company, runs a platform that can be used to track software engineers’ work output by analyzing Git-based codebases. Earlier this month, the company disclosed a security breach, saying that hackers broke into its platform and stole GitHub and GitLab OAuth tokens from its internal database.

Application Security 101

As the world currently grapples with the disruption brought about by the coronavirus pandemic, the need for digital transformation has become not only more apparent but also more urgent.  Applications now play an integral role, with many businesses and users relying on a wide range of applications for work, education, entertainment, retail, and other uses.

Vermont Taxpayers Warned of Data Leak Over the Past Three Years

The Vermont Department of Taxes may have been exposing taxpayer data that could be used in credential scams for more than three years due to a vulnerability in its online tax filing system. A notice posted on the department’s website warned taxpayers who filed a Property Transfer Tax return through the department’s online filing site between Feb. 1, 2017, and July 2, 2020, may have had their personal information leaked.

Guidelines Related to Security in Smart Factories Part 6: MITRE ATT&CK

This blog series explains examples of general-purpose guidelines for ICS and OT security and helps readers understand the concepts required for security in smart factories. Thus far, part one through part five have explained IEC62443, the NIST CSF, part of the P800 series, and CIS Controls. In part six, Trend Micro explains MITRE ATT&CK, although not a guideline, it is a knowledge base in which offensive and defensive technologies in cyber-attacks are clearly organized.

If You Own One of These 45 Netgear Devices, Replace It: Firm Won’t Patch Vulnerable Gear Despite Live Proof-of-Concept Code

Netgear has decided not to patch more than 40 home routers to plug a remote code execution vulnerability – despite security researchers having published proof-of-concept exploit code. The vulnerability was revealed publicly in June by Trend Micro’s Zero Day Initiative (ZDI).

Online Dating Websites Lure Japanese Customers to Scams

In May, Trend Micro observed a sudden increase in traffic for online dating websites primarily targeting Japanese customers. After analyzing and tracking these numbers, we found that these dating scam campaigns attract potential victims by using different website domains that have similar screen page layouts. By the end of the transactions, the fraudsters steal money from victims without the subscribers receiving any of the advertised results.

ESG Findings on Trend Micro Cloud-Powered XDR Drives Monumental Business Value

Trend Micro’s cloud-powered XDR and Managed XDR offerings optimize threat detection and response across all critical vectors. In a recent survey commissioned by Trend Micro and conducted by ESG, organizations surveyed experience faster detection and less alert fatigue as a result of intelligently using data from all their security controls (including those covering endpoints, email, servers, cloud workloads and networks).

How does your organization manage threat detection and response? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902 and Vermont Taxpayers Warned of Data Leak Over the Past Three Years appeared first on .

from Trend Micro Simply Security https://ift.tt/2P8GKjY

EU sanctions hackers from China, Russia, North Korea who're wanted by the FBI

The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states. The directive has been issued against six individuals and three entities responsible for or involved in various cyber-attacks, out of which some publicly known are 'WannaCry', 'NotPetya', and 'Operation Cloud

from The Hacker News https://ift.tt/3gimKHk

Google reforça segurança de preenchimento automático do Chrome

Pensando em melhorar a segurança de seus usuários, o Google lançou duas novas ferramentas para proteger informações e senhas salvas no preenchimento automático do Chrome. Uma delas adiciona o uso de dados biométricos, como impressão digital, para confirmar a identidade sempre que desejar usar o cartão de crédito no navegador.Atualmente, para validar o preenchimento automático, é necessário digitar o CVC do cartão de crédito sempre que o fizer. Com a novidade, isso será feito apenas na primeira vez, bastando utilizar o registro biométrico nas seguintes vezes. Segundo a empresa, isso diminui o risco de perda ou roubo do cartão de crédito. O recurso deve chegar ao Android nas “próximas semanas”.Vale destacar que, em smartphones da Samsung, esse recurso já existe. Para validar o "Samsung Pass", nome dado para a ferramenta, é possível utilizar digitais, íris ou reconhecimento facial.ReproduçãoFerramentas vão aumentar segurança do preenchimento automático no Chrome. Foto: UnsplashAlém disso, a caixa de diálogo da ferramenta de “toque para preencher” foi atualizada. Agora, não é preciso ir em todos os campos, basta escolher qual “par de informação” desejar caso tenha mais de um salvo anteriormente. Esta novidade também deve chegar aos smartphones nas próximas semanas.Backup para iPhoneNo ano passado, o Google adicionou backups automáticos de telefones Android ao Google One, programa de "sócios" da empresa, que inclui compartilhamento em família, armazenamento no Drive e muitas outras vantagens.É natural que o Google inclua isso em smartphones com o seu sistema operacional, mas nesta quarta-feira (29) a empresa anunciou que fará o mesmo para iPhones. A melhor parte é que, independentemente de seu aparelho ser um Android ou um iOS, o recurso de backup será gratuito para todos - até mesmo se você não for membro do Google One.Em outras palavras, as pessoas que não pagam pelo armazenamento extra do Google One terão a base de 15 GB para dividir entre Gmail, Google Fotos, Google Drive e agora os backups por telefone. Isso pode ser pouco espaço para algumas pessoas, mas se você não estiver usando o Drive ou o Fotos, por exemplo, deve ser o suficiente.Via: Engadget

from Olhar Digital :: Segurança https://ift.tt/2Xcg724

40 GB de vídeos vazados mostram operações de hackers iranianos

Um erro de segurança operacional (OPSEC) fez com que a equipe de pesquisa de segurança IBM X-Force encontrasse mais de 40 GB de vídeos que expõem o modus operandis de hackers iranianos.A nuvem privada virtual ficou vulnerável devido uma configuração de segurança incorreta, permitindo que diversos vídeos e dados privados fossem localizados. Os pesquisadores obtiveram cerca de cinco horas de gravações exclusivas, usadas como treinamento para hackers mais jovens que estavam entrando no grupo de invasores patrocinados pelo Estado iraniano, também conhecidos como "gatos charmosos".Os vídeos mostram métodos de extração de dados hospedados pelo Google em contas de endereços eletrônicos do Yahoo e Gmail. O grupo iraniano também consegue gerenciar "contas criadas por adversários" — sem maiores explicações sobre quem seriam — e utiliza o phishing via PDF para garantir o acesso às contas de redes sociais. image-from-rawpixel-id-676836-jpegf20e4966db31e0e8.jpgPor meio de e-mails com arquivos maliciosos, o phishing é capaz de descobrir senhas utilizadas no computador, além de dados bancários. Foto: Rawpixel Além das filmagens que mostram as operações dos invasores, informações hackeadas pertencentes a militares norte-americanos e gregos colocam o Departamento de Estado dos Estados Unidos como um dos possíveis alvos do grupo. O material encontrando também contava com uma lista de logins em mais de 75 sites diferentes, desde pizzarias até contas bancárias.O analista sênior da IBM X-Force, Allison Wikoff, acredita que o conteúdo encontrado pode ser um bom objeto de estudo contra o grupo iraniano. "Não costumamos ter conhecimentos sobre como os invasores operam. Raramente podemos ver os adversários em seus próprios computadores. É um outro patamar de observação.", aponta Wikoff.Apesar de revelador e de pertencer a um dos grupos hackers mais ativos em operação, o material ainda não foi compartilhado publicamente. Via: HackRead

from Olhar Digital :: Segurança https://ift.tt/2BKeTmX

WhatsApp defende rastreio de mensagens apenas sob ordens judiciais

Aprovado no Senado no dia 30 de junho, o projeto de lei das Fake News — que tem como foco a criação de novas regras para o combate às notícias falsas — tem sido muito debatido entre especialistas de direito e tecnologia, políticos e sociedade civil. Em audiência online realizada na última segunda-feira (27), o diretor de políticas públicas do WhatsApp, Dario Durigan, defendeu que o rastreamento de mensagens ocorra apenas sob decisões judiciais, já que o texto do PL 2630/2020 viola a privacidade dos usuários.O trecho em questão trata-se do artigo 10, que aborda a rastreabilidade de mensagens encaminhadas para ao menos cinco indivíduos ou grupos no intervalo de 15 dias. O projeto de lei determina que as plataformas de mensagens armazenem os registros dos envios, bem como seus autores, datas e horários, pelo período de três meses. A medida transformar qualquer usuário das plataformas em um possível suspeito. Já que não é possível fazer um discernimento prévio se as mensagens constituem a desinformação, os indivíduos podem sofrer exposições sem motivos aparentes, e caso seja feita uma preliminar sobre os conteúdos dos envios, ocorrências explícitas de violações à privacidade serão observadas. Para Durigan, a rastreabilidade dos envios abre margem para abusos contra o usuário.O WhatsApp defende a colaboração com autoridades em casos de ordens judiciais, informando os dados e registros das mensagens a serem investigadas.A alternativa colaboraria no combate à desinformação e manteria a privacidade dos usuários. "Essa proposta pode ser lida como muito compatível às práticas de privacidade, não quebra criptografia e se restringe aos suspeitos em investigação criminal", aponta Durigan image-from-rawpixel-id-551284-jpeg.jpgCom 130 milhões de usuários no país, WhatsApp teria que violar mensagens de usuários que realizarem envios para ao menos cinco indivíduos ou grupos. Foto: Rawpixel O diretor afirma ainda que as exigências do PL não são vistas em nenhuma democracia no mundo e diz que não existe um parâmetro global sobre o rastreamento de conversas privadas.Atualmente, o WhatsApp já conta com medidas para evitar a desinformação, como a limitação no encaminhamento de mensagens por vez e um recurso para impedir que os usuários sejam incluídos em grupos sem suas autorizações.O texto do projeto de lei das fake news poderia trazer outro impasse para os aplicativos de mensagens: a quebra de criptografia das mensagens analisadas poderia resultar em bancos de dados mais vulneráveis. Com isso, o reforço na segurança virtual destas empresas teriade ser redobrado.Via: Jovem Pan 

from Olhar Digital :: Segurança https://ift.tt/3fgdkuI

Hackers invadem sites de universidades privadas de São Paulo

Duas universidades privadas da capital paulista foram as mais recentes vítimas de ataques cibernéticos. A Universidade Anhembi Morumbi teve mais de um milhão de dados de alunos vazados, enquanto a Universidade Nove de Julho teve sua página hackeada. O ataque ao sistema do grupo Laureate International Universities, que controla, entre outras faculdades, a Anhembi Morumbi, foi revelado pelo TecMundo. Segundo o site, o banco de dados com informações pessoais já circulava no mercado de compra e venda desse tipo de informação há pelo menos seis meses.De acordo com a universidade, hackers tentaram acessar espaços protegidos por login e senha. “Desde que identificou tal tentativa, a Universidade tratou o tema de forma imediata e com todas as providências exigidas pela lei”, afirmou a direção da instituição, por meio de nota.Já no ataque à Universidade Nove de Julho, a princípio, o hacker responsável pela invasão não vazou informações de alunos, mas apenas deixou uma mensagem no site da instituição. O invasor, que se intitula de “elsanninja”, deixou a mensagem “menos propaganda, mais segurança” na home por algumas horas.ReproduçãoHackers tentaram acessar espaços protegidos por login e senha. Foto: PixabayAmbiente online inseguroComo destaca a empresa HarpiaTech, que monitora a atividade de 1.400 hackers na internet, as redes das universidades, por serem abertas, voltadas para atividades de pesquisa, são um ambiente propício para esse tipo de ataque porque criam facilidades.Atualmente, as instituições de ensino têm realizado diversas pesquisas focadas no novo coronavírus que podem chamar a atenção não apenas de criminosos nacionais como também internacionais.E mais, a maioria das universidades brasileiras ainda não se enxerga como potencial alvo desse tipo de ataque e não promovem uma cultura de segurança entre docentes, alunos e funcionários.Mais ataquesNo ano passado, a Faculdade de Medicina da Universidade de São Paulo (USP) teve dados pessoais vazados pelo mesmo grupo de hackers que, neste ano, vazou exames do presidente Jair Bolsonaro. Em janeiro deste ano, foi a vez da Universidade Estadual de Campinas (Unicamp) ter um dos seus sistemas invadidos.De acordo com um levantamento feito pela HarpiaTech, os servidores da Rede Nacional de Ensino e Pesquisa, que permite o compartilhamento de pesquisas críticas para o desenvolvimento nacional e conecta os sistemas das universidades federais a universidades estrangeiras, foram alvos de 42 mil incidentes de fevereiro até esta quinta-feira (30).Por fim, a Fundação Carlos Chagas de Amparo à Pesquisa (Faperj), foi alvo de 16 mil incidentes. A maioria dos ataques foi em busca de ativos vulneráveis, passíveis de exploração.ReproduçãoVigor da Lei Geral de Proteção de Dados foi adiado para maio de 2021. Foto: Fundação VanzoliniOs ataques ocorrem em meio ao adiamento da Lei Geral de Proteção de Dados (LGPD), que prevê multas de até R$ 50 milhões contra empresas que não garantirem medidas de segurança dos dados de seus clientes e funcionários, assim como mecanismos para que vazamentos não sejam mantidos em segredo pelas empresas.Em abril, o governo federal, por meio de medida provisória, adiou a entrada em vigor da lei para maio de 2021. Inicialmente, ela estava prevista para agosto deste ano.  Via: O Globo

from Olhar Digital :: Segurança https://ift.tt/3hVeo9e

New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks

Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server. Remote timing attacks that work over a network connection are predominantly affected by variations in network transmission time (or jitter), which, in turn, depends on the load of the network

from The Hacker News https://ift.tt/2Xe8zfg

Hacker vaza gratuitamente registros de milhões de usuários de 18 serviços

No dia 21 de julho, um vendedor de dados violados, conhecido como ShinyHunters, começou a vazar gratuitamente bancos de dados que expõem mais de 386 milhões de registros de usuários roubados de 18 serviços. A plataforma brasileira Vakinha, destinada ao financiamento de projetos por meio de doações, é uma das afetadas pelo vazamento.O ShinyHunters já esteve envolvido ou é responsável por uma ampla variedade de vazamentos de dados no ano passado, incluindo os que afetaram Wattpad, Dave, Chatbooks, Promo.com, Mathway, HomeChef e a violação do repositório GitHub privado da Microsoft.No geral, bancos de dados inéditos são vendidos por US$ 500 a US$ 100 mil. Assim que os vazamentos deixam de ser lucrativos, os autores os liberam gratuitamente em fóruns de hackers para aumentar sua reputação na comunidade.ReproduçãoLista parcial de bancos de dados postados no fórum. Imagem: BleepingComputerDos 18 bancos de dados disponibilizados gratuitamente desde o dia 21 de julho, nove já haviam vindo à tona de alguma maneira. Os nove restantes, incluindo Havenly, Indaba Music, Ivoy, Proctoru, Rewards1, Scentbird e Vakinha, são inéditos.Em contato com o ShinyHunters, o portal BleepingComputer questionou o porquê da liberação gratuita dos bancos de dados inéditos e o hacker respondeu que pensou "já ganhei dinheiro suficiente agora, então vazei para o benefício de todos". "Obviamente, algumas pessoas estão um pouco chateadas porque pagaram revendedores há alguns dias, mas eu não me importo", contou ShinyHunters.O BleepingComputer também confirmou que os endereços de email expostos correspondem às contas nos serviços. Ainda assim, nem todas as senhas dos 386 milhões de registros foram vazadas.Confira a lista completa de serviços afetados:Appen.com - 5,8 milhõesChatbooks.com - 15,8 milhõesDave.com - 7 milhõesDrizly.com - 2,4 milhõesGGumim.co.kr - 2,3 milhõesHavenly.com - 1,3 milhõesHurb.com - 20 milhõesIndabamusic.com - 475 milIvoy.mx - 127 milMathway.com - 25,8 milhõesProctoru.com - 444 milPromo.com - 22 milhõesRewards1.com - 3 milhõesScentbird.com - 5,8 milhõesSwvl.com - 4 milhõesTrueFire.com - 602 milVakinha.com.br - 4,8 milhõesWattpad.com - 270 milhõesComo proceder se você for usuário dos serviços listadosO BleepingComputer entrou em contato com todos os serviços afetados, mas, por ora, não obteve resposta de nenhum - algo que é comum quando uma violação de dados foi relatada recentemente.Se você é usuário de alguns dos serviços e pode ter tido seus dados vazados, o melhor a se fazer, para a sua segurança, é alterar sua senha imediatamente. Além disso, se você usa a mesma senha para outros serviços não listados, é importante trocá-la por uma mais forte e, de preferência, escolher combinações difentes para cada plataforma. Você pode usar também o Gerador de senhas do Olhar Digital para criar passwords mais seguros.Via: BleepingComputer

from Olhar Digital :: Segurança https://ift.tt/3gizrC0

UE aplica sanções inéditas contra russos e chineses por ciberataques

Em decisão inédita, divulgada nesta quinta-feira (30), o Conselho Europeu anunciou sanções contra seis pessoas e três empresas russas e chinesas que estavam realizando ataques cibernéticos em países da União Europeia.As sanções são destinadas a um ataque hacker contra a Organização para a Proibição de Armas Químicas (Opaq), com sede nos Países Baixos, e a três ciberataques que afetaram milhões de pessoas, empresas e instituições nos últimos anos, intitulados WannaCry, NotPetya e Operation Cloud Hopper.Josep Borrell, alto representante da Política Exterior da União Europeia, disse que o bloco "não vai mais tolerar" esses tipos de ataque, já que "ameaças cibernéticas estão aumentando e evoluindo" e, consequentemente, afetando as sociedades europeias.ReproduçãoJosep Borrell. Imagem: Reuters/Yiannis Kourtoglou"A União Europeia e seus Estados-membros avisaram repetidamente sobre suas preocupações e denunciaram comportamentos maliciosos no ciberespaço. Tal comportamento é inaceitável, pois compromete a segurança e a estabilidade internacional. Nós fortemente promovemos um global, aberto, estável, pacífico e seguro ciberespaço onde os direitos humanos e as liberdades fundamentais e o estado de direito se aplica plenamente, apoiando a aceleração do desenvolvimento social, político e econômico", afirmou Borrell.As sanções da decisão incluem proibições de viagens e bloqueios de bens, bem como de acesso a fundos de terceiros que tenham alguma ligação com a União Europeia.WannaCry: entenda o ciberataque que afetou mais de 200 mil PCs em 150 países em 2017Um ataque virtual de proporções globais atingiu pessoas, empresas e instituições no mundo todo, incluindo hospitais públicos do Reino Unido e grandes corporações na Espanha, como Santander e Telefónica. Ainda que o ataque e suas consequências tenham sido imensas, existe a possibilidade de que ele pudesse ter sido evitado.Segundo a Kaspersky, empresa de cibersegurança, o WannaCry é um ransomware - arquivo nocivo que criptografa todos os dados contidos no computador invadido e só os decifra após receber um pagamento em bitcoin. No caso dos PCs afetados por esse ataque, o valor inicial era de US$ 300, mas a ferramenta ameaçava aumentar o valor caso o pagamento não fosse feito em até duas horas.Ainda de acordo com a Kaspersky, o WannaCry é uma família de malwares feita para atacar usuários de diversos países diferentes. Prova disso é o fato de que seu "manual" (o texto que indica à vítima o que fazer para recuperar seus dados) pode ser facilmente traduzido para diversas línguas.Embora os ataques mais notórios tenham acontecido na Europa Ocidental, o país com maior número de PCs vitimados foi, de longe, a Rússia. O Brasil, no entanto, também teve diversos casos; de acordo com um relatório da Avast, o país foi o quinto mais afetado.Via: Época Negócios

from Olhar Digital :: Segurança https://ift.tt/2EBdwrX

Sistema do Vaticano é invadido por hackers chineses, diz empresa de segurança

O Vaticano e a Diocese Católica de Hong Kong foram alvos de supostos ataques hackers vindos de cribercriminosos chineses apoiados pelo Estado.De acordo com a Recorded Future, empresa de segurança cibernética que detectou as invasões pela primeira vez, os ataques ocorreram em razão das negociações de renovação de um acordo histórico que ajudou nas relações diplomáticas entre o Vaticano e a China. As invasões, que foram atribuídas a um grupo chamado RedDelta, começaram em maio e tinham como suposto objetivo dar à China vantagens sobre as próximas negociações. "A suspeita de invasão no Vaticano ofereceria ao grupo uma visão da posição negocial da Santa Sé antes da renovação do acordo em setembro de 2020", descreve a empresa de segurança.Além disso, a invasão pode fornecer "informações valiosas" sobre a posição das entidades católicas de Hong Kong no movimento pró-democracia. Ao ser questionado sobre o assunto, o Ministério das Relações Exteriores da China negou qualquer envolvimento do país no caso e chamou a descoberta de "especulação infundada".ReproduçãoSistema do Vaticano foi supostamente invadido por hackers chineses. Foto: RawpixelAs informações da empresa ainda apontam que os ataques continuaram até 21 de julho. O mais expressivo deles incluía uma aparente tentativa de phishing usando um documento em papel timbrado da Secretaria de Estado do Vaticano direcionado ao chefe da Missão de Estudo de Hong Kong.AcordoAtualmente, estima-se a presença de 12 milhões de católicos na China. Eles estão divididos entre os que fazem parte da Associação Patriótica Católica Chinesa, apoiada pelo governo – que não reconhece o papa -, e uma igreja que é leal a ele.Um acordo histórico de 2018 entre a Santa Sé e a China sobre nomeações de bispos teve como objetivo reunir ambos os grupos, regularizando o status de sete bispos que não eram reconhecidos por Roma e diminuindo a distância entre o país e o Vaticano.No entanto, alguns dos fiéis chineses têm profundas ressalvas sobre o acordo, vendo-o como um esgotamento para o governo comunista e uma traição de sua longa lealdade ao papa.AcusaçõesA China nega veementemente a participação em um programa patrocinado pelo Estado para roubar segredos comerciais ou informações sensíveis de governos pela internet, e diz que está entre as maiores vítimas de ataques de hackers. Os EUA contestam isso e dizem que rastrearam diversas invasões cibernéticas que estavam ligadas diretamente aos militares chineses. No início deste mês, o estado de Washington indiciou dois cidadãos chineses por supostamente terem iniciado ataques de hackers contra empresas dos EUA e de outros países. O Departamento de Justiça também disse que hackers que trabalham com o governo chinês têm como alvo empresas que desenvolvem vacinas para o coronavírus. A China se defendeu e disse que Washington não forneceu informações para apoiar as acusações.Via: AP News

from Olhar Digital :: Segurança https://ift.tt/2XbFIYR

Cisco Releases Security Updates for Multiple Products

Original release date: July 30, 2020

Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

• Cisco SD-WAN vManage Software Authorization Bypass Vulnerability cisco-sa-uabvman-SYGzt8Bv
• Cisco Data Center Network Manager Authentication Bypass Vulnerability cisco-sa-dcnm-bypass-dyEejUMs
• Cisco Data Center Network Manager Command Injection Vulnerability cisco-sa-devmgr-cmd-inj-Umc8RHNh
• Cisco Data Center Network Manager Command Injection Vulnerability cisco-sa-dcnm-rest-inj-BCt8pwAJ
• Cisco Data Center Network Manager Path Traversal Vulnerability cisco-sa-dcnm-path-trav-2xZOnJdR
• Cisco Data Center Network Manager Improper Authorization Vulnerability cisco-sa-dcnm-improper-auth-7Krd9TDT
• Cisco Data Center Network Manager Authentication Bypass Vulnerability cisco-sa-dcnm-auth-bypass-JkubGpu3 

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/2P5X1WK

MIT e Microsoft criam algoritmo para linkar pinturas antigas; entenda

Todo mundo já viu uma imagem ou obra de arte que, rapidamente, fez pensar em alguma outra coisa. Muitas vezes não sabemos explicar por que essa ligação é feita, mas algo nos dois objetos é responsável por isso. Às vezes é a cor, a forma ou até mesmo um tema semelhante.Pensando nisso, pesquisadores do MIT e da Microsoft desenvolveram um algoritmo que combina pinturas do Museu Metropolitano de Arte, em Manhattan, e do Riksmuseum, em Amsterdam por meio dessas conexões ocultas. A inspiração foi uma exposição de museu holandês que uniu pinturas de autores diferentes por interpretações ou estilos semelhantes, como os quadros abaixo, no qual o homem e o cisne estão com posturas semelhantes.obra-ganso68103f09931d8d39.pngO algoritmo é capaz de encontrar imagens semelhantes a uma selecionada a partir de uma consulta rápida. O exemplo mostrado foi de um vestido azul e branco. Ao ser utilizado, o software encontrou imagens em duas vertentes diferentes. Uma delas foi buscar fotos de trajes de culturas diferentes, enquanto a outra procurou figuras semelhantes em outros tipos de arte, como cerâmica, pintura, entre outras.obra-vestido.pngO MosAIc, como foi chamado, precisa apenas de uma imagem para encontrar outras estilísticas semelhantes. Segundo Mark Hamilton, principal autor do projeto, o maior desafio foi fazer o algoritmo encontrar não apenas imagens semelhantes em cor e estilo, mas também em significado e tema. Para conseguir isso, foi utilizado uma estrutura de dados chamada K-Nearest Neighbor, que coloca as várias imagens em uma estrutura em forma de árvore, ligando-as conforme a semelhança.Além disso, os pesquisadores descobriram que esse método pode ser aplicado para descobrir limitações dos algoritmos de deepfake baseados em Rede Gerativa de Adversárias e onde eles falham. Apesar disso, ainda não está claro se ele pode determinar qual imagem é a original e qual é a falsa.Desenho perdido de PicassoPablo Picasso é um dos pintores mais reconhecidos do mundo todo. Suas obras abstratas e com proporções distorcidas marcaram época para as artes. Porém, um novo desenho do artista foi descoberto por acaso. Quando utilizava imagens de raios X para entender um pouco mais da obra “Natureza Morta”, uma equipe do Instituto de Arte de Chicago (EUA) acabou se deparando com o rabisco perdido.Segundo a equipe, não era incomum que Picasso pintasse sobre obras antigas, mas geralmente incorporava alguns detalhes no novo trabalho. Nesse caso, porém, o artista tampou totalmente o rabisco anterior com uma “espessa camada branca” de tinta antes de iniciar a obra definitiva. Como resultado, “nenhuma evidência da composição anterior” é visível na tela, acrescentaram os pesquisadores.Via: The Next Web

from Olhar Digital :: Segurança https://ift.tt/2EA64gI

GNU GRUB2 Vulnerability

Original release date: July 30, 2020

Free Software Foundation GNU Project's multiboot boot loader, GNU GRUB2, contains a vulnerability—CVE-2020-10713—that a local attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT Coordination Center’s Vulnerability Note VU#174059 for mitigations and to refer to operating system vendors for appropriate patches, when available.

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/30az7Qj

Children Stream on Twitch—Where Potential Predators Find Them

A WIRED investigation found dozens of channels belong to children apparently under 13, and anonymous chat participants sending inappropriate messages their way.

from Security Latest https://ift.tt/30aCLK0

ESG Findings on Trend Micro Cloud-Powered XDR Drives Monumental Business Value

This material was published by ESG Research Insights Report, Validating Trend Micro’s Approach and Enhancing GTM Intelligence, 2020.

 

 

 

The post ESG Findings on Trend Micro Cloud-Powered XDR Drives Monumental Business Value appeared first on .

from Trend Micro Simply Security https://ift.tt/2XaI6Pk

Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes

Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants. Zoom meetings are by default protected by a six-digit numeric password, but according to Tom Anthony, VP Product at SearchPilot who identified the issue, the lack of rate

from The Hacker News https://ift.tt/2D1eQnu

Google lança ferramenta gratuita de backup para iPhone

No ano passado, o Google adicionou backups automáticos de telefones Android ao Google One, programa de "sócios" da empresa, que inclui compartilhamento em família, armazenamento no Drive e muitas outras vantagens. É natural que o Google inclua isso em smartphones Android, mas nesta quarta-feira (29) a empresa anunciou que fará o mesmo para iPhones. A melhor parte é que, independentemente de seu aparelho ser um Android ou um iOS, o recurso de backup será gratuito para todos - até mesmo se você não for membro do Google One.Em outras palavras, as pessoas que não pagam pelo armazenamento extra do Google One terão a base de 15 GB para dividir entre Gmail, Google Fotos, Google Drive e agora os backups por telefone. Isso pode ser pouco espaço para algumas pessoas, mas se você não estiver usando o Drive ou o Fotos, por exemplo, deve ser o suficiente.Para usuários do iPhone, será possível gerenciar os backups por meio de um novo aplicativo do Google One que será lançado em breve. Esse app armazenará contatos, vídeos, fotos e eventos agendados em sua conta do Google. Mas vale ressaltar que a Apple já tem seu próprio sistema de armazenamento de backups (iCloud). Entretanto, o iCloud tem apenas 5 GB disponíveis, então o backup do Google pode ser bem útil.dims.jpgBackups do Google One chegam também para iOS. Imagem: GoogleEvidentemente, quem paga pelo Google One terá mais vantagens: por R$ 6,99 ao mês no plano básico, você recebe 100 GB para armazenamento, o suficiente para salvar as informações do Drive, backup, Fotos e muito mais. Mesmo assim, agora você terá uma opção extra para fazer o backup do seu telefone, sem pagar pela assinatura.Além dos 100 GB, quem assina o Google One tem direito a compartilhar o espaço de armazenamento com até cinco membros da família, suporte ao cliente em tempo real e 10% de cashback na Google Store, entre outras vantagens.O novo aplicativo do Google One para iOS incluirá também um gerenciador de armazenamento, o que facilita muito a limpeza dos vários dados que ocupam um espaço indesejado em seu telefone. Esse recurso já está disponível na web, mas é uma boa ideia colocar isso no app, considerando o quanto confiamos em nossos celulares hoje em dia.As novas ferramentas para usuários gratuitos do Android estarão disponíveis na Play Store "nos próximos dias", enquanto o aplicativo Google One iOS estará "disponível em breve".Via: Engadget

from Olhar Digital :: Segurança https://ift.tt/3hOxMom

Hackers Broke Into Real News Sites to Plant Fake Stories

A disinfo operation broke into the content management systems of Eastern European media outlets in a campaign to spread misinformation about NATO.

from Security Latest https://ift.tt/2EtzDAp

Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems

A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide—including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system. Dubbed 'BootHole' and tracked as CVE-2020-10713, the reported vulnerability resides in the GRUB2 bootloader, which, if exploited, could

from The Hacker News https://ift.tt/30f6PnX

Google bane 29 apps maliciosos que se passavam por editores de fotos

O Google baniu da Play Store 29 aplicativos suspeitos de enviar spam a usuários e instalar anúncios maliciosos nos smartphones. A maioria dos apps inclui a palavra "blur" no nome, e se passam por editores de fotos, permitindo que o usuário desfoque parte das imagens.De acordo com a equipe de inteligência Satori da empresa de verificação de anúncios, detecção de bot e segurança cibernética White Ops, uma característica importante desses aplicativos era brincar de "esconde-esconde" com o usuário: o ícone do app desaparecia da tela inicial, e ele só era acessível pelo o menu Configurações.Segundo os pesquisadores de segurança da White Ops, nenhum dos apps banidos funciona como anunciados e exibem publicidade fora do contexto para quase todas as ações executadas. Anúncios indesejados podem aparecer ao desbloquear o dispositivo, carregar o smartphone ou até alternar entre Wi-Fi e dados móveis. Alguns dos malwares ainda abriam pop-ups aleatórios no navegador web para quase todas as outras ações.ezgif-2-60291ed3d6d5.gifAplicativo malicioso em ação, abrindo anúncios indesejados no smartpphone. Imagem: White Ops/ReproduçãoAlguns dos programas maliciosos da relação tinham mais de 3,5 milhões de downloads, como era o caso do Square Photo Blur. Para desinstalar os apps, é preciso ir até o menu "Configurações", acessar "Aplicativos", encontrar o programa e selecionar a desinstalação manualmente.Os cibercriminosos utilizavam nomes falsos como desenvolvedores – "Thomas Mary", no caso do Square Photo Blur, por exemplo – quase sempre nomes comuns em inglês, criados aleatoriamente. Mas os comentários negativos na avaliação dos usuários da própria Google Play já entregam que há algo de errado.  Confira a lista completa de apps banidos da Google Play Store:Auto Picture CutColor Call FlashSquare Photo Blur v2.0.5Square Photo Blur v7.0Magic Call FlashEasy BlurImage BlurAuto Photo BlurPhoto BlurPhoto Blur MasterSuper Call ScreenSquare Blur MasterThe Square BlurSquare Blur PhotoSmart Photo BlurSuper Call FlashSmart Call FlashBlur Photo EditorBlur ImageSuper BlurSquare Image BlurSuper Blur PhotoSuper Photo BlurPhoto Blur EditorPro Blur PhotoAuto Photo CutSmart Call Screentest.com.flash.call.flashcall.coolcom.auto.photo.editor.background.eraser.toolVia: Gizchina

from Olhar Digital :: Segurança https://ift.tt/2Dlz6zR

Adobe Releases Security Updated for Magento

Original release date: July 29, 2020

Adobe has released security updates to address vulnerabilities in Magento Commerce 2 (formerly known as Magento Enterprise Edition) and Magento Open Source 2 (formerly known as Magento Community Edition). An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-47 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/331q2v0

Mozilla Releases Security Updates for Multiple Products

Original release date: July 29, 2020

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Mozilla Security Advisories and apply the necessary updates:

• Firefox 79
• Firefox ESR 68.11
• Firefox ESR 78.1
• Thunderbird 78.1

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/2DfTDWM

Is Your Security Vendor Forcing You To Move to the Cloud? You Don't Have To!

Many endpoint security vendors are beginning to offer their applications only in the cloud, sunsetting their on-premise offerings. This approach may be beneficial to the vendor, but many clients continue to need on-premise solutions. Vendors that sunset on-premise solutions force clients that prefer on-premise solutions to either change their operating environment and approach or change

from The Hacker News https://ift.tt/3k1gAhk

Vazamentos de dados podem custar bilhões a uma empresa, diz IBM

Vazamentos de dados de empresas e serviços estão, infelizmente, se tornando cada vez mais comuns. Além dos danos à imagem da empresa, eles também têm um custo monetário, calculado pela IBM em uma nova versão de seu relatório "Cost of a Data Breach" (O custo de um vazamento de dados).Segundo o documento, o custo "médio" de um vazamento é de US$ 3,86 milhões (cerca de R$ 20 milhões). Esse valor caiu 1,5% em relação a 2019, mas remediar um "mega" vazamento envolvendo os dados de mais de 50 milhões de consumidores pode custar até US$ 392 milhões (mais de R$ 2 bilhões), um aumento de pouco mais de 1% em relação ao ano passado.O custo por registro de usuário envolvido em roubo ou vazamento de dados pode chegar a US$ 175 (R$ 904). O estudo foi realizado pelo Instituto Ponemon, com base em entrevistas com 3.200 profissionais de segurança que trabalham em empresas que sofreram um vazamento de dados no último ano.O comprometimento de contas de funcionários é atualmente um dos fatores mais caros nos vazamentos de dados, elevando o custo médio de um incidente para US$ 4,77 milhões (R$ 24,6 milhões). Quando contas internas são envolvidas, 80% dos incidentes resultam na exposição de registros e dados de usuários.Segundo a IBM, contas comprometidas foram usadas como ponto de entrada para os criminosos em um de cada cinco vazamentos, o que levou à exposição de 8,5 bilhões de registros de usuários apenas em 2019. A má configuração de serviços na nuvem foi responsável por quase 20% das invasões a redes.A exploração de vulnerabilidades de terceiros, como ataques "dia zero" ou falhas de segurança não corrigidas, também é um fator custoso em vazamentos. Uma empresa afetada por tais vulnerabilidades pode esperar pagar US$ 4,5 milhões em média.Segundo a IBM, inteligência artificial, aprendizado de máquina e automação podem ser ferramentas valiosas para reagir a vazamentos de dados, reduzindo o tempo de resposta a um incidente em até 27%."Numa época em que as empresas estão expandindo sua presença digital em um ritmo acelerado e a falta de talento na indústria de segurança persiste, as equipes estão sobrecarregadas protegendo mais dispositivos, sistemas e dados", diz Wendi Whitmore, vice-presidente da IBM X-Force Threat Intelligence."Quando se trata da capacidade das empresas de mitigar o impacto de um vazamento de dados, estamos começando a ver uma clara vantagem das empresas que investiram em tecnologias automatizadas", afirmaFonte: ZDNet

from Olhar Digital :: Segurança https://ift.tt/3f74qzP

How to Spot—and Avoid—Dark Patterns on the Web

You've seen them before: the UX ploys designed to trick you into spending money, or make it nearly impossible to unsubscribe. Here's what to look out for.

from Security Latest https://ift.tt/3098dbp

Industrial VPN Flaws Could Let Attackers Target Critical Infrastructures

Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology (OT) networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems (ICS). A new report published by industrial cybersecurity company Claroty demonstrates multiple severe

from The Hacker News https://ift.tt/3jPuXF7

OkCupid Dating App Flaws Could've Let Hackers Read Your Private Messages

Cybersecurity researchers today disclosed several security issues in popular online dating platform OkCupid that could potentially let attackers remotely spy on users' private information or perform malicious actions on behalf of the targeted accounts. According to a report shared with The Hacker News, researchers from Check Point found that the flaws in OkCupid's Android and web applications

from The Hacker News https://ift.tt/2X4fNSY

PS4: atualização 8.0 vai permitir suporte a aplicativos de autenticação em dois fatores

A nova atualização 8.0 do Playstation 4 ainda não saiu, mas os usuários convidados pela Sony que estão testando a versão beta informaram sobre outra novidade: o PS4 vai suportar aplicativos de autenticação de dois fatores, tanto da App Store quanto da Google Play.De acordo com um resumo dos recursos da nova atualização publicado no fórum de games ResetEra, após inserir seu ID e senha de login no PS4, você poderá concluir o processo de entrada permitindo o acesso do aplicativo. A nota, no entanto, não sugere um app específico e a Sony não garante a funcionalidade dos aplicativos autenticadores. login-3938432_1920.jpgUtilizado em contas dos mais diversos aplicativos, a autenticação de dois fatores pode prevenir que atacantes invadam a sua conta. Foto: Pixabay A notícia indica mais uma das tentativas de proteção à conta do usuário, em meio a tantas invasões de cibercriminosos — e pelos mais diferentes tipos de dispositivos móveis. A Sony já conta com a verificação de dois fatores para a PlayStation Network, mas os códigos são enviados apenas por mensagem de texto (SMS). Confira outras novidades descobertas. Parties e mensagensAo começar uma party (conversa de voz com amigos ou jogadores), você poderá criar um novo grupo ou selecionar um existente. Os históricos ficarão guardados para que você possa entrar em contato com os mesmos membros posteriormente;As mensagens foram adicionadas à tela durante uma party e você poderá visualizar o histórico de conversa do grupo;As configurações públicas e privadas das parties foram excluídas. Agora, somente membros do grupo poderão entrar na ligação;Você poderá alterar as configurações da party no menu de opções. Para gerenciar as configurações de conexão, selecione 'Conexão de bate-papo por voz da party';As pessoas poderão ver quando o microfone de alguém estiver mudo;Você poderá participar de parties, mesmo que haja membros que você bloqueou. Contudo, vocês não se ouvirão e o status do 'Share Plays' não serão exibidos. O membro também não será avisado que você o bloqueou;Sessões de 'Play Together' não poderão mais ser iniciadas durante uma party. Você terá de iniciar uma sessão dentro do jogo para jogar o modo multiplayer. Controle dos paisA 'comunicação com outros jogadores' e a 'exibição de conteúdo criado por outros jogadores' foram combinados e se tornaram 'conteúdos gerados por usuários e por comunicação'.ComunidadeVocê não poderá criar parties da área da Comunidade. Será necessário a criação de um grupo em uma party;Novos eventos não poderão mais ser criados. Eventos anteriores à atualização não serão afetados;Alguns recursos tiveram conteúdo exibido alterado.Outros recursosO comando para silenciar todos os microfones foi adicionado ao menu rápido. Via: Destructoid

from Olhar Digital :: Segurança https://ift.tt/3jJxrF4

Ransomware is Still a Blight on Business

Ransomware is Still a Blight on Business

Trends come and go with alarming regularity in cybersecurity. Yet a persistent menace over the past few years has been ransomware. Now mainly targeting organizations rather than consumers, and with increasingly sophisticated tools and tactics at their disposal, the cybercriminals behind these campaigns have been turning up the heat during the COVID-19 pandemic. That’s why we need industry partnerships like No More Ransom.

Celebrating its fourth anniversary this week, the initiative has helped over four million victims fight the scourge of ransomware, saving hundreds of millions of dollars in the process. At Trend Micro, we’re proud to have played a major part, helping to decrypt over 77 million files for victims.

Not going anywhere

Ransomware has been with us for years, but only really hit the mainstream after the global WannaCry and NotPetya incidents of 2017. Unfortunately, that was just the start. Today, no sector is safe. We saw attacks rage across US municipalities, school districts and hospitals in 2019. Most recently, a major outage at a connected technology giant impacted everything from consumer fitness trackers to on-board flight systems.

Such attacks can hit victim organizations hard. There are serious reputational and financial repercussions from major service outages, and the stakes have been raised even further as attackers now often steal data before encrypting victims’ files. A recent incident at a US cloud computing provider has led to data compromise at over 20 universities and charities in the UK and North America, for example. A separate ransomware attack on a managed service provider earlier this year may cost it up to $70m.

The bad guys have shown no sign of slowing down during the pandemic — quite the reverse. Even as hospitals have been battling to save the lives of patients battling COVID-19, they’ve been targeted by ransomware designed to lock mission-critical systems.

No More Ransom

That’s why we need to celebrate public-private partnerships like No More Ransom, which provides helpful advice for victims and a free decryption tool repository. Over the past four years it has helped 4.2 million visitors from 188 countries, preventing an estimated $632 million in ransom demands finding its way into the pockets of cyber-criminals.

At Trend Micro, we’re proud to have been an associate partner from the very start, contributing our own decryption tools to the scores available today to unlock 140 separate ransomware types. Since the start of No More Ransom, Trend Micro tools have been downloaded nearly half a million times, helping over 50,000 victims globally to decrypt more than 77 million files. We simply can’t put a price on this kind of intervention.

https://www.europol.europa.eu/publications-documents/infographic-4th-anniversary-no-more-ransom 

Yet while the initiative is a vital response to the continued threat posed by ransomware, it is not all we can do. To truly beat this menace, we need to educate organizations all over the planet to improve their resilience to such malware threats. That means taking simple steps such as:

	Backing up regularly, according to best practice 3-2-1 policy Installing effective AV from a trusted vendor, featuring behavior monitoring, app whitelisting and web reputation Training staff how to better spot phishing attacks Ensuring software and systems are always on the latest version Protecting the enterprise across endpoint, hybrid cloud, network and email/web gateways

I’m also speaking on a panel today hosted by the U.S. Chamber of Commerce on NotPetya and general ransomware attack trends related to the pandemic. Join us to learn more about ransomware from law enforcement agencies, policy makers and businesses.

If your organization has been impacted by ransomware, check the resources available on https://www.nomoreransom.org/ for advice and access to the free decryption tool repository.

The post Ransomware is Still a Blight on Business appeared first on .

from Trend Micro Simply Security https://ift.tt/306cXhU

Google Releases Security Updates for Chrome

Original release date: July 28, 2020

Google has released Chrome version 84.0.4147.105 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

 

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/3f82vLp

Undetectable Linux Malware Targeting Docker Servers With Exposed APIs

Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud. Docker is a popular platform-as-a-service (PaaS) solution for Linux and Windows designed to make it easier for developers to

from The Hacker News https://ift.tt/3jQ9Pyz

Invasores usam backdoor para manter acesso a site hackeado

O raio parece ter caído duas vezes no mesmo lugar para a plataforma open source de comércio eletrônico Magento. Mesmo após uma "limpeza" no sistema, que bloqueou o acesso de hackers que haviam invadido recentemente o seu servidor, a empresa voltou a sofrer novos ataques cibernéticos. Desta vez, os atacantes utilizaram um backdoor (uma porta de acesso - não autorizada - ao sistema) em um script. Composto por 92 linhas, o script escondia um backdoor - recurso capaz de realizar comandos não-autorizados em servidores — que enviava uma solicitação de novo usuário ao sistema. Os comandos eram simples como "definir e-mail " e "definir novo usuário".Com isso, uma nova conta com status de administrador era criada. Ou seja, hackers que haviam sido banidos não só conseguiam retomar o acesso ao servidor, mas também ganhavam controles irrestritos ao sistema. O script também dificultava a localização do invasor, uma vez que a nova conta de administrador criada podia ser ocultada da lista de gerenciadores do site.Krasimir Konov, analista de malware da Sucuri, foi o responsável pela descoberta do script. Segundo ele, apesar de ser uma cópia de códigos vistos em casos mais antigos, o script continua sendo efetivo. "Esses scripts são igualmente eficazes, com poucas modificações necessárias para trabalhar nas versões mais recentes do Magento”, disse Konov.script01e43f5e5aecdab3.jpgSegundo Konov, script era similiar a códigos datados de 2012 à 2014. Foto: Unsplash PreocupaçãoO analista diz não ter certeza de como os hackers conseguiram instalar o script no servidor já "limpo" recentemente. A suspeita é que a invasão tenha sido feita pela versão Magento 1.9.4.2, caracterizada por apresentar muitas vulnerabilidades.Konov alerta ainda que se o backdoor não seja removido adequadamente do sistema, os casos voltarão a aparecer e mais invasores terão acessos irrestritos ao servidor. Via: Ars Technica

from Olhar Digital :: Segurança https://ift.tt/332J5F6

Funcionário é quase enganado por áudio deepfake de suposto CEO; ouça

Os criminosos virtuais estão aprimorando o uso de inteligência artificial para maior eficácia em seus golpes baseados em deepfake — técnica baseada em inteligência artificial que utiliza imagens ou sons humanos para produzir vídeos realistas. Desta vez, uma empresa que não quis se identificar por questões de segurança quase se tornou vítima após receber um suposto áudio do CEO da companhia, não fosse a desconfiança de um colaborador e uma perícia indicando a falsidade da mensagem de voz.A história começou em junho, quando um dos funcionários da empresa recebeu uma mensagem de voz, cuja gravação alegava ser do CEO da companhia. O áudio solicitava "assistência imediata para finalizar um negócio urgente". Desconfiado, ele contatou a companhia, que rapidamente acionou a Nisos, uma empresa de consultoria de segurança. Após a perícia, constatou-se que se tratava de um áudio sintético. Dev Badlu, pesquisador da Nisos, apontou que haviam muitos picos e quedas no áudio, algo incomum em conversas regulares. "Parece que eles basicamente pegaram cada palavra, cortaram e colaram novamente", conta Badlu.Ouça o áudio abaixo. Jason Koebler · audio deepfakeO especialista também analisou que, ao reduzir a voz sintética, o som ambiente era "absurdamente silencioso" e não apresentava nenhum ruído, o que representa sinais claros de falsificação.Outro pesquisador da Nisos, Rob Volkert, acredita que os criminosos estavam testando a tecnologia para observar a reação tomada pelos funcionários. Em tese, era apenas o primeiro passo para uma operação muito mais complexa que poderia acarretar em danos desastrosos.No final de 2019, uma empresa alemã havia sido vítima de um áudio deepfake imitando a voz do CEO. Estima-se que a companhia teve um prejuízo de € 220 mil (aproximadamente R$ 1,3 milhões).Deepfakes em ascençãoNo começo do ano, a Securisoft, empresa especializada em segurança cibernética, já havia previsto o aumento de casos deepfake por conta do barateamento progressivo de machine learning e do amadurecimento do outsourcing de elementos criminosos.O diretor da Securitsoft, Eduardo D'Antona, afirma que o Brasil tem um grande potencial para a disseminação da prática. "[O Brasil] é um dos países em que mais se aplica a fusão dos diversos canais digitais com o uso intensivo de engenharia social fortalecida com a automação robótica. Para aderir ao deepfake é apenas questão de um passo adiante", alerta D'Antona. Via: Vice 

from Olhar Digital :: Segurança https://ift.tt/303LsFP

QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices

Cybersecurity agencies in the US and UK yesterday issued a joint advisory about a massive ongoing malware threat infecting Taiwanese company QNAP's network-attached storage (NAS) appliances. Called QSnatch (or Derek), the data-stealing malware is said to have compromised 62,000 devices since reports emerged last October, with a high degree of infection in Western Europe and North America. "

from The Hacker News https://ift.tt/3jTf3tJ

Golpista é desmascarado em tentativa de ataque no WhatsApp

Uma tentativa de golpe por Whatsapp viralizou na internet. A ligação foi gravada e o golpista não só confirmou o esquema como admitiu que o método pode garantir um bom dinheiro.O bandido tentava se passar por funcionário de uma plataforma de vendas. Por sorte, a potencial vítima já conhecia o golpe. Ao ouvir o protocolo da fraude, ela pergunta se muitos caem no esquema. Segundo o criminoso, de 50 ligações feitas por dia, 39 são bem-sucedidas. E o golpista ainda diz que o método pode garantir 20 mil reais em duas semanas.Para dar início ao crime, o criminoso precisa do número de celular da vítima. Geralmente, ele aborda usuários de sites de anúncios, como Mercado Livre, OLX e outros. Com o número do telefone em mãos, o golpista entra em contato com a vítima e se passa por um funcionário do site. Ele informa que há um problema no cadastro e que, para prosseguir, vai enviar um código de confirmação via SMS.Em seguida, o criminoso pede que a vítima informe os dígitos recebidos. Se o código for informado, o criminoso clona o WhatsApp da vítima e passa a enviar mensagens para sua lista de contatos solicitando dinheiro. Quer saber mais sobre esse golpe? Acesse nosso portal, www.olhardigital.com.br.

from Olhar Digital :: Segurança https://ift.tt/3g8fspD

A Cyberattack on Garmin Disrupted More Than Workouts

A ransomware hit and subsequent outage caused problems in the company's aviation services, including flight planning and mapping.

from Security Latest https://ift.tt/2X5ivaO

Garmin confirma ataque cibernético, mas nega roubo de dados

A Garmin confirmou nesta segunda-feira (27) que foi vítima de um ataque cibernético que criptografou seus sistemas no último dia 23. Como resultado, muitos dos serviços online foram interrompidos. De acordo com a empresa, porém, não há indicações "de que quaisquer dados de clientes, incluindo informações de pagamento da Garmin Pay, foram acessados, perdidos ou roubados".Essa foi a primeira vez que a fabricante de smartwatches e dispositivos inteligentes falou abertamente sobre o caso - após uma tentativa frustrada de camuflar o acontecimento sob alegação de uma manutenção no sistema. Segundo informações obtidas pela BleepingComputer, o resgate para descriptografar os sistemas teria custado US$ 10 milhões à companhia."Os sistemas afetados estão sendo restaurados e esperamos retornar à operação normal nos próximos dias. Não esperamos nenhum impacto material em nossas operações ou resultados financeiros devido a essa interrupção", afirma a Garmin no comunicado oficial, sem mencionar se um resgate foi oferecido ou não aos cibercriminosos. A empresa alerta que ocorrerão alguns atrasos "à medida que o registro de informações está sendo processado".Nesta segunda-feira, muitos clientes reportaram que os serviços pareciam estar voltando ao normal gradualmente. Alguns usuários no Twitter também relataram que o aplicativo da empresa começou a dar sinal de vida ao enviar notificações ou mostrar algumas estatísticas de treinos.O problema também afetou pilotos que desejavam baixar planos de voo para sistemas de navegação aérea, além das tecnologias de satélite inReach (Ativação e cobrança de serviços) e Garmin Explore (site Explore e sinal do aplicativo 'Explore'), essas utilizadas para compartilhamento de localização, navegação GPS, logística e rastreamento por meio de satélites Iridium.O ataque sofrido pela Garmin foi comandado pelo "Dridex", um grupo de cibercriminosos russos que está ativo desde 2007. Os hackers usaram um ransomware, um software malicioso capaz de infectar um computador e sequestrar todos os dados contidos nele. A descriptografia dos arquivos da empresa não é feita até a vítima do ataque realizar o pagamento exigido.E-mails com links falsos, mensagens instantâneas e até sites são os principais meios de infecção. Outra possibilidade – e que pode ter acontecido no caso da Garmin – é a exploração de vulnerabilidades presentes em sistemas sem o devido cuidado com atualizações.Especialistas recomendam que as pessoas mantenham o sistema operacional e os programas instalados sempre atualizados e com um antivírus ativo, além de realizar varreduras constantes. Mas, acima de tudo, deve-se ter um cuidado extra com qualquer link ou arquivo recebido.

from Olhar Digital :: Segurança https://ift.tt/2P08VkZ

Vulnerability Summary for the Week of July 20, 2020

Original release date: July 27, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- creative_cloud_desktop	Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.	2020-07-17	7.5	CVE-2020-9671 CONFIRM
adobe -- creative_cloud_desktop	Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write.	2020-07-17	10	CVE-2020-9682 CONFIRM
adobe -- creative_cloud_desktop	Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation.	2020-07-17	7.5	CVE-2020-9670 CONFIRM
adobe -- creative_cloud_desktop	Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. Successful exploitation could lead to privilege escalation.	2020-07-17	7.5	CVE-2020-9669 CONFIRM
adobe -- download_manager	Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-07-17	9.3	CVE-2020-9688 CONFIRM
adobe -- magento	Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-07-22	7.5	CVE-2020-9664 CONFIRM
apache -- airflow	An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.	2020-07-17	7.5	CVE-2020-11982 MISC
apache -- airflow	An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.	2020-07-17	7.5	CVE-2020-11981 MISC
blysoft --eyesurfer_bflyinstallerx.ocx	EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it.	2020-07-17	7.5	CVE-2020-7826 CONFIRM
d-link -- dir-816l_devices	An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.	2020-07-22	7.5	CVE-2020-15893 MISC MISC
google -- android	There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156337262	2020-07-17	7.5	CVE-2020-0230 CONFIRM
google -- android	In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546668	2020-07-17	10	CVE-2020-0225 CONFIRM
google -- android	There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156333727	2020-07-17	7.5	CVE-2020-0231 CONFIRM
google -- android	In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. This could lead to remote code execution when processing a proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147664838	2020-07-17	10	CVE-2020-0224 CONFIRM
google -- android	In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150226994	2020-07-17	7.2	CVE-2020-0226 CONFIRM
google -- android	In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147247775	2020-07-17	7.2	CVE-2020-0122 CONFIRM
google -- android	In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-129476618	2020-07-17	7.2	CVE-2020-0227 CONFIRM
google -- chrome	Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.	2020-07-22	9.3	CVE-2020-6513 SUSE MISC MISC GENTOO
google -- chrome	Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-07-22	9.3	CVE-2020-6515 SUSE MISC MISC GENTOO
google -- chrome	Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.	2020-07-22	9.3	CVE-2020-6518 SUSE MISC MISC GENTOO
google -- chrome	Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-07-22	9.3	CVE-2020-6524 SUSE MISC MISC GENTOO
google -- chrome	Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-07-22	9.3	CVE-2020-6520 SUSE MISC MISC GENTOO
grandstream -- gwn7000_series_devices	Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.	2020-07-17	9	CVE-2020-5756 https://www.tenable.com/cve/CVE-2020-5756 CONFIRM
grandstream -- ucm6200_series_devices	Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.	2020-07-17	10	CVE-2020-5759 https://www.tenable.com/cve/CVE-2020-5759 CONFIRM
grandstream -- ucm6200_series_devices	Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API.	2020-07-17	10	CVE-2020-5757 https://www.tenable.com/cve/CVE-2020-5757 CONFIRM
grandstream -- ucm6200_series_devices	Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.	2020-07-17	9	CVE-2020-5758 https://www.tenable.com/cve/CVE-2020-5758 CONFIRM
hp -- nagios-plugins-hpilo	HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability.	2020-07-17	7.5	CVE-2020-7206 CONFIRM
ibm -- verify_gateway	IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266.	2020-07-22	7.5	CVE-2020-4385 XF CONFIRM
ibm -- websphere_application_server	IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489.	2020-07-17	9	CVE-2020-4464 XF CONFIRM MISC
juniper_networks -- srx_series_devices	On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) Continued processing of this malformed HTTP message may result in an extended Denial of Service (DoS) condition. The offending HTTP message that causes this issue may originate both from the HTTP server or the HTTP client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 versions prior to 18.1R3-S9 ; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.	2020-07-17	7.5	CVE-2020-1654 CONFIRM
kramdown_gem_for_ruby_on_rails -- kramdown_gem_for_ruby_on_rails	The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.	2020-07-17	7.5	CVE-2020-14001 MISC CONFIRM CONFIRM MISC CONFIRM MISC
lua -- lua	Lua through 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.	2020-07-21	7.5	CVE-2020-15889 MISC MISC
lua -- lua	Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.	2020-07-21	7.5	CVE-2020-15888 MISC MISC MISC MISC MISC MISC
mruby -- mruby	mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.	2020-07-21	7.5	CVE-2020-15866 MISC
openclinic_ga -- openclinic_ga	OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries.	2020-07-20	7.5	CVE-2020-14485 MISC
pritunl -- pritunl-client	A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation.	2020-07-21	7.5	CVE-2016-7063 MISC MISC MISC
python -- python	In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.	2020-07-17	7.5	CVE-2020-15801 MISC MISC
rollup-plugin-serve -- rollup-plugin-serve	This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation.	2020-07-17	7.5	CVE-2020-7684 MISC MISC
tobesoft -- miplatform	A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll module of MiPlatform.	2020-07-17	10	CVE-2020-7825 CONFIRM
zte -- multiple_products	The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>	2020-07-20	7.5	CVE-2020-6871 MISC

Back to top

 

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
360 -- total_security	In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.	2020-07-21	6.9	CVE-2020-15723 MISC
360 -- total_security	In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system.	2020-07-21	6.9	CVE-2020-15722 MISC
360 -- total_security	In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.	2020-07-21	6.9	CVE-2020-15724 MISC
3s_smart_software_solutions -- codesys_control	CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.	2020-07-22	5	CVE-2020-15806 CONFIRM MISC MISC
adobe -- bridge	Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-07-22	6.8	CVE-2020-9676 CONFIRM
adobe -- bridge	Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-07-22	6.8	CVE-2020-9675 CONFIRM
adobe -- bridge	Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-07-22	6.8	CVE-2020-9674 CONFIRM
adobe -- coldfusion_2016_and_2018	Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.	2020-07-17	4.4	CVE-2020-9673 CONFIRM
adobe -- coldfusion_2016_and_2018	Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.	2020-07-17	4.4	CVE-2020-9672 CONFIRM
adobe -- media_encoder	Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-07-17	6.8	CVE-2020-9650 CONFIRM MISC
adobe -- media_encoder	Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-07-17	6.8	CVE-2020-9646 CONFIRM MISC
adobe -- photoshop_cc_and_2020	Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .	2020-07-22	6.8	CVE-2020-9685 CONFIRM
adobe -- photoshop_cc_and_2020	Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .	2020-07-22	6.8	CVE-2020-9684 CONFIRM
adobe -- photoshop_cc_and_2020	Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-07-22	6.8	CVE-2020-9683 CONFIRM
adobe -- photoshop_cc_and_2020	Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .	2020-07-22	6.8	CVE-2020-9687 CONFIRM
adobe -- prelude	Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .	2020-07-22	6.8	CVE-2020-9678 CONFIRM
adobe -- prelude	Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-07-22	6.8	CVE-2020-9677 CONFIRM
adobe -- prelude	Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .	2020-07-22	6.8	CVE-2020-9680 CONFIRM
adobe -- reader_mobile	Adobe Reader Mobile versions 20.0.1 and earlier have a directory traversal vulnerability. Successful exploitation could lead to information disclosure.	2020-07-22	5	CVE-2020-9663 CONFIRM
amd -- radeon_directx_11_driver	An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly).	2020-07-20	6.5	CVE-2020-6103 MISC
amd -- radeon_directx_11_driver	An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly).	2020-07-20	6.5	CVE-2020-6102 MISC MISC
amd -- radeon_directx_11_driver	An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly).	2020-07-20	6.5	CVE-2020-6101 MISC
amd -- radeon_directx_11_driver	An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. A specially crafted pixel shader can cause memory corruption vulnerability. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability potentially could be triggered from guest machines running virtualization environments (ie. VMware, qemu, VirtualBox etc.) in order to perform guest-to-host escape - as it was demonstrated before (TALOS-2018-0533, TALOS-2018-0568, etc.). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). This vulnerability was triggered from HYPER-V guest using RemoteFX feature leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process).	2020-07-20	6.5	CVE-2020-6100 MISC
apache -- activemq_artemis	In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section.	2020-07-20	4.3	CVE-2020-13932 MISC MLIST
apache -- airflow	An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.	2020-07-17	4.3	CVE-2020-9485 MISC
apache -- airflow	An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.	2020-07-17	6.5	CVE-2020-11978 MISC
apache -- magento	Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.	2020-07-22	4.3	CVE-2020-9665 CONFIRM
apache -- media_encoder	Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.	2020-07-17	4.3	CVE-2020-9649 CONFIRM MISC
apache -- photoshop_cc_2019_and_2020	Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-07-22	4.3	CVE-2020-9686 CONFIRM
apache -- prelude	Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.	2020-07-22	4.3	CVE-2020-9679 CONFIRM
artica -- proxy_community_edition	An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields.	2020-07-20	5	CVE-2020-15052 MISC
artica -- proxy_community_edition	An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects.	2020-07-20	4.3	CVE-2020-15053 MISC
bitwarden -- bitwarden_server	Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16).	2020-07-21	5	CVE-2020-15879 MISC
canvas -- canvas	A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image.	2020-07-20	6.8	CVE-2020-8215 MISC
cisco -- adaptive_security_appliance_and_firepower_threat_defense_software	A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.	2020-07-22	5	CVE-2020-3452 CISCO
clamav -- clamav	A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.	2020-07-20	5	CVE-2020-3481 CISCO GENTOO
d-link -- dir-816l_devices	An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.	2020-07-22	4.3	CVE-2020-15895 MISC MISC
d-link -- dir-816l_devices	An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.	2020-07-22	5	CVE-2020-15894 MISC MISC
d-link -- dsl-7740c_devices	D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command.	2020-07-22	4.6	CVE-2020-12774 MISC
datools -- daviewindy	DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.	2020-07-17	6.8	CVE-2020-7818 MISC CONFIRM
docsify -- docsify	docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page.	2020-07-20	4.3	CVE-2020-7680 MISC MISC MISC MISC
glpi -- glpi	In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1.	2020-07-17	4	CVE-2020-15108 MISC MISC CONFIRM
gnome -- evolution-data-server	evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."	2020-07-17	4.3	CVE-2020-14928 CONFIRM CONFIRM CONFIRM MISC CONFIRM CONFIRM CONFIRM DEBIAN
gnu -- libredwg	GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.	2020-07-17	4.3	CVE-2020-15807 MISC MISC MISC
golang -- go	Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.	2020-07-17	4.3	CVE-2020-15586 SUSE MISC CONFIRM CONFIRM
golang -- go	In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.	2020-07-17	5	CVE-2020-14039 SUSE MISC CONFIRM
google -- android	In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744	2020-07-17	4.4	CVE-2020-0305 CONFIRM
google -- android	There is an improper configuration of recorder related service. Product: AndroidVersions: Android SoCAndroid ID: A-156333723	2020-07-17	5	CVE-2020-0228 CONFIRM
google -- android	In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-149995442	2020-07-17	4.6	CVE-2020-0120 CONFIRM
google -- chrome	Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.	2020-07-22	6.8	CVE-2020-6505 MISC MISC GENTOO
google -- chrome	Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA.	2020-07-22	4.3	CVE-2020-6536 SUSE MISC MISC GENTOO
google -- chrome	Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.	2020-07-22	4.3	CVE-2020-6521 SUSE MISC MISC GENTOO
google -- chrome	Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page.	2020-07-22	4.3	CVE-2020-6529 SUSE MISC MISC GENTOO
google -- chrome	Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.	2020-07-22	6.8	CVE-2020-6509 MISC MISC GENTOO
google -- chrome	Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.	2020-07-22	4.3	CVE-2020-6527 SUSE MISC MISC GENTOO
google -- chrome	Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.	2020-07-22	4.3	CVE-2020-6526 SUSE MISC MISC GENTOO
google -- chrome	Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.	2020-07-22	4.3	CVE-2020-6531 SUSE MISC MISC GENTOO
google -- chrome	Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-07-22	6.8	CVE-2020-6525 SUSE MISC MISC GENTOO
google -- chrome	Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-07-22	6.8	CVE-2020-6507 MISC MISC GENTOO
google -- chrome	Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.	2020-07-22	4.3	CVE-2020-6528 SUSE MISC MISC GENTOO
google -- chrome	Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.	2020-07-22	4.3	CVE-2020-6516 SUSE MISC MISC GENTOO
google -- chrome	Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-07-22	6.8	CVE-2020-6510 SUSE MISC MISC GENTOO
google -- chrome	Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.	2020-07-22	4.3	CVE-2020-6519 SUSE MISC MISC GENTOO
graylog -- graylog	Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code (in all versions that support LDAP) does not implement proper certificate validation (regardless of whether the "Allow self-signed certificates" option is used). Therefore, any attacker with the ability to intercept network traffic between a Graylog server and an LDAP server is able to redirect traffic to a different LDAP server (unnoticed by the Graylog server due to the lack of certificate validation), effectively bypassing Graylog's authentication mechanism.	2020-07-17	6.8	CVE-2020-15813 MISC
grundfos_pumps_corporation -- cim_500_devices	Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files.	2020-07-17	5	CVE-2020-10605 CONFIRM
hcl -- marketing_operations	Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to confidential information.	2020-07-20	5.5	CVE-2020-4125 MISC
hp -- mse_msg_gw_application_e-ltu	HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the HPE MSE Messaging Gateway Configuration and Operations Guide.	2020-07-17	5.4	CVE-2019-12000 CONFIRM
huawei -- honor_10_smartphones	Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E178R1P4) have a denial of service vulnerability. Certain service in the system does not sufficiently validate certain parameter which is received, the attacker should trick the user into installing a malicious application, successful exploit could cause a denial of service condition.	2020-07-17	4.3	CVE-2020-9255 CONFIRM
huawei -- honor_v30_smartphones	Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00E210R5P1) have an improper authentication vulnerability. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious application and control the bottom level, successful exploit could cause information disclosure.	2020-07-17	4.3	CVE-2020-9259 CONFIRM
huawei -- mate_30_smartphones	Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C00E136R5P3) have an improper authorization vulnerability. The system does not properly restrict the use of system service by applications, the attacker should trick the user into installing a malicious application, successful exploit could cause a denial of audio service.	2020-07-18	4.3	CVE-2020-9256 CONFIRM
huawei -- moana-al00b_smartphones	Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions.	2020-07-17	4.3	CVE-2020-9227 CONFIRM
huawei -- p30_pro_smartphones	HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a logic check error vulnerability. A logic error occurs when the software checking the size of certain parameter, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution.	2020-07-17	6.8	CVE-2020-9254 CONFIRM
huawei -- p30_pro_smartphones	HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution.	2020-07-17	6.8	CVE-2020-9257 CONFIRM
ibm -- mq_for_hpe_nonstop	IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563.	2020-07-20	4	CVE-2020-4466 XF CONFIRM
ibm -- planning_analytics	IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766.	2020-07-20	4	CVE-2020-4361 XF CONFIRM
ibm -- planning_analytics	IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631.	2020-07-20	4.3	CVE-2020-4527 XF CONFIRM
ibm -- verify_gateway	IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478.	2020-07-22	5	CVE-2020-4400 XF CONFIRM
ibm -- verify_gateway	IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428.	2020-07-22	4.3	CVE-2020-4397 XF CONFIRM
ibm -- verify_gateway	IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476.	2020-07-22	4	CVE-2020-4399 XF CONFIRM
intranda -- goobi_viewer_core	In Goobi Viewer Core before version 4.8.3, a path traversal vulnerability allows for remote attackers to access files on the server via the application. This is limited to files accessible to the application server user, eg. tomcat, but can potentially lead to the disclosure of sensitive information. The vulnerability has been fixed in version 4.8.3	2020-07-22	4	CVE-2020-15124 MISC CONFIRM
jalios -- jcms	jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types parameter.	2020-07-17	4.3	CVE-2020-15497 MISC MISC MISC MISC
juniper_networks -- junos_os	An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. This framework requires these packets to be passed. By continuously sending any of these types of formatted genuine packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Authentication to the BGP peer is not required. This issue can be initiated or propagated through eBGP and iBGP and can impact devices in either modes of use as long as the devices are configured to support the compromised framework and a BGP path is activated or active. This issue affects: Juniper Networks Junos OS 16.1 versions 16.1R7-S6 and later versions prior to 16.1R7-S8; 17.3 versions 17.3R2-S5, 17.3R3-S6 and later versions prior to 17.3R3-S8; 17.4 versions 17.4R2-S7, 17.4R3 and later versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions 18.1R3-S7 and later versions prior to 18.1R3-S10; 18.2 versions 18.2R2-S6, 18.2R3-S2 and later versions prior to 18.2R2-S7, 18.2R3-S5; 18.2X75 versions 18.2X75-D12, 18.2X75-D32, 18.2X75-D33, 18.2X75-D51, 18.2X75-D60, 18.2X75-D411, 18.2X75-D420 and later versions prior to 18.2X75-D32, 18.2X75-D33, 18.2X75-D420, 18.2X75-D52, 18.2X75-D60, 18.2X75-D65, 18.2X75-D70;(*1) 18.3 versions 18.3R1-S6, 18.3R2-S3, 18.3R3 and later versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions 18.4R1-S5, 18.4R2-S4, 18.4R3 and later versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3(*2); 19.1 versions 19.1R1-S3, 19.1R2 and later versions prior to 19.1R1-S5, 19.1R2-S2, 19.1R3-S2; 19.2 versions 19.2R1-S2, 19.2R2 and later versions prior to 19.2R1-S5, 19.2R2, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S1, 20.1R2. This issue does not affect Junos OS prior to 16.1R1. This issue affects IPv4 and IPv6 traffic.	2020-07-17	5	CVE-2020-1640 MISC
juniper_networks -- junos_os	On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore). This issue can be trigged by IPv4 or IPv6 and it is caused only by TCP packets. This issue is not related to any specific configuration and it affects Junos OS releases starting from 17.4R1. However, this issue does not affect Junos OS releases prior to 18.2R1 when Nonstop active routing (NSR) is configured [edit routing-options nonstop-routing]. The number of mbufs is platform dependent. The following command provides the number of mbufs counter that are currently in use and maximum number of mbufs that can be allocated on a platform: user@host> show system buffers 2437/3143/5580 mbufs in use (current/cache/total) Once the device runs out of mbufs, the FPC crashes or the vmcore occurs and the device might become inaccessible requiring a manual restart. This issue affects Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S5; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D420.12, 18.2X75-D51, 18.2X75-D60, 18.2X75-D34; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Versions of Junos OS prior to 17.4R1 are unaffected by this vulnerability.	2020-07-17	5	CVE-2020-1653 CONFIRM
juniper_networks -- junos_os	When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. If the issue occurs, system core-dumps output will show a crash of mspmand process: root@device> show system core-dumps -rw-rw---- 1 nobody wheel 575685123 <Date> /var/tmp/pics/mspmand.core.<*>.gz This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R2.	2020-07-17	6.8	CVE-2020-1645 CONFIRM
juniper_networks -- junos_os_and_junos_os_evolved	On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.	2020-07-17	5	CVE-2020-1648 CONFIRM
juniper_networks -- junos_os_and_junos_os_evolved	On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. This issue affects both IBGP and EBGP multihop deployment in IPv4 or IPv6 network. This issue affects: Juniper Networks Junos OS: 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.2X75 versions prior to 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS Evolved: any releases prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R1.	2020-07-17	5	CVE-2020-1644 CONFIRM
juniper_networks -- junos_os_and_junos_os_evolved	On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected.	2020-07-17	4.3	CVE-2020-1646 CONFIRM
juniper_networks -- mx_series_devices	On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending these specific packets, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a prolonged Denial of Service. This issue affects MX Series devices using MS-PIC, MS-MIC or MS-MPC service cards with any service configured. This issue affects Juniper Networks Junos OS on MX Series: 17.2R2-S7; 17.3R3-S4, 17.3R3-S5; 17.4R2-S4 and the subsequent SRs (17.4R2-S5, 17.4R2-S6, etc.); 17.4R3; 18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.1R3-S6, 18.1R3-S7, 18.1R3-S8; 18.2R3, 18.2R3-S1, 18.2R3-S2; 18.3R2 and the SRs based on 18.3R2; 18.4R2 and the SRs based on 18.4R2; 19.1R1 and the SRs based on 19.1R1; 19.2R1 and the SRs based on 19.2R1; 19.3R1 and the SRs based on 19.3R1.	2020-07-17	5	CVE-2020-1650 CONFIRM
juniper_networks -- mx_series_devices	When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of large packets requiring fragmentation, generating the following error messages: [LOG: Err] MQSS(0): WO: Packet Error - Error Packets 1, Connection 29 [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[0:0]: HMCIF Rx: Injected checksum error detected on WO response - Chunk Address 0x0 [LOG: Err] MQSS(0): DRD: RORD1: CMD reorder ID error - Command 11, Reorder ID 1838, QID 0 [LOG: Err] MQSS(0): DRD: UNROLL0: HMC chunk length error in stage 5 - Chunk Address: 0x4321f3 [LOG: Err] MQSS(0): DRD: UNROLL0: HMC chunk address error in stage 5 - Chunk Address: 0x0 [LOG: Notice] Error: /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc), scope: pfe, category: functional, severity: major, module: MQSS(0), type: DRD_RORD_ENG_INT: CMD FSM State Error [LOG: Notice] Performing action cmalarm for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major [LOG: Notice] Performing action get-state for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major [LOG: Notice] Performing action disable-pfe for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major By continuously sending fragmented packets that cannot be reassembled, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 17.2 versions prior to 17.2R3-S4 on MX Series; 17.3 versions prior to 17.3R3-S8 on MX Series; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2 on MX Series; 18.1 versions prior to 18.1R3-S10 on MX Series; 18.2 versions prior to 18.2R3-S3 on MX Series; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D430, 18.2X75-D65 on MX Series; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1 on MX Series; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3 on MX Series; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3 on MX Series; 19.2 versions prior to 19.2R1-S4, 19.2R2 on MX Series; 19.3 versions prior to 19.3R2-S2, 19.3R3 on MX Series. This issue is specific to inline IP reassembly, introduced in Junos OS 17.2. Versions of Junos OS prior to 17.2 are unaffected by this vulnerability.	2020-07-17	5	CVE-2020-1655 CONFIRM MISC
juniper_networks -- mx_series_devices	When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of small fragments requiring reassembly, generating the following error messages: [LOG: Err] MQSS(2): WO: Packet Error - Error Packets 1, Connection 29 [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[2:0]: HMCIF Rx: Injected checksum error detected on WO response - Chunk Address 0x0 [LOG: Err] MQSS(2): DRD: RORD1: CMD reorder ID error - Command 11, Reorder ID 1960, QID 0 [LOG: Err] MQSS(2): DRD: UNROLL0: HMC chunk address error in stage 5 - Chunk Address: 0xc38fb1 [LOG: Notice] Error: /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc), scope: pfe, category: functional, severity: major, module: MQSS(2), type: DRD_RORD_ENG_INT: CMD FSM State Error [LOG: Notice] Performing action cmalarm for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major [LOG: Notice] Performing action get-state for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major [LOG: Notice] Performing action disable-pfe for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major By continuously sending fragmented packets that cannot be reassembled, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 17.2 versions prior to 17.2R3-S4 on MX Series; 17.3 versions prior to 17.3R3-S8 on MX Series; 17.4 versions prior to 17.4R2-S9, 17.4R3-S1 on MX Series; 18.1 versions prior to 18.1R3-S10 on MX Series; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3 on MX Series; 18.2X75 versions prior to 18.2X75-D34, 18.2X75-D41, 18.2X75-D53, 18.2X75-D65, 18.2X75-D430 on MX Series; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S2 on MX Series; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3 on MX Series; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on MX Series; 19.2 versions prior to 19.2R1-S3, 19.2R2 on MX Series; 19.3 versions prior to 19.3R2-S2, 19.3R3 on MX Series. This issue is specific to inline IP reassembly, introduced in Junos OS 17.2. Versions of Junos OS prior to 17.2 are unaffected by this vulnerability.	2020-07-17	5	CVE-2020-1649 CONFIRM MISC
juniper_networks -- srx_series_devices	On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message. Continued processing of this specific HTTP message may result in an extended Denial of Service (DoS). The offending HTTP message that causes this issue may originate both from the HTTP server or the client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.	2020-07-17	6.8	CVE-2020-1647 CONFIRM
jupyterhub-kubespawner -- jupyterhub-kubespawner	In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.	2020-07-17	5.5	CVE-2020-15110 CONFIRM CONFIRM
librenms -- librenms	An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.	2020-07-21	6.5	CVE-2020-15877 MISC MISC MISC MISC MISC MISC
librenms -- librenms	In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.	2020-07-21	4	CVE-2020-15873 MISC MISC MISC MISC MISC
liferay -- liferay_portal_and_liferay_dxp	Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.	2020-07-20	6.8	CVE-2020-15842 MISC MISC
liferay -- liferay_portal_and_liferay_dxp	Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature.	2020-07-20	4.3	CVE-2020-15841 MISC MISC
linux -- linux_kernel	An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.	2020-07-20	4.6	CVE-2020-15852 MLIST MISC MISC MISC
luajit -- luajit	LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.	2020-07-21	5	CVE-2020-15890 MISC
mida_solutions -- eframework	A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.	2020-07-24	4.3	CVE-2020-15919 MISC
openclinic_ga -- openclinic_ga	OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts.	2020-07-20	5	CVE-2020-14494 MISC
openclinic_ga -- openclinic_ga	OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks.	2020-07-20	5	CVE-2020-14484 MISC
openclinic_ga -- openclinic_ga	OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information.	2020-07-20	4	CVE-2020-14491 MISC
otrs -- open_ticket_request_system_and_open_ticket_request_system_community_edition	When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.	2020-07-20	4	CVE-2020-1776 CONFIRM
prestashop -- dashboard_productions	In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0.	2020-07-21	4	CVE-2020-15102 MISC CONFIRM
pritunl -- pritunl-client	A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage	2020-07-21	5	CVE-2016-7064 MISC MISC
react-native-fast-image -- react-native-fast-image	This affects all versions of package react-native-fast-image. When an image with source= is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to other servers.	2020-07-17	5	CVE-2020-7696 MISC MISC MISC
rockwell_automation -- factorytalk_view_se	In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.	2020-07-20	5.5	CVE-2020-12028 MISC MISC
rockwell_automation -- factorytalk_view_se	All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.	2020-07-20	4	CVE-2020-12027 MISC MISC
rockwell_automation -- factorytalk_view_se	All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.	2020-07-20	6.8	CVE-2020-12029 MISC MISC
rockwell_automation -- factorytalk_view_se	In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for arbitrary code execution. Rockwell Automation recommends applying patch 1126290. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.	2020-07-20	4.6	CVE-2020-12031 MISC MISC
sails.js -- sails.js	Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request.	2020-07-21	5	CVE-2018-21036 MLIST MISC MISC MISC
servey -- servey	A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file.	2020-07-20	5	CVE-2020-8214 MISC
sonicwall -- netextender_windows_client	SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier.	2020-07-17	4.6	CVE-2020-5131 CONFIRM
sonicwall -- sonicos	SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier.	2020-07-17	5	CVE-2020-5130 CONFIRM
uppy -- uppy	The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.	2020-07-20	5	CVE-2020-8205 MISC
vereign -- collabora_code	The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken.	2020-07-21	4.3	CVE-2020-12432 MISC MISC
western_digital -- wd_discovery	In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.	2020-07-17	6.5	CVE-2020-15816 MISC
woocommerce -- woocommerce	Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php.	2020-07-23	4.3	CVE-2019-18834 MISC MISC MISC
wordpress -- wordpress	A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the browser of visitors.	2020-07-21	4.3	CVE-2020-14063 MISC MISC
wordpress -- wordpress	Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link.	2020-07-17	4.3	CVE-2020-5767 CONFIRM
wordpress -- wordpress	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields.	2020-07-17	4	CVE-2020-5768 CONFIRM
zabbix -- zabbix	Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.	2020-07-17	4.3	CVE-2020-15803 MISC
zte -- multiple_products	The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100>.	2020-07-20	4.3	CVE-2020-6872 MISC

Back to top

 

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
apache -- airflow	An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.	2020-07-17	3.5	CVE-2020-11983 MISC
duo -- duoconnect	The DuoConnect client enables users to establish SSH connections to hosts protected by a DNG instance. When a user initiates an SSH connection to a DNG-protected host for the first time using DuoConnect, the user’s browser is opened to a login screen in order to complete authentication determined by the contents of the '-relay' argument. If the ‘-relay’ is set to a URL beginning with "http://", then the browser will initially attempt to load the URL over an insecure HTTP connection, before being immediately redirected to HTTPS (in addition to standard redirect mechanisms, the DNG uses HTTP Strict Transport Security headers to enforce this). After successfully authenticating to a DNG, DuoConnect stores an authentication token in a local system cache, so users do not have to complete this browser-based authentication workflow for every subsequent SSH connection. These tokens are valid for a configurable period of time, which defaults to 8 hours. If a user running DuoConnect already has a valid token, then instead of opening a web browser, DuoConnect directly contacts the DNG, again using the configured '-relay' value, and sends this token, as well as the intended SSH server hostname and port numbers. If the '-relay' argument begins with "http://", then this request will be sent over an insecure connection, and could be exposed to an attacker who is sniffing the traffic on the same network. The DNG authentication tokens that may be exposed during SSH relay may be used to gain network-level access to the servers and ports protected by that given relay host. The DNG provides network-level access only to the protected SSH servers. It does not interact with the independent SSH authentication and encryption. An attacker cannot use a stolen token on its own to authenticate against a DNG-protected SSH server.	2020-07-20	2.9	CVE-2020-3442 CISCO
google -- android	In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible permissions bypass due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146570216	2020-07-17	2.1	CVE-2020-0107 CONFIRM
hcl -- bigfix_webui	HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versions prior to latest releases as specified in https://ift.tt/32tHhEN.	2020-07-17	3.5	CVE-2020-4104 CONFIRM
hcl -- campaign	"HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field."	2020-07-17	3.5	CVE-2019-4090 MISC
hcl -- marketing_platform	"HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. "	2020-07-17	3.5	CVE-2019-4091 MISC
huawei -- mate_20_smartphones	HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path.	2020-07-17	2.1	CVE-2020-9252 CONFIRM
huawei -- multiple_cloudengine_products	There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800	2020-07-17	2.1	CVE-2020-9102 CONFIRM
huawei -- multiple_products	There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. Affected product versions include: IPS Module versions V500R005C00, V500R005C10; NGFW Module versions V500R005C00, V500R005C10; Secospace USG6300 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6600 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; USG9500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10	2020-07-18	3.3	CVE-2020-9101 CONFIRM
ibm -- verify_gateway	IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.	2020-07-22	2.1	CVE-2020-4371 XF CONFIRM
ibm -- verify_gateway	IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009	2020-07-22	2.1	CVE-2020-4372 XF CONFIRM
ibm -- verify_gateway	IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.	2020-07-22	2.1	CVE-2020-4369 XF CONFIRM
juniper_networks -- junos_os	A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). This issue occurs when crafted LLDP packets are received by the device from an adjacent device. Multiple LACP flaps will occur after LLDP crashes. An indicator of compromise is to evaluate log file details for lldp with RLIMIT. Intervention should occur before 85% threshold of used KB versus maximum available KB memory is reached. show log messages | match RLIMIT | match lldp | last 20 Matching statement is " /kernel: %KERNEL-[number]: Process ([pid #],lldpd) has exceeded 85% of RLIMIT_DATA: " with [] as variable data to evaluate for. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R2-S7, 18.2R3; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2.	2020-07-17	2.9	CVE-2020-1641 MISC
juniper_networks -- junos_os	Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By continuously executing the same CLI commands, a local attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Note: Only systems utilizing ARM processors, found on the EX2300 and EX3400, are vulnerable to this issue. Systems shipped with other processor architectures are not vulnerable to this issue. The processor architecture can be displayed via the 'uname -a' command. For example: ARM (vulnerable): % uname -a | awk '{print $NF}' arm PowerPC (not vulnerable): % uname -a | awk '{print $NF}' powerpc AMD (not vulnerable): % uname -a | awk '{print $NF}' amd64 Intel (not vulnerable): % uname -a | awk '{print $NF}' i386 This issue affects Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D100; 14.1X53 versions prior to 14.1X53-D140, 14.1X53-D54; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D210; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2.	2020-07-17	1.9	CVE-2020-1643 CONFIRM
juniper_networks -- mx_series_devices	On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE) on the line card to crash and restart, causing traffic interruption. By continuously sending this stream of specific layer 2 frame, an attacker connected to the same broadcast domain can repeatedly crash the PFE, causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS on MX Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.2R1.	2020-07-17	3.3	CVE-2020-1651 CONFIRM
mida_solutions -- eframework	Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0.	2020-07-24	3.5	CVE-2020-15918 MISC
qemu -- qemu	QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.	2020-07-21	2.1	CVE-2020-15859 MISC MISC MLIST
teltonika -- trb2_r_devices	Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section.	2020-07-17	3.5	CVE-2020-5769 CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
asus -- screenxpertservicec_and_screenxpertupgradeservicemanager	AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.	2020-07-20	not yet calculated	CVE-2020-15009 MISC CONFIRM CONFIRM
atlassian -- confluence_server_and_data_center	Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.	2020-07-24	not yet calculated	CVE-2020-14175 N/A
bsdiff4 -- bsdiff4	A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.	2020-07-22	not yet calculated	CVE-2020-15904 MISC
c-more -- hmi_ea9_devices	This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue is due to insufficient authentication on post-authentication requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from unauthenticated users. Was ZDI-CAN-10182.	2020-07-23	not yet calculated	CVE-2020-10918 MISC
c-more -- hmi_ea9_touch_screen_panels	This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the control service, which listens on TCP port 9999 by default. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10493.	2020-07-23	not yet calculated	CVE-2020-10920 MISC
c-more -- hmi_ea9_touch_screen_panels	This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format using a hard-coded key. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185.	2020-07-23	not yet calculated	CVE-2020-10919 MISC
c-more -- hmi_ea9_touch_screen_panels	This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of proper input validation prior to further processing user requests. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-10527.	2020-07-23	not yet calculated	CVE-2020-10922 MISC
c-more -- hmi_ea9_touch_screen_panels	This vulnerability allows remote attackers to issue commands on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. Was ZDI-CAN-10482.	2020-07-23	not yet calculated	CVE-2020-10921 MISC
cauldron_cbang -- tar/tarfilereader	tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive.	2020-07-23	not yet calculated	CVE-2020-15908 MISC MISC
citrix -- workspace_app_for_windows	Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running.	2020-07-24	not yet calculated	CVE-2020-8207 MISC
claws_mail -- claws_mail	common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.	2020-07-23	not yet calculated	CVE-2020-15917 MISC MISC
codecov -- codecov	In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE (CVE-2020-7597 for GHSA-5q88-cjfq-g2mh) was issued but the fix was incomplete. It only blocked &, and command injection is still possible using backticks instead to bypass the sanitizer. The attack surface is low in this case. Particularly in the standard use of codecov, where the module is used directly in a build pipeline, not built against as a library in another application that may supply malicious input and perform command injection.	2020-07-20	not yet calculated	CVE-2020-15123 MISC MISC MISC CONFIRM MISC
d-link -- dap-1520_devices	An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length of 15 characters. The problem is that validation is being done on the client side, hence it can be bypassed. When an attacker manages to intercept the login request (POST based) and tampers with the vulnerable parameter (log_pass), to a larger length, the request will be forwarded to the webserver. This results in a stack-based buffer overflow. A few other POST variables, (transferred as part of the login request) are also vulnerable: html_response_page and log_user.	2020-07-22	not yet calculated	CVE-2020-15892 MISC MISC
d-link -- dap-1522_devices	An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the value of NO_NEED_AUTH is 1, the user has direct access to the webpage without any authentication. By appending a query string NO_NEED_AUTH with the value of 1 to any protected URL, any unauthorized user can access the application directly, as demonstrated by bsc_lan.php?NO_NEED_AUTH=1.	2020-07-22	not yet calculated	CVE-2020-15896 MISC MISC
d-link -- dap-1860_devices	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10084.	2020-07-23	not yet calculated	CVE-2020-15631 MISC MISC
d-link -- dir-842_devices	This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083.	2020-07-23	not yet calculated	CVE-2020-15632 MISC MISC
d-link -- dir-867_and_dir-878_and_dir-882_devices	This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835.	2020-07-23	not yet calculated	CVE-2020-15633 MISC MISC
devspace -- devspace	The UI in DevSpace 4.13.0 allows web sites to execute actions on pods (on behalf of a victim) because of a lack of authentication for the WebSocket protocol. This leads to remote code execution.	2020-07-23	not yet calculated	CVE-2020-15391 CONFIRM MISC
embedthis -- goahead	GoAhead before 5.1.2 mishandles the nonce value during Digest authentication. This may permit request replay attacks for local requests over HTTP.	2020-07-23	not yet calculated	CVE-2020-15688 MISC
espressif -- esp-idf_devices	An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption.	2020-07-23	not yet calculated	CVE-2020-12638 MISC MISC MISC MISC
fast-http -- fast-http	This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js.	2020-07-25	not yet calculated	CVE-2020-7687 MISC
fiber -- fiber	In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://ift.tt/2OGNsNP) is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the attacker can change the name of the downloaded file, redirect to another site, change the authorization header, etc. A possible workaround is to serialize the input before passing it to ctx.Attachment().	2020-07-20	not yet calculated	CVE-2020-15111 MISC CONFIRM
fortiguard -- fortios	An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.	2020-07-24	not yet calculated	CVE-2020-12812 MISC
google -- chrome	Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-07-22	not yet calculated	CVE-2020-6512 SUSE MISC MISC GENTOO
google -- chrome	Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.	2020-07-22	not yet calculated	CVE-2020-6514 SUSE MISC MISC GENTOO
google -- chrome	Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page.	2020-07-22	not yet calculated	CVE-2020-6506 MISC MISC GENTOO
google -- chrome	Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.	2020-07-22	not yet calculated	CVE-2020-6511 SUSE MISC MISC GENTOO
google -- chrome	Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-07-22	not yet calculated	CVE-2020-6517 SUSE MISC MISC GENTOO
google -- chrome	Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-07-22	not yet calculated	CVE-2020-6534 SUSE MISC MISC GENTOO
google -- chrome	Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.	2020-07-22	not yet calculated	CVE-2020-6522 SUSE MISC MISC GENTOO
google -- chrome	Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-07-22	not yet calculated	CVE-2020-6523 SUSE MISC MISC GENTOO
google -- chrome	Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page.	2020-07-22	not yet calculated	CVE-2020-6535 SUSE MISC MISC GENTOO
google -- chrome	Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.	2020-07-22	not yet calculated	CVE-2020-6530 SUSE MISC MISC GENTOO
google -- chrome	Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-07-22	not yet calculated	CVE-2020-6533 SUSE MISC MISC GENTOO
hp -- synaptics_vfs75xx_sensors	Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.	2020-07-22	not yet calculated	CVE-2019-18618 MISC MISC MISC CONFIRM
hp -- synaptics_wbf_drivers	Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.	2020-07-22	not yet calculated	CVE-2019-18619 MISC MISC MISC CONFIRM MISC
ibm -- filenet_content_manager	IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181227.	2020-07-23	not yet calculated	CVE-2020-4447 XF CONFIRM
inneo -- startup_tools	An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sut_srv.exe web application (served on TCP port 85) includes user input into a filesystem access without any further validation. This might allow an unauthenticated attacker to read files on the server via Directory Traversal, or possibly have unspecified other impact.	2020-07-23	not yet calculated	CVE-2020-15492 MISC CONFIRM MISC MISC
jimp -- jimp	Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image.	2020-07-24	not yet calculated	CVE-2020-8175 MISC
kubernetes -- kubelet	The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.	2020-07-23	not yet calculated	CVE-2020-8557 CONFIRM MLIST
kubernetes -- kubelet	The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.	2020-07-22	not yet calculated	CVE-2020-8559 MISC MISC
lenovo -- drivers_management	A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.	2020-07-24	not yet calculated	CVE-2020-8317 CONFIRM
lenovo -- drivers_management	An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.	2020-07-24	not yet calculated	CVE-2020-8326 CONFIRM
lua -- lua	Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.	2020-07-24	not yet calculated	CVE-2020-15945 MISC MISC
marked-tree -- marked-tree	This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js.	2020-07-25	not yet calculated	CVE-2020-7682 MISC
marscode -- marscode	This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js.	2020-07-25	not yet calculated	CVE-2020-7681 MISC
mida_solutions -- eframework	There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.	2020-07-24	not yet calculated	CVE-2020-15922 MISC
mida_solutions -- eframework	Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.	2020-07-24	not yet calculated	CVE-2020-15923 MISC
mida_solutions -- eframework	Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.	2020-07-24	not yet calculated	CVE-2020-15921 MISC
mida_solutions -- eframework	There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.	2020-07-24	not yet calculated	CVE-2020-15920 MISC
mida_solutions -- eframework	There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters.	2020-07-24	not yet calculated	CVE-2020-15924 MISC
mountsensitive -- azurefile_and_cephfs	The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.	2020-07-23	not yet calculated	CVE-2019-11252 MISC
munkireport -- munkireport	A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint.	2020-07-23	not yet calculated	CVE-2020-15886 MISC MISC MISC MISC
munkireport -- munkireport	A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name.	2020-07-23	not yet calculated	CVE-2020-15881 MISC MISC MISC MISC
munkireport -- munkireport	A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint.	2020-07-23	not yet calculated	CVE-2020-15887 MISC MISC MISC MISC
munkireport -- munkireport	A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment.	2020-07-23	not yet calculated	CVE-2020-15885 MISC MISC MISC MISC
munkireport -- munkireport	A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data.	2020-07-23	not yet calculated	CVE-2020-15884 MISC MISC MISC
munkireport -- munkireport	A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported).	2020-07-23	not yet calculated	CVE-2020-15883 MISC MISC MISC MISC
munkireport -- munkireport	A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database.	2020-07-23	not yet calculated	CVE-2020-15882 MISC MISC MISC
nagios -- nagios_xi	Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.	2020-07-22	not yet calculated	CVE-2020-15902 MISC
nagios -- nagios_xi	ajaxhelper.php in Nagios XI before 5.7.2 allows remote attackers to execute arbitrary commands via cmdsubsys.	2020-07-22	not yet calculated	CVE-2020-15901 MISC
napi_get_value_string -- napi_get_value_string	napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.	2020-07-24	not yet calculated	CVE-2020-8174 MISC
nec -- esmpro_manager	This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10007.	2020-07-22	not yet calculated	CVE-2020-10917 MISC
open_microscopy_environment -- omero	OMERO.server before 5.6.1 allows attackers to bypass the security filters and access hidden objects via a crafted query.	2020-07-22	not yet calculated	CVE-2019-16244 CONFIRM
openbsd -- openssh	scp in OpenSSH through 8.3p1 allows command injection in scp.c remote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."	2020-07-24	not yet calculated	CVE-2020-15778 MISC MISC
oracle -- mysql_server	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).	2020-07-24	not yet calculated	CVE-2020-14725 MISC
oslsoft -- pi_system	In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive.	2020-07-24	not yet calculated	CVE-2020-10600 MISC
oslsoft -- pi_system	In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive.	2020-07-25	not yet calculated	CVE-2020-10604 MISC
oslsoft -- pi_system	In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment.	2020-07-24	not yet calculated	CVE-2020-10606 MISC
oslsoft -- pi_system	In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification.	2020-07-24	not yet calculated	CVE-2020-10608 MISC
oslsoft -- pi_system	In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification.	2020-07-24	not yet calculated	CVE-2020-10610 MISC
oslsoft -- pi_system	In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or modification is possible if a victim views the infected display.	2020-07-25	not yet calculated	CVE-2020-10614 MISC
oslsoft -- pi_system	In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive.	2020-07-24	not yet calculated	CVE-2020-10602 MISC
overwolf -- overwolf	Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges.	2020-07-24	not yet calculated	CVE-2020-15932 MISC
palo_alto_networks -- avertx_hd838_and_hd438_ip_cameras	An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. An attacker with physical access to the UART interface could access additional diagnostic and configuration functionalities as well as the camera's bootloader. Successful exploitation could compromise confidentiality, integrity, and availability of the affected system. It could even render the device inoperable.	2020-07-23	not yet calculated	CVE-2020-11623 MISC
palo_alto_networks -- avertx_hd838_and_hd438_ip_cameras	An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change the default password for the admin account. They only show a pop-up window suggesting a change but there's no enforcement. An administrator can click Cancel and proceed to use the device without changing the password. Additionally, they disclose the default username within the login.js script. Since many attacks for IoT devices, including malware and exploits, are based on the usage of default credentials, it makes these cameras an easy target for malicious actors.	2020-07-23	not yet calculated	CVE-2020-11624 MISC
palo_alto_networks -- avertx_hd838_and_hd438_ip_cameras	An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit different responses depending on whether a user account exists. Because the responses indicate whether a submitted username is valid or not, they make it easier to identify legitimate usernames. If a login request is sent to ISAPI/Security/sessionLogin/capabilities using a username that exists, it will return the value of the salt given to that username, even if the password is incorrect. However, if a login request is sent using a username that is not present in the database, it will return an empty salt value. This allows attackers to enumerate legitimate usernames, facilitating brute-force attacks. NOTE: this is different from CVE-2020-7057.	2020-07-23	not yet calculated	CVE-2020-11625 MISC
parallels -- remote_application_server	Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it is possible to access any host in the internal domain, even if it has no published applications or the mentioned host is no longer associated with that server farm.	2020-07-24	not yet calculated	CVE-2020-15860 MISC MISC
parser-server -- parser-server	In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object.	2020-07-22	not yet calculated	CVE-2020-15126 MISC MISC CONFIRM
phoenix_contact -- plcnext_engineer	In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.	2020-07-21	not yet calculated	CVE-2020-12499 CONFIRM
radare -- radare2	In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.	2020-07-20	not yet calculated	CVE-2020-15121 MISC MISC MISC CONFIRM
raspberry_tortoise -- raspberry_tortoise	The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing it to the child_process.exec function.	2020-07-23	not yet calculated	CVE-2020-15477 MISC MISC
rollup-plugin-server -- rollup-plugin-server	This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function.	2020-07-25	not yet calculated	CVE-2020-7683 MISC
rollup-plugin-server -- rollup-plugin-server	This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function.	2020-07-25	not yet calculated	CVE-2020-7686 MISC
schneider_electric -- easergy_builder	A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access.	2020-07-23	not yet calculated	CVE-2020-7514 MISC
schneider_electric -- easergy_builder	A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to decrypt a password.	2020-07-23	not yet calculated	CVE-2020-7515 MISC
schneider_electric -- easergy_builder	A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to login credentials.	2020-07-23	not yet calculated	CVE-2020-7516 MISC
schneider_electric -- easergy_builder	A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials.	2020-07-23	not yet calculated	CVE-2020-7517 MISC
schneider_electric -- easergy_builder	A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account.	2020-07-23	not yet calculated	CVE-2020-7519 MISC
schneider_electric -- easergy_builder	A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files.	2020-07-23	not yet calculated	CVE-2020-7518 MISC
schneider_electric -- sesu	A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit.	2020-07-23	not yet calculated	CVE-2020-7520 MISC
schneider_electric -- triconex_safety_systems	**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.	2020-07-23	not yet calculated	CVE-2020-7491 MISC
tenda -- ac15_ac1900_devices	goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter.	2020-07-23	not yet calculated	CVE-2020-15916 MISC
tesla -- model_3_vehicles	** DISPUTED ** Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card, and then using NFC Relay. NOTE: the vendor has developed Pin2Drive to mitigate this issue.	2020-07-23	not yet calculated	CVE-2020-15912 MISC MISC MISC MISC
torchbox -- wagtail	In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard form rendering helpers such as form.as_p, any HTML tags used within a form field's help text will be rendered unescaped in the page. Allowing HTML within help text is an intentional design decision by Django; however, as a matter of policy Wagtail does not allow editors to insert arbitrary HTML by default, as this could potentially be used to carry out cross-site scripting attacks, including privilege escalation. This functionality should therefore not have been made available to editor-level users. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 2.7.4 (for the LTS 2.7 branch) and Wagtail 2.9.3 (for the current 2.9 branch). In these versions, help text will be escaped to prevent the inclusion of HTML tags. Site owners who wish to re-enable the use of HTML within help text (and are willing to accept the risk of this being exploited by editors) may set WAGTAILFORMS_HELP_TEXT_ALLOW_HTML = True in their configuration settings. Site owners who are unable to upgrade to the new versions can secure their form page templates by rendering forms field-by-field as per Django's documentation, but omitting the |safe filter when outputting the help text.	2020-07-20	not yet calculated	CVE-2020-15118 MISC MISC MISC MISC CONFIRM
ubuntu -- ubuntu	In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.	2020-07-22	not yet calculated	CVE-2014-1422 CONFIRM CONFIRM
wildfly -- enterprise_java_beans	A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.	2020-07-24	not yet calculated	CVE-2020-14307 CONFIRM
wildfly -- enterprise_java_beans	A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.	2020-07-24	not yet calculated	CVE-2020-14297 CONFIRM
wind_river -- vxworks	httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root.	2020-07-23	not yet calculated	CVE-2020-11440 MISC MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/2OXycw8