STJ se restabelece após ransomware, mas PF investiga cópia de dados

Os estragos causados pelo ataque com ransomware ao Superior Tribunal de Justiça (STJ) ainda não são totalmente conhecidos. A Polícia Federal assumiu a investigação do caso, não só para compreender a extensão dos danos, como para averiguar o acesso aos arquivos, que pode incluir até mesmo uma cópia indevida dos dados.Segundo comunicado do STJ, aos poucos os sistemas começam a ser retomados após o ataque. A retomada começou na terça-feira (10), com a retomada de algumas das funcionalidades mais acessadas do portal. As centrais telefônicas voltaram a operar parcialmente na quarta-feira (11) e em sua totalidade na quinta (12). Agora, o Tribunal também informa que a restauração dos sistemas de informática já está praticamente finalizada.O STJ diz que há ainda dois pontos a serem resolvidos. Um deles é o Sistema Integração, que deve ser restabelecido durante o fim de semana. Além disso, até segunda-feira (16), a Secretaria de Tecnologia da Informação e Comunicação deve finalizar a disponibilização dos drivers.Para evitar novos ataques, o tribunal também impôs novas medidas de segurança. Como informa o site Convergência Digital, uma das mais importantes é impedir que os funcionários conectem equipamentos pessoais, com menção direta a notebooks, à rede do STJ, para garantir que novas ameaças trazidas de fora não afetem os sistemas internos.Copiar dados é o modus operandi do malwareApesar de a investigação do ataque correr em sigilo, algumas coisas são conhecidas. O site Bleeping Computer percebeu que o bilhete de resgate encontrado em inglês pelos técnicos nos computadores do STJ é compatível com o RansomExx, um ransomware que viabiliza esse tipo de ataque.No caso do ataque ao STJ, os arquivos foram cifrados com a extensão ".stj888", o que parece ser um padrão de ataque. O site aponta que o Tribunal de Justiça de Pernambuco (TJ-PE) também foi afetado pela ameaça no fim de outubro, e os dados foram criptografados com a extensão ".tjpe911". É uma marca da ameaça o uso de bilhetes de resgate direcionados, utilizando o nome da organização atingida.O malware já atingiu múltiplos alvos fora do Brasil, como ressalta a publicação. Um dos ataques notáveis atingiu o Departamento de Transportes do Texas (TxDOT), nos Estados Unidos. Na ocasião, os arquivos foram cifrados com a extensão ".txd0t". O ransomware não mira apenas órgãos governamentais, afetando também várias empresas, como Konica Minolta, IPG Photonics, and Tyler Technologies.O RansomExx é uma nova versão de um ransomware conhecido como Defray777. A nova variação começou a circular mais ativamente desde junho. Durante esse período, ele já mostrou um modo de atuação claro: a ameaça se instala na rede da vítima e começa a roubar documentos sensíveis enquanto se espalha pelas máquinas. Em posse dos arquivos relevantes, o malware se manifesta e começa a cifrar os dados nos computadores afetados.

from Olhar Digital :: Segurança https://ift.tt/2UsqA7v

Sistemas da Justiça Eleitoral saem do ar; TSE nega ataque hacker

O Tribunal Superior Eleitoral (TSE) registrou uma queda nos sistemas da Justiça Eleitoral na tarde desta quinta-feira (12). No mesmo dia, o TSE esclareceu, em nota oficial, que a queda foi motivada por uma sobrecarga interna do sistema, e não por um ataque de hackers. Alguns serviços do TSE ficaram indisponíveis com a queda, como Processo Judicial Eletrônico-PJE, divulgação de candidaturas e sites dos TSEs e tribunais regionais.De acordo com a nota, técnicos do tribunal trabalham em conjunto com técnicos do fabricante do equipamento de infraestrutura que travou (um data center). O nome do fabricante não foi divulgado. Ainda segundo o TSE, os sistemas começaram a ser normalizados já na noite de quinta-feira. Nesta sexta-feira (13), os sistemas já estão em funcionamento completo, segundo o tribunal.O problema técnico não afeta nenhum processo relacionado às eleições municipais deste domingo (15), como preparação de urnas, contagem de votos e transmissão dos resultados, segundo o TSE.ReproduçãoSistemas do STJ e da CGU sofreram ataques hackers recentemente. Imagem: New Africa/ShutterstockComo bem lembra o tribunal, a urna eletrônica brasileira funciona sem a necessidade de conexão com qualquer dispositivo de rede. Sendo um equipamento isolado, ela mantém suas funções de segurança intactas, independentemente do que acontecer no sistema central do TSE.A hipótese de um ataque cibernético vem pouco depois de invasões aos sistemas do Superior Tribunal de Justiça (STJ) e da Controladoria-Geral da União (CGU), ambas nesta semana. Confira a íntegra da nota do TSE:"O Tribunal Superior Eleitoral esclarece que a queda nos sistemas da Justiça Eleitoral, registrada na tarde desta quinta-feira (12), foi motivada por uma sobrecarga interna e não tem relação com interferência externa (ataque cibernético).Por conta do problema, ficaram indisponíveis serviços como Processo Judicial Eletrônico-PJE, divulgação de candidaturas e site dos TSE e dos tribunais regionais.O travamento de equipamento de infraestrutura, um datacenter, está sendo solucionado por técnicos do tribunal em parceria com técnicos do fabricante. Na noite desta quinta, os sistemas começaram a ser normalizados, e a expectativa é de retomada plena nesta sexta-feira (13).O problema técnico não afeta nenhum processo relacionado à votação deste domingo (15), como preparação de urnas, totalização de votos e transmissão de resultados.É importante lembrar que a urna eletrônica brasileira foi projetada para funcionar sem estar conectada a qualquer dispositivo de rede, seja por cabo, wi-fi ou bluetooth. Ou seja, a urna é um equipamento isolado, o que preserva um dos requisitos básicos de segurança do sistema.Além disso, a totalização dos votos após o envio das informações pelos Tribunais Regionais Eleitorais (TREs) funciona por meio de rede privativa criptografada."Via: TSE

from Olhar Digital :: Segurança https://ift.tt/35u0KXh

Microsoft detecta ataques de Rússia e Coreia do Norte a pesquisas de vacina contra Covid

A Microsoft anunciou nesta sexta-feira (13) que detectou uma série de ataques direcionados a companhias farmacêuticas que estão desenvolvendo vacinas contra a Covid-19. A companhia não revela quais foram os alvos, mas diz que conseguiu rastrear a origem, acusando hackers patrocinados por governos de Rússia e Coreia do Norte.Foram três grupos detectados. Um deles é conhecido como "Fancy Bear" (entre vários outros nomes), já bastante renomado por uma série de ataques conduzidos de alto impacto ao longo dos últimos anos. Um dos mais relevantes atingiu o Partido Democrata dos Estados Unidos em 2016, que gerou o vazamento de uma série de informações usadas contra a candidata Hillary Clinton na campanha presidencial.O grupo, patrocinado pelo governo russo, teria utilizado uma técnica conhecida como "password spraying", que consiste em testar o uso de senhas comuns e recicladas em múltiplas contas para ver o que funciona. OJá os outros dois teriam o apoio do governo norte-coreano. Um deles também é famoso, conhecido como "Lazarus Group", com um retrospecto de grandes ataques. O grupo tem alguns dos ataques mais famosos dos últimos anos vinculado ao seu nome, incluindo suspeitas de envolvimento na invasão à Sony em 2014, que permitiu o vazamento de vários filmes ainda não lançados e bloqueou os sistemas internos da empresa com ransomware, além do WannaCry, que infectou centenas de milhares de computadores em 2017, em um dos mais graves incidentes de cibersegurança da história.Por fim, a Microsoft descreve um terceiro grupo apoiado pela Coreia do Norte, mas que parece não ter uma bagagem tão repleta quanto os outros dois. A empresa o chama de "Cerium", e diz que eles estão envolvidos em campanhas de spearphishing (ataque com e-mails falsos direcionados para alvos específicos) mirando representantes da Organização Mundial de Saúde que estão envolvidos no combate à Covid-19.Segundo a companhia, os grupos atacaram empresas e grupos de pesquisa ligados a alguns dos estudos mais avançados no desenvolvimento das vacinas contra a Covid-19. Foram sete empresas sediadas nos Estados Unidos, Canadá, França, Índia e Coreia do Sul, e alguns dos ataques foram bem-sucedidos. O objetivo dos ataques seria roubar dados valiosos e sigilosos ligados às pesquisas.A questão não é uma novidade, no entanto. Em julho deste ano, a Rússia foi acusada por uma série de países de roubar dados da pesquisa de uma vacina, mais especificamente em um ataque direcionado ao Reino Unido.

from Olhar Digital :: Segurança https://ift.tt/32GGDDn

Apple Releases Security Updates for Multiple Products

Indefinição sobre a sucessão nos EUA deixa país vulnerável a ataques

Os Estados Unidos estão vivendo um limbo administrativo. Apesar da vitória do democrata Joe Biden nas eleições presidenciais estar cada vez mais consolidada, o atual ocupante do cargo, Donald Trump, insiste em disputar o resultado. Com isso, a equipe de transição não teve acesso às reuniões presidenciais diárias, ou a qualquer outro material confidencial.Mais do que uma saia justa governamental, essa situação é potencialmente perigosa. Especialistas em segurança nacional alertam que a contínua obstrução do governo Trump pode deixar país vulnerável a ataques até que a equipe de Biden possa finalmente estar a par de todas as ameaças – inclusive em termos de cibersegurança.Para agravar o cenário, vários dos oficiais mais graduados do Departamento de Defesa estão sendo substituídos por funcionários supostamente mais leais ao presidente Trump. Essas ações podem levar a lacunas na forma como informações de inteligência sobre ameaças à segurança cibernética são repassadas para a nova administração.Adam Schultz / Biden for PresidentKamala Harris e Joe Biden, respectivamente vice-presidente e presidente eleitos dos EUA. Imagem: Adam Schultz / Biden for President"Você quer saber a situação das questões ao redor do mundo, o estado das negociações, das discussões sobre acordos de livre comércio, potenciais pontos de conflito acontecendo, conversas com aliados e ameaças feitas por adversários", explica David Priess, um ex-oficial de inteligência da CIA e do Departamento de Estado que deu briefings confidenciais aos presidentes Bill Clinton e George W. Bush. "Ter uma transição atrasada ou obstruída atrapalha tudo isso", acrescentou Priess.Isso não aconteceu, por exemplo, quando Barack Obama deu lugar ao próprio Trump. A equipe do republicano teve acesso total a informações confidenciais e aos briefings diários. Biden deixou claro que sua prioridade como presidente será combater a pandemia de Covid-19, mas relatórios do FBI e o Departamento de Segurança Interna, de antes das eleições, advertiram que agentes estrangeiros poderiam explorar qualquer incerteza após o dia 3 de novembro para minar os resultados da eleição – incluindo uma ampla campanha cibernética da Rússia.Adam Schultz / Biden for PresidentJoe Biden, ainda em campanha. Imagem: Adam Schultz / Biden for PresidentInstalações médicas e centros de pesquisa que trabalham com vacinas para Covid-19 também têm sido alvo de grupos russos e chineses. "Todo o caos de pessoal no Pentágono, combinado com a recusa da equipe de Trump em informar Biden, é preocupante - além de ser uma violação flagrante das normas", avalia o diretor de estudos de política externa do Cato Institute, John Glaser."A verdadeira ameaça, para ser franco, não vem do exterior. A ameaça muito mais presente para os norte-americanos e suas tradições políticas e institucionais é aquela que eles enfrentam internamente", acrescentou Glaser, apontando para a disputa política que colocou o discurso político produtivo em segundo plano. "Essa é uma ameaça muito maior do que qualquer coisa que China, Rússia, Estado Islâmico ou Al-Qaeda possam fazer contra nós no próximo governo".Via: CNN 

from Olhar Digital :: Segurança https://ift.tt/3eVZqPX

Novo console da Nintendo é hackeado antes do lançamento

Para celebrar os 35 anos do jogo Super Mario Bros. a Nintendo lançou uma edição especial do Game & Watch, sua primeira geração de consoles portáteis, com tela colorida e o game na memória.Obviamente, o pequeno console chamou a atenção dos hackers, interessados em saber se é possível modificá-lo para rodar outros jogos. Um deles, que atende pelo apelido stacksmashing no Twitter, recebeu seu Game & Watch antes do lançamento e não perdeu tempo em abrí-lo para explorar o hardware e software.Quem esperava um sistema flexivel baseado em Linux, como no NES Classic e SNES Classic, vai se decepcionar. O hardware é muito modesto, e provavelmente incapaz de rodar um SO complexo.O processador é um STM32H7B0VBT6 da STMicroelectronics, que contém um núcleo ARM Cortex-M7 rodando a 280 MHz, 128 KBytes de memória flash, e 1024 KBytes (sim, apenas 1 MB!) de RAM. Também há uma memória flash serial de 8 Mb (1 MB), que provavelmente contém todo o software. A bateria tem capacidade de 525 mAh.Interesting, an STM32H7B0VBT6 is the main processor! Cortex-M7, 128 KBytes Flash, 1024 KBytes of RAM. Also some unpopulated headers close by that expose SWD (the Arm Cortex-M debug interface)! pic.twitter.com/f5cdSlmin6— stacksmashing (@ghidraninja) November 12, 2020Analisando o conteúdo da memória, stacksmashing descobriu uma ROM do jogo Super Mario Bros., o que indica que o sistema roda um emulador, provavelmente escrito diretamente para o hardware, sem necessidade de um sistema operacional por baixo. Também foi possível obter cópias da memória de vídeo (framebuffer), que mostram o jogo rodando.Logo após, stacksmashing conseguiu o que queria: modificou o conteúdo da memória flash, trocando a ROM original do jogo por uma que mostrava na tela a palavra "Hacked". 24 horas antes do lançamento, o Game & Watch de Super Mario Bros. foi "hackeado" para rodar código diferente do original de fábrica.So, eventually managed to bypass the Game & Watch ROM encryption 1 day before the official release ðŸ˜Â Will try to release a video on it in the next few days with details on how that works!— stacksmashing (@ghidraninja) November 12, 2020Entretanto, isso não significa que será possível rodar outros jogos em breve. Além da óbvia limitação na quantidade de memória do portátil, há o fato de que o hardware do NES é bastante complexo, com os cartuchos usando uma grande variedade de chips para expansão de memória ou mesmo para adicionar novos recursos de áudio e vídeo ao console. Um emulador escrito para rodar apenas Super Mario Bros. pode não ter o necessário para rodar um jogo mais complexo, como Castlevania 3.O hacker promete publicar, em breve, um vídeo mostrando um passo-a-passo da façanha.

from Olhar Digital :: Segurança https://ift.tt/3nn2tnf

This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about a ransomware group that walked away with 2,200 Bitcoin: More than $33 million based on the current Bitcoin exchange rate. Also, read about this month’s Patch Tuesday security updates from Microsoft, including patches for 112 vulnerabilities.

 

Read on:

Microsoft Patch Tuesday Update Fixes 17 Critical Bugs

Microsoft’s November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution (RCE) bugs. Twelve of Microsoft’s 17 critical patches were tied to RCE bugs. In all, 112 vulnerabilities were patched by Microsoft, with 93 rated important, and two rated low in severity. In this article, ZDI’s Dustin Childs shares his thoughts on Microsoft’s removal of descriptions from CVE overviews.

An Old Joker’s New Tricks: Using Github to Hide Its Payload

Trend Micro detected a new Joker malware version on a sample on Google Play, which utilizes Github pages and repositories in an attempt to evade detection. The app promised wallpapers in HD and 4K quality and was downloaded over a thousand times before it was removed from the Play Store by Google after being reported as malicious.

NETGEAR Router, WD NAS Device Hacked on First Day of Pwn2Own Tokyo 2020

Due to the coronavirus pandemic, this year’s Pwn2Own Tokyo was turned into a virtual event coordinated by ZDI from Toronto, Canada. On the first day of the event, the NETGEAR Nighthawk R7800 router, Western Digital My Cloud Pro series PR4100 NSA device and Samsung Smart TV were targeted and $50,000 was awarded among teams STARLabs, Trapa Security and Team Flashback.

Developing Story: COVID-19 Used in Malicious Campaigns

As the number of those afflicted with COVID-19 continues to surge by thousands, malicious campaigns that use the disease as a lure likewise increase. In this report, Trend Micro researchers share samples on COVID-19 related malicious campaigns. The report also includes detections from other researchers.

IoT Security is a Mess. These Guidelines Could Help Fix That

The supply chain around the Internet of Things (IoT) has become the weak link in cybersecurity, potentially leaving organizations open to cyberattacks via vulnerabilities they’re not aware of. However, new guidelines from the European Union Agency for Cybersecurity (ENISA) aims to ensure that security forms part of the entire lifespan of IoT product development.

US Department of Energy Launches New Program for Technology Security Managers

The US Department of Energy (DOE) recently launched the Operational Technology (OT) Defender Fellowship. Another milestone from the Department in enhancing the US’s critical infrastructure. In collaboration with DOE’s Idaho National Laboratory (INL) and the Foundation for Defense of Democracies’ (FDD) Center for Cyber and Technology Innovation (CTTI), the OT Defender Fellowship hopes to expand the knowledge of primary US front-line critical infrastructure defenders.

Ransomware Gang is Raking in Tens of Millions of Dollars

A ransomware organization has raked in tens of millions of dollars, according to a new report. The organization, identified as group “One,” walked away with 2,200 Bitcoin, according to a report by Advanced Intelligence. That’s more than $33 million based on the current Bitcoin exchange rate.

CISA Braces for 5G with New Strategy, Initiatives

The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released its 5G Strategy, ensuring the federal government and its many states, local, tribal, territorial, and private sector partners are secure as when the 5G technology arrives. The agency’s document hoped to expand on how the US government would secure 5G infrastructure both in the country and abroad.

Hacker-for-Hire Group Targeting South Asian Organizations

There’s a new cyber mercenary group on the block, and they’re going after targets in more than a dozen countries globally, according to a BlackBerry research report. The hack-for-hire shop, which BlackBerry is calling “CostaRicto,” has largely gone after targets in South Asia, especially in India, Bangladesh and Singapore. Some of its targeting was also located in Africa, the Americas, Australia and Europe.

Defense in Depth, Layered Security in the Cloud

In this blog, Trend Micro’s vice president of cybersecurity, Greg Young, discusses the evolution of network security into how it manifests itself today, how network security has looked up until now, how the future of network security looks and why security teams need layered protection in the cloud.

Surprised by Microsoft’s decision to remove the description section from Patch Tuesday bulletins?  Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs appeared first on .

from Trend Micro Simply Security https://ift.tt/35sLPfN

The iOS Covid App Ecosystem Has Become a Privacy Minefield

An analysis of nearly 500 Covid-related apps worldwide shows major differences in how much data they expect you to give up.

from Security Latest https://ift.tt/32BQZo3

The Scammer Who Wanted to Save His Country

Last fall, a hacker gave Glenn Greenwald a trove of damning messages between Brazil’s leaders. Some suspected the Russians. The truth was far less boring.

from Security Latest https://ift.tt/36wtwWz

Live Webinar: Reducing Complexity by Increasing Consolidation for SMEs

Complexity is the bane of effective cybersecurity. The need to maintain an increasing array of cybersecurity tools to protect organizations from an expanding set of cyber threats is leading to runaway costs, staff inefficiencies, and suboptimal threat response. Small to medium-sized enterprises (SMEs) with limited budgets and staff are significantly impacted. On average, SMEs manage more than a

from The Hacker News https://ift.tt/3knJ1Vr

SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

A group of academics from the University of California and Tsinghua University has uncovered a series of critical security flaws that could lead to a revival of DNS cache poisoning attacks. Dubbed "SAD DNS attack" (short for Side-channel AttackeD DNS), the technique makes it possible for a malicious actor to carry out an off-path attack, rerouting any traffic originally destined to a specific

from The Hacker News https://ift.tt/36v9xYi

Chrome ganha correção para duas falhas usadas pelo cibercrime; atualize o navegador

Fique atento às atualizações do Google Chrome. O navegador recebeu nesta quinta-feira (12) duas correções importantes que corrigem vulnerabilidades "zero-day", como são chamadas as falhas de segurança descobertas e exploradas pelo cibercrime antes que as empresas tenham a oportunidade de corrigi-las.O Google não deu detalhes sobre as vulnerabilidades e apenas informou que elas estão corrigidas nas versões 86.0.4240.198 do Chrome para todas as plataformas de desktop, incluindo Windows, Mac e Linux, como informa o site Bleeping Computer.A empresa apenas informa que as vulnerabilidades foram informadas por meio de pesquisadores anônimos. Não há detalhes sobre como funcionam os ataques ou quem está por trás deles, apenas se sabe que as brechas já são conhecidas e exploradas. A companhia só diz que uma delas está ligada ao V8, o motor de JavaScript do Chrome, e a outra está ligada a um problema na alocação de memória que poderia levar à execução de código arbitrárioA empresa diz que não dará mais detalhes até que a maioria dos usuários já tenham atualizado os navegadores e já estejam seguros. A medida visa evitar que mais cibercriminosos descubram qual é a vulnerabilidade e se aproveitem dela enquanto usuários ainda rodam versões defasadas do Chrome.Os últimos 30 dias têm sido especialmente movimentados para a equipe de segurança do Chrome. Foram cinco vulnerabilidades do tipo "zero-day" corrigidas desde 20 de outubro. Uma das mais marcantes combinava uma falha no Windows, afetando da versão 7 para cima, que permitia escalar privilégios no sistema para execução de código no computador afetado. O Google revelou a brecha no Windows antes de a Microsoft ter a oportunidade de corrigir o seu lado do problema.

from Olhar Digital :: Segurança https://ift.tt/3kkXZf2

The GOP Keeps Proving There's No Election Fraud

Through numerous legal and other challenges, the Trump campaign and its allies have consistently undermined their argument.

from Security Latest https://ift.tt/2GUuoLF

Hacker invade sistema da CGU e divulga passo a passo da ação no YouTube

Na última quinta-feira (5), o site da Controladoria-Geral da União (CGU) sofreu um ataque hacker. De acordo com o site O Bastidor, o invasor se aproveitou de uma falha em um túnel de criptografia (VPN) para conseguir acesso ao sistema.Felizmente, ao que parece, nenhum dado foi extraído. No entanto, a atuação do hacker não parou por aí. Isso porque, pouco tempo depois da invasão, ele publicou no YouTube um vídeo em que descrevia o passo a passo de como entrou no sistema do órgão.ReproduçãoHacker publicou o passo a passo da ação no YouTube. Foto: DANIEL CONSTANTE/ShutterstockApós a publicação do conteúdo, a rede social considerou que o envio ia contra as diretrizes da comunidade impostas pelo site. Por esse motivo, o vídeo foi removido, mas não antes de ser baixado e compartilhado por toda a internet.Em um comunicado enviado ao site Metrópoles, a controladoria ressalta que, "como medida imediata, a CGU adotou medidas preventivas pertinentes ao caso. Até o momento, não há indícios de comprometimento de serviços, sistemas e dados da Controladoria".Invasão do STJDois dias antes do acontecido com o site da CGU, o Superior Tribunal de Justiça (STJ) também foi vítima de um ataque hacker. A invasão se deu no ambiente virtual da Corte onde estão hospedados quase todos os sistemas do órgão.De acordo com um relatório obtido pela TV Globo e citado pelo G1, os técnicos inicialmente verificaram uma falha no sistema interno de proteção da rede. Após análise minuciosa, na mesma noite foram revelados indícios de invasão do sistema e "um arquivo com característica de vírus".Por precaução, todos os links de acesso à internet do STJ foram derrubados, e todas as contas que acessaram o sistema nas 24 horas antes do ataque foram bloqueadas. Na tarde desta quarta-feira (4), o site do tribunal encontra-se fora do ar. Ministros, servidores e estagiários foram orientados a não acessar os computadores ligados à rede do órgão.Segundo o presidente do STJ, ministro Humberto Martins, os prazos de processos foram adiados até a próxima segunda-feira (9). Entre as sessões que foram prejudicadas pelo ataque está a que analisaria um recurso do ex-presidente Luiz Inácio Lula da Silva no caso do triplex do Guarujá (SP), na Quinta Turma.Via: Metrópoles

from Olhar Digital :: Segurança https://ift.tt/32DOktP

Golpes envolvendo videogames aumentam com chegada do PS5

Com a aproximação do lançamento do novo PlayStation, cibercriminosos começaram a mostrar interesse em aplicar golpes envolvendo o novo dispositivo. De acordo com a Kaspersky, cerca de 130 sites ao redor do mundo utilizaram a marca para aplicar algum golpe.A maioria deles oferecia a pré-venda do PlayStation 5 exigindo pagamento antecipado ou solicitando dados pessoais para que, quando o console chegasse ao estoque, eles entrassem em contato. Em alguns casos, as páginas ofertavam a compra do novo videogame por um preço bastante inferior ao original.ReproduçãoO PS5 não foi o único a ser usado em golpes na internet. O console anterior, o PlayStation 4, também apareceu em fraudes. As páginas controladas pelos criminosos normalmente destacam que houve uma queda brusca de valor devido ao lançamento de uma nova versão. E isso é feito para atrair compradores desavisados. Para se proteger, a empresa destaca que os usuários devem sempre lembrar que "se algo na internet parece bom demais para ser verdade, provavelmente é fraude. Mensagens sobre ofertas e pré-vendas devem ser verificadas em fontes confiáveis e desaconselhamos clicar em links de e-mails ou naqueles enviados por apps de mensagem ou redes sociais".Golpe envolvendo a NetflixUm golpe que já vem sendo realizado ganhou uma nova versão. Cibercriminosos estão usando a Netflix com o objetivo de roubar dados do cartão de crédito dos assinantes do serviço. De acordo com a ESET, a campanha se distribui por meio de um e-mail com o assunto "Alerta de notificação".No corpo do e-mail, a mensagem informa sobre uma suposta dívida acumulada em nome da vítima, que pode levar à suspensão do serviço "caso não sejam tomadas medidas rápidas". A ideia é apelar para o imediatismo da ação para enganar o usuário, que pensa que não vai ter tempo de checar o problema antes de resolvê-lo.E-mail da campanha falsa que utiliza o nome da Netflix para enganar os usuários. Imagem: ESET/ReproduçãoAlgumas características, porém, entregam o golpe. O endereço de e-mail, embora inclua o nome da empresa que diz representar, não tem relação com o nome da marca – é só uma conta comprometida para utilizar o serviço de spam malicioso. A ESET ainda destaca a URL por trás do botão "ATUALIZE SUAS INFORMAÇÕES DE PAGAMENTO", que pode ser vista ao colocar o ponteiro do mouse sobre o botão, sem clicar. O link também não faz referência a um site oficial ou registrado pela marca.A combinação de dois idiomas (texto da página está em inglês enquanto a mensagem foi enviada em espanhol) é mais do que um alerta para qualquer usuário. O golpe busca roubar dados financeiros das vítimas ao solicitar que informem números completos de meios de pagamento utilizados ou de um novo cartão de crédito.Se a vítima seguir no golpe, logo após confirmar seus dados será encaminhada para uma mensagem, também em inglês, que indica que a conta foi reativada. Clicando em "Continuar", o usuário será redirecionado para a página oficial da Netflix, onde poderá "confirmar" que sua conta não está bloqueada (que nunca esteve, na verdade).

from Olhar Digital :: Segurança https://ift.tt/35lF67s

Check Point Software Technologies recognized as Leader in the 2020 Gartner Network Firewall Magic Quadrant

Check Point Software Technologies is proud to be named a Leader in the 2020 Magic Quadrant for Network Firewalls (NFW). This marks the 21st time in the company’s history to be named a Leader by Gartner. We believe, Gartner’s recently published 2020 Magic Quadrant for Network Firewalls report lauds Check Point for its consolidated architecture,…

The post Check Point Software Technologies recognized as Leader in the 2020 Gartner Network Firewall Magic Quadrant appeared first on Check Point Software.

from Check Point Software https://ift.tt/38ANZMl

Google Releases Security Updates for Chrome

Original release date: November 12, 2020

Google has released Chrome version 86.0.4240.198 for Windows, Mac, and Linux. This version addresses CVE-2020-16013 and CVE-2020-16017. An attacker could exploit one of these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following resources and apply the necessary updates.

• Google Chrome Release
• Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory 2020-154

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/36yNcc8

An Engineer Gets 9 Years for Stealing $10M From Microsoft

The defendant tried—and failed—to use bitcoin to cover his tracks.

from Security Latest https://ift.tt/36tETyn

Uncovered: APT 'Hackers For Hire' Target Financial, Entertainment Firms

A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies. Dubbed "CostaRicto" by Blackberry researchers, the campaign appears to be the handiwork of APT mercenaries who possess bespoke malware tooling and complex VPN proxy and SSH tunneling capabilities. "CostaRicto targets

from The Hacker News https://ift.tt/2IvtHZS

New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels

Cybersecurity researchers today disclosed a new kind of modular backdoor that targets point-of-sale (POS) restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices. The backdoor — dubbed "ModPipe" — impacts Oracle MICROS Restaurant Enterprise Series (RES) 3700 POS systems, widely used software suite restaurants, and hospitality

from The Hacker News https://ift.tt/32C00xk

MISSIONS — The Next Level of Interactive Developer Security Training

If organizations want to get serious about software security, they need to empower their engineers to play a defensive role against cyberattacks as they craft their code. The problem is, developers haven't had the most inspiring introduction to security training over the years, and anything that can be done to make their experience more engaging, productive, and fun is going to be a powerful

from The Hacker News https://ift.tt/3eRuqjU

Two New Chrome 0-Days Under Active Attacks – Update Your Browser

Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. The company released 86.0.4240.198 for Windows, Mac, and Linux, which it said will be rolling out over the coming days/weeks to all users. Tracked as CVE-2020-16013 and CVE-2020-16017, the flaws were

from The Hacker News https://ift.tt/2UlxQlz

Malware fingia ser o Discord para roubar dados de usuários

Um malware que se passava por arquivo do Discord foi detectado por pesquisadores de segurança coletando informações de usuários do serviço de conversas e de navegadores da web como o Google Chrome e o Opera.A falha foi encontrada pela empresa de segurança Sonatype, que detalhou a descoberta em um post em seu blog oficial. Trata-se de um pacote npm malicioso chamado 'discord.dll', de execução de bibliotecas de JavaScript.O arquivo npm é um pacote de execução de JavaScript que tem como principal função a automatização de ações em sites, aplicativos e outros softwares digitais. Neste caso, o pacote se passava por um arquivo da plataforma Discord para acessar informações de usuários e desenvolvedores.ReproduçãoDiscord é uma popular plataforma de chat online, utilizada principalmente por gamers. Foto: Konstantin Savusia/Shutterstock Em seu post a Sonatype explica que o discord.dll é uma evolução de outra biblioteca maliciosa que também estava em npm, chamada 'fallguys'. "Esses pacotes intencionalmente maliciosos parecem estar fazendo coisas semelhantes ao pacote npm malicioso 'fallguys', descoberto em setembro (aquele que estava roubando arquivos de navegadores da web e de mensagens do Discord)."Além de atingir o aplicativo do Discord, o malware também consegue atacar os navegadores Google Chrome, Yandex Browser, Opera e Brave.Além de atacar os usuários se passando por outra plataforma, o discord.dll é mais complexo que seu antecessor. A Sonatype comenta que o pacote contém uma série de aplicações escondidas, que passam por baixo do radar de observadores. "O discord.dll é um componente do npm que conduz atividades maliciosas que são difíceis de detectar com antecedência. Ele também usa a dependência npm legítima do 'Discord.js' para distrair os pesquisadores de suas atividades ilegais."A base npm que abriga o arquivo já foi notificada de seu conteúdo malicioso e prometeu retirá-lo do ar dentro dos próximos dias. Os especialistas da Sonatype também relataram a presença de mais arquivos maliciosos na base npm que se encontra o discord.dll. Estes, a princípio, possuem arquivos executáveis (.exe), e podem ter outras finalidades maliciosas.Fonte: ZDNet

from Olhar Digital :: Segurança https://ift.tt/3nizW2m

Relembre as principais polêmicas envolvendo executivos de tecnologia

Eles estão entre as pessoas mais ricas do mundo, mas nem por isso deixam de entrar em enrascadas pelas suas próprias mãos. CEOs de grandes empresas de tecnologia deixaram de ser magnatas escondidos em escritórios para se tornarem celebridades da mídia – e com isso acabam pagando um certo preço.Como não poderia deixar de ser, o maior colecionador de polêmicas entre os executivos de Tecnologia é o bilionário sul-africano Elon Musk. CEO da Tesla, SpaceX e Boring Company, Musk já causou debates infindáveis nas redes sociais com declarações "inofensivas", como quando brincou que as famosas pirâmides do Egito teriam sido construídas por alienígenas, mas também dá opiniões potencialmente perigosas – especialmente recentemente, com seu comportamento negacionista em relação à Covid-19.Em 2018, quando um time de futebol e seu treinador ficaram presos em uma caverna na Tailândia, o mergulhador Vernon Unsworth afirmou que o submarino criado por Musk para ajudar no resgate era um "truque de relações públicas" e que ele deveria enfiá-lo "onde dói". O executivo pegou pesado na  resposta, chamou o Unsworth de "pedófilo" e acabou sendo processado - apesar de ter pedido desculpas e apagado o post na rede social. Posteriormente, Musk acabou vencendo o processo.Reprodução/FlickrAtualmente, Musk é o "rei" das polêmicas nas redes sociais. Imagem: Reprodução/FlickrEm julho deste ano, em meio à crise causada na Bolívia que acabou culminando com a renúncia do presidente Evo Morales, Musk acabou vendo um comentário seu usado em meio à guerra diplomática. Ao ser questionado sobre uma suposta participação no que teria sido um golpe de estado aplicado pelo governo dos Estados Unidos, ele respondeu: "vamos dar um golpe em quem nós quisermos, lide com isso". O tuíte foi usado por Morales como uma prova do suposto golpe, que teria sido motivado por uma jazida de lítio no país.Outro "clássico" recente de Musk envolve nada menos do que o nome do seu primeiro filho com a cantora Grimes. X Æ A-12 nasceu em maio deste ano, mas teve que ser rebatizado para se adequar às leis californianas. O símbolo Æ, lido como "ash" foi substituído por AE, enquanto o número 12 foi trocado por XII, sua versão em numeral romano. O garoto, cujo apelido é "baby X", agora chama-se X AE A-XII.Polemista "raiz"Porém, Musk só é a versão menos transloucada de outro polêmico executivo de tecnologia:  John McAfee. Fundador de uma das maiores empresas de segurança digital, o britânico já se envolveu (supostamente) com tráfico de drogas, fundou seu próprio partido político e concorreu à presidência dos EUA.Também um negacionista da gravidade da Covid-19, McAfee foi detido em um aeroporto na Noruega, quando tentava retornar da Catalunha para a Alemanha, por se recusar a substituir uma "máscara" em forma de calcinha de renda por um modelo "aprovado pelos médicos"."Visitei a Catalunha pouco antes da Europa proibir os catalães de viajar. Tentei retornar à Alemanha, mas minha entrada foi recusada. Eles exigiam que usássemos máscaras. Coloquei minha máscara de calcinha. Eles exigiram que eu a trocasse. Eu recusei. Confusão. Cadeia. Olho roxo. Libertado", contou o empresário no Twitter.ReproduçãoJohn McAfee e sua "máscara". Imagem: Reprodução/TwitterEm outra mensagem ele disse: "Minha máscara contra o coronavírus é o problema. Insisto que é a mais segura disponível, e me recuso a usar qualquer outra coisa - pelo bem da minha saúde".Em aventuras passadas, McAfee se ofereceu para descriptografar um iPhone para o FBI, na época em que a Justiça dos EUA emitiu um mandado que obriga a Apple a criar uma ferramenta para hackear o iOS. Na contramão dessa proposta, ele ofereceu US$ 100 mil a quem conseguisse hackear sua carteira digital Bitfi (o desafio teria como objetivo acabar com o mito de que "tudo pode ser hackeado").Para a surpresa de poucos, em outubro o empresário foi preso no aeroporto de Barcelona, na Espanha, ao tentar embarcar para Istambul, na Turquia. McAfee foi indiciado por fraude e sonegação de impostos e aguarda extradição para os EUA. Ele teria utilizado vários métodos de evasão fiscal, incluindo o uso de contas de criptomoedas, e compras de imóveis, um iate e um carro em nome de terceiros.Outros executivos de TI até se metem em confusões, mas em um grau bem menor. Larry Ellison, ex-CEO da Oracle e sétima pessoa mais rica do mundo, já pagou detetives particulares para vasculhar o lixo de uma empresa que trabalhava com a rival Microsoft, na época sob uma investigação antitruste. Ele também teria comprado a casa vizinha a sua por US$ 40 milhões porque as árvores estavam bloqueando sua vista.Algumas ações parecem mesmo jogada de marketing, como quando o fundador do Twitter, Jack Dorsey, enviou tufos dos pelos da sua barba para a rapper Azealia Banks fazer amuletos de proteção contra o Estado Islâmico. A ideia era que a artista (que aparentemente também é bruxa) ajudasse o executivo em troca da divulgação de um álbum. O negócio não teria avançado.Embora hoje passe uma ideia de estoicismo e controle, Mark Zuckerberg também teve seus anos de polêmica. O fundador do Facebook chegou a dizer, nos primeiros anos da empresa, que os usuários do site eram "idiotas" por "confiar" seus dados a ele. Em meio a acusações sobre como sua rede não bania conteúdos negacionistas do Holocausto, Zuckerberg afirmou que embora fosse judeu e achasse isso "profundamente ofensivo", ele não achava que essas crenças deveriam ser censuradas na plataforma.Via: TechAdvisor

from Olhar Digital :: Segurança https://ift.tt/3kihncp

Campainha da Ring pega fogo, machuca oito pessoas e sofre recall nos EUA

Na noite de terça-feira (10), a Ring anunciou o recall de cerca de 350 mil campainhas inteligentes nos Estados Unidos após 23 relatos de que algumas delas pegaram fogo. Há relatos de danos leves à propriedade e oito pessoas tiveram queimaduras leves. A empresa é de propriedade da Amazon.Segundo a CPSC (sigla em inglês para Comissão de Segurança de Produtos de Consumo dos EUA), os dispositivos apresentam risco potencial de incêndio relacionado à bateria. No aviso emitido, é apontado que a campainha pode superaquecer quando são usados parafusos incorretos na instalação.De acordo com o órgão, 85 relatos de incidentes foram recebidos de pessoas que utilizaram parafusos incorretos. "Os consumidores devem parar imediatamente de instalar as campainhas de vídeo em recall", diz. O recall contempla o modelo Ring Video Doorbell (2ª geração). Usuários podem confirmar se o modelo utilizado é compatível no site ou app da empresa.ReproduçãoDispositivo da Ring pode ser usado para ver quem bate na porta de usuários e vigilância doméstica. Imagem: Ring/ReproduçãoA Ring, em comunicado, informou que vem trabalhando em conjunto com o CPSC e que tem entrado em contato com os clientes que compraram o dispositivo "para garantir que receberam o manual do usuário atualizado e seguir as instruções de instalação do dispositivo".Preocupações sobre vigilânciaO modelo de campainha inteligente em questão foi vendido de junho de 2020 até outubro pelo preço aproximado de US$ 100, cerca de R$ 539 em conversão direta. Ele é produzido na China e importado pela Ring, que tem sede nos Estados Unidos. O recall também abrange as cerca de 8.700 unidades vendidas no Canadá.Os dispositivos da Ring, como o Ring Video Doorbell (2ª geração), possuem uma câmera para segurança doméstica. Ela pode monitorar varandas e a parte da frente das casas, sendo controlada por um aplicativo.Os dispositivos da Ring têm enfrentado problemas quanto à segurança e privacidade de usuários. Já foram emitidas diversas complicações de segurança de dados no passado, além de considerações quanto ao uso deles para projetos de vigilância.Via: Business Insider

from Olhar Digital :: Segurança https://ift.tt/3kfZHhG

WhatsApp Using Up Your Phone Storage? Here’s How to Fix It

It's time to do something about those photos and videos automatically saving to your camera roll.

from Security Latest https://ift.tt/2JSOaZ3

Over 2800 e-Shops Running Outdated Magento Software Hit by Credit Card Hackers

A wave of cyberattacks against retailers running the Magento 1.x e-commerce platform earlier this September has been attributed to one single group, according to the latest research. "This group has carried out a large number of diverse Magecart attacks that often compromise large numbers of websites at once through supply chain attacks, such as the Adverline incident, or through the use of

from The Hacker News https://ift.tt/3eQaVrW

Build Your 2021 Cybersecurity Plan With This Free PPT Template

The end of the year is coming, and it's time for security decision-makers to make plans for 2021 and get management approval. Typically, this entails making a solid case regarding why current resources, while yielding significant value, need to be reallocated and enhanced. The Definitive 2021 Security Plan PPT Template is built to simplify this task, providing security decision-makers with an

from The Hacker News https://ift.tt/32hyK47

Microsoft Releases Windows Security Updates For Critical Flaws

Microsoft formally released fixes for 112 newly discovered security vulnerabilities as part of its November 2020 Patch Tuesday, including an actively exploited zero-day flaw disclosed by Google's security team last week. The rollout addresses a total of 112 vulnerabilities, 17 of which are rated critical, once again bringing the patch count over 110 after a drop last month. The security updates

from The Hacker News https://ift.tt/2UcWvZL

Maior vulnerabilidade do PIX é o usuário, alertam especialistas

O PIX, novo sistema de pagamentos instantâneos do Banco Central (BC), começou a dar seus primeiros passos no Brasil. No entanto, alguns usuários ainda questionam a segurança da plataforma. Segundo especialistas, o maior risco não está na tecnologia em si, e sim no usuário. É o fator humano.A etapa de testes do PIX vai até o próximo dia 15. A partir do dia 16 de novembro, o sistema já entrará em funcionamento completo. Alternativa ao DOC e TED, o PIX é um sistema de pagamentos instantâneo, que funcionará todos os dias do ano e 24 horas por dia. Quem deseja utilizar a plataforma pode cadastrar e-mail, CPF ou número de celular como chave. Também é possível usar um identificador numérico único ou dados de agência e conta. Até o início de novembro, o sistema já tinha 60,6 milhões de chaves cadastradas, sendo 2,4 milhões para pessoas jurídicas e 58,2 milhões para pessoas físicas, segundo levantamento do BC.Especialistas em cibersegurança da BugHunt, plataforma brasileira de Bug Bounty (programa de recompensa por identificação de erros) e da Compugraf, provedora de soluções de segurança da informação e privacidade de dados, afirmam que, por ser uma forma simplificada de identificação, o PIX conta com as mesmas soluções de segurança do Sistema Financeiro Nacional (que servem também para DOC e TED). Além disso, as transações contam com camadas de segurança para autenticação oferecidas pelos próprios bancos dos dispositivos móveis, como reconhecimento facial e biometria.ReproduçãoO elo mais fraco a ser explorado por criminosos é o lado do usuário, segundo especialistas. Imagem: Nattakorn Maneerat/Shutterstock“Essas transações atuais, assim como o PIX, possuem controles rigorosos de cibersegurança, porém, isso não impede golpes e fraudes, visto que ainda resta o fator humano", explica Caio Telles, engenheiro de Software e CEO da BugHunt. "Então, a tendência é que ocorram tentativas de golpes e fraudes explorando as pessoas, e, por ser um serviço novo para todos, existe um risco direto associado”.O chefe de Cibersegurança da Compugraf, Denis Riviello, concorda com essa visão, e afirma que a principal vulnerabilidade do PIX está no elo mais fraco - o usuário. Isso envolve desde fraudes no cadastro das credenciais até roubo dos dados após o sistema estar em funcionamento. “Os bancos têm investido muito na nova plataforma, em termos de segurança, uma vez que possuem anos de experiência nesse setor e sabem como a criatividade dos fraudadores é grande", diz Riviello. "Porém, os cibercriminosos podem se aproveitar dos dados desta chave (CPF, e-mail e celular) para ludibriar os usuários”.ReproduçãoUsuários devem se atentar ao QR Code para não cair em golpes. Imagem: Divina Epiphania/ ShutterstockEm outras palavras, as falhas do PIX podem atingir clientes e instituições da mesma forma que outros serviços atingem atualmente. Segundo os especialistas, a maior parte dos golpes explora o lado do usuário, como invadir o computador e coletar informações da conta de alguém, por exemplo. “Os sistemas das instituições financeiras seguem rígidas regras de segurança, que são testadas e aprimoradas constantemente, o que torna muito improvável uma invasão ou dano diretamente no ambiente tecnológico da instituição, aumentando a vulnerabilidade no lado do usuário”, resume Telles.Com tantos mecanismos de segurança, os ataques partem para o usuário, que pode ser enganado e levado a um site fraudulento, com um QR Code de pagamento falso via PIX. “O QR Code é um atalho para a chave que identifica o dono da conta que irá receber o valor. Caso seja alterado por um QR Code de outra conta, o valor será disponibilizado em conta diferente", explica Telles. "É preciso estar atento às confirmações das informações e, sempre que perceber qualquer inconsistência, o usuário não deverá efetivar e confirmar qualquer pagamento”.Outro tipo de fraude pode acontecer durante o cadastro das chaves por meio de emails falsos e da captura da identidade das pessoas por meio de golpes, aproveitando-se do fator instantâneo da negociação. É o que acontece com os golpes de engenharia social aplicados atualmente.Para Telles, os bancos devem cuidar de seu ambiente tecnológico para evitar ataques e manter sua reputação e a privacidade de seus clientes. Riviello, por sua vez, recomenda aos usuários finais muita atenção ao compartilhar sua chave PIX e seus dados bancários. “Vale lembrar que as transações por meio do Pix são protegidas pela Lei n° 105/2001, do Sigilo Bancário, e também a Lei Geral de Proteção de Dados (n° 13.709/2018)”, conclui ele.

from Olhar Digital :: Segurança https://ift.tt/36sCmo0

Adobe Releases Security Updates for Multiple Products

Original release date: November 10, 2020

Adobe has released security updates to address vulnerabilities in multiple products.  An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Adobe security advisories for Adobe Connect and Adobe Reader for Android and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/3lvHCxm

Cisco Releases Security Update for IOS XR Software

Original release date: November 10, 2020

Cisco has released a security update to address a vulnerability in IOS XR Software for ASR 9000 Series Aggregation Services Routers. An unauthenticated, remote attacker could exploit this vulnerability to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco security advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/3kgIcxB

Comissão dos EUA afirma que Zoom 'enganou usuários' sobre segurança

A Comissão Federal de Comércio dos Estados Unidos (Federal Trade Commission, ou FTC) anunciou hoje um acordo com a Zoom Video Communications que exigirá que a empresa implemente um programa mais robusto de segurança. De acordo com o órgão, a companhia "enganou os usuários" por anos ao anunciar que oferecia "criptografia ponta a ponta de 256 bits" como proteção.As chaves criptográficas mantidas pelo Zoom, porém, poderiam permitir que a empresa tivesse acesso ao conteúdo das reuniões de seus clientes. 'Durante a pandemia, praticamente todos - famílias, escolas, grupos sociais e empresas - estão usando videoconferência para se comunicar, tornando a segurança dessas plataformas mais crítica do que nunca", afirmou o Diretor do Bureau de Proteção ao Consumidor da FTC, Andrew Smith.A FTC ainda afirma que o Zoom também enganou alguns usuários que queriam armazenar reuniões gravadas na nuvem, garantindo que esses vídeos seriam criptografados imediatamente após o término da videoconferência. "Em vez disso, algumas gravações supostamente foram armazenadas sem criptografia por até 60 dias nos servidores do Zoom antes de serem transferidas para seu armazenamento seguro em nuvem", afirma o órgão.Um porta-voz da Zoom disse em um comunicado enviado por e-mail ao site The Verge que a segurança de seus usuários é uma prioridade e que já tratou dos problemas discutidos com a FTC. "A resolução está de acordo com nosso compromisso de inovar e aprimorar nosso produto, pois oferecemos uma experiência de comunicação de vídeo segura", diz a declaração.ReproduçãoA criptografia de ponta a ponta  que aprimora a privacidade das vídeo chamadas, só foi implementada no Zoom recentemente. Imagem: Ymphotos/ShutterstockComo parte do acordo com a FTC, o Zoom deve documentar anualmente quaisquer riscos potenciais de segurança interna e externado seu sistema, além de desenvolver formas de proteção contra tais riscos. A empresa ainda terá que implementar um programa de gerenciamento de vulnerabilidade e implantar salvaguardas, como autenticação em múltiplos fatores, para proteger contra acesso não autorizado à sua rede."Além disso, a equipe do Zoom será solicitada a revisar todas as atualizações de software em busca de falhas de segurança e deve garantir que as atualizações não prejudiquem os recursos de segurança de terceiros", determinou a FTC. A empresa também está proibida de fazer "declarações falsas sobre suas práticas de privacidade e segurança".Só no fim de outubro a Zoom Technologies confirmou que as vídeo chamadas realizadas por meio de seu app contariam com a criptografia de ponta a ponta (E2E, ou "end to end", no jargão em inglês). Denúncias sobre propaganda enganosa da empresa chegaram ao seu ápice após uma reportagem do The Intercept, que revelou que o Zoom prometia, em seu site e white paper, a criptografia de ponta a ponta, mas não a entregar no uso do app.Desde então, o CEO da Zoom Technologies, Eric Yuan, tomou uma série de atitudes comprometidas com o aprimoramento do serviço, como contratar a consultoria de Alex Stamos, ex-chefe de segurança do Facebook e Yahoo. A partir daí, diversas atualizações ao serviço inseriram novos recursos de privacidade.A criptografia de ponta a ponta do Zoom vale para usuários gratuitos e pagantes, e está sendo implementada de forma gradual.Via: FTC/The Verge

from Olhar Digital :: Segurança https://ift.tt/3keO8HH

Ação do FBI derruba site que oferecia 23 mil bancos de dados pessoais

Na última semana, um site que armazenava 23.600 banco de dados pessoais foi supostamente fechado pela polícia e pela justiça americana, depois que as informações armazenadas vazaram em diversos fóruns hackers e em canais do aplicativo Telegram. No entanto, há quem acredite que a operação é apenas mais um golpe dos criadores da página.O Cit0day funcionava como uma espécie de assinatura ilegal. Hackers faziam pagamentos mensais em troca de informações pessoais de internautas, como nome, e-mail, endereço e até senhas não criptografadas.Depois que as informações vazaram, uma ação do FBI, a polícia federal americana, e do DOJ, o departamento de Justiça do país, interceptaram o domínio. Após o evento, o site exibia imagens das duas instituições federais e o aviso de que a página havia sido fechada.O criador do site foi identificado pelo codinome Xrenovi4 e, aparentemente, foi preso na ação. No entanto, especialistas apontam que tudo isso, inclusive a operação policial, pode ser uma fraude armada pelo próprio criminoso.Conforme explica Raveed Laeb, gerente de produtos da KELA, uma das principais empresas de inteligência digital, existem sinais que mostram que o aviso de apreensão do site é falso e que ele foi copiado de verdadeiras ocorrências policiais anteriores.ReproduçãoAo acessar o site, a página exibe a informação de que ele foi derrubado pelo FBI. Foto: ZDNetPara ele, o banner de remoção do site foi reproduzido da ação da polícia contra o site Deer.io, uma plataforma com métodos semelhantes, que foi editado para fazer parte do Cit0day, posteriormente.Soma-se a isso o fato de que o FBI não anunciou nenhuma operação contra o site ilegal, na contramão do que normalmente o departamento faz. Além disso, um porta-voz da polícia se negou a comentar o caso ou confirmar qualquer investigação desse tema.FBI já fechou marketplace de contas hackeadasEm março deste ano, a polícia americana prendeu um cidadão russo que estava por trás do Deer.io, uma plataforma que já foi considerada como um marketplace para crimes cibernéticos, com compra e venda de contas hackeadas.Identificado como Kirill Victorovich Firsov, o homem foi preso no Aeroporto John F. Kennedy, em Nova York, por meio de um mandato expedido pela polícia da Califórnia.Segundo os órgãos oficiais, no site, era possível hospedar lojas online para venda de dados pelo preço mensal de US$ 12 (cerca de R$ 65). Nestes termos, calculou-se que o criminoso já havia faturado mais de US$ 17 milhões (cerca de R$ 91 milhões) com as mais de 24 mil lojas existentes.Os agentes policiais afirmaram que durante a investigação conseguiram fazer a aquisição de diversos dados hackeados por meio das lojas hospedadas no Deer.io e isso confirmou que o site vendia informações autênticas.Fonte: ZDNet

from Olhar Digital :: Segurança https://ift.tt/3lk34FM

Microsoft Releases November 2020 Security Updates

Original release date: November 10, 2020

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s November 2020 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/3po141N

Ghimob: trojan envia links falsos de dívidas para invadir celulares

Especialistas em cibersegurança descobriram um trojan bancário cujas campanhas massivas estão ativas principalmente no Brasil. O Ghimob deriva da versão móvel do Guildma e infecta celulares quando usuários clicam em links falsos de pagamentos de dívidas enviados por e-mail.Os alvos do ataque, que se estende a outros países da América Latina, África e Europa, são corretoras de valores e de criptomoedas, fintechs e bancos.Ao ser instalado em um smartphone, o trojan de acesso remoto (RAT - Remote Access Trojan) envia mensagens ao cibercriminoso com detalhes do aparelho infectado, informações da tela de bloqueio de segurança e a lista de aplicativos instalados. Assim, o Ghimob atua como um espião e fornece o que um hacker precisa para acessar as aplicações de bancos e prejudicar os usuários.Pxhere/ReproduçãoCelulares podem ser infectados quando o usuário abre uma mensagem sobre dívida e clica em um link malicioso. Imagem: Pxhere/Reprodução “Um trojan com alcance global para realizar fraudes no mobile banking era um desejo de longa data dos cibercriminosos latino-americanos. Já tivemos o Basbanke e o Brata, mas estes atuam mais focados no mercado brasileiro. Por isso, o Ghimob é o primeiro pronto para ser internacionalizado e acreditamos que isso não vá demorar, uma vez que ele compartilha a mesma infraestrutura do Guildma”, comenta Fabio Assolini, especialista de segurança da Kaspersky no Brasil. Infecção de smartphonesOs cibercriminosos usam o trojan para acessar remotamente o aparelho infectado e fazer transações em nome da vítima. Em comparação com o Brata ou Basbanke, outra família de trojans bancários móveis originária do Brasil, Ghimob é muito mais avançado e mais rico em recursos.Quando o dono do celular clica no e-mail malicioso recebido, o instalador GHimob APK é baixado e, caso seu downloado seja aceito, a instalação começa. Kaspersky/ReproduçãoE-mail com link malicioso engana o usuário ao se passar por cobrança de dívida. Imagem: Kaspersky/Reprodução O Ghimob também pode destravar o celular, mesmo que o dono do aparelho tenha definido uma senha ou um padrão de desenho de bloqueio. Assim, consegue evitar a detecção de fraude por tecnologias, como fingerprint e um sistema antifraude (detecção por comportamento do usuário). No momento em que as transações estão em curso, os hackers inserem uma tela preta, branca ou algum site em tela cheia para mascarar a atividade. “A tela preta ainda é usada para forçar a vítima a usar a biometria para destravar a tela e, assim, roubar esta forma de autenticação”, alerta Assolini. Kaspersky/ReproduçãoMapa mostra lugares onde ocorreram ataques do Ghimob. Imagem: Kaspersky/Reprodução De acordo com os especialistas em cibersegurança, o que chama ainda mais a atenção no caso do Ghimob é a lista extensa de aplicativos que podem ser espionados, que chega as 153 aplicações móveis. Apenas no Brasil, 112 apps de instituições financeiras podem ter suas credenciais de seus clientes roubadas. Para complicar o cenário, a ameaça pode afetar 13 apps de criptomoeda de diversos países e nove aplicações de sistemas internacionais de pagamento.Além disso, também não estão livres o mobile banking de instituições que operam na Alemanha (5), Portugal (3), Peru (2 ), Paraguai (2), Moçambique (1) e Angola (1).“Recomendamos que as instituições financeiras acompanhem essas ameaças de perto para aprimorar seus processos de autenticação e tecnologias antifraudes com dados de inteligência de ameaças. Compreender sua ação é a maneira mais eficaz de mitigar os riscos desta nova família de RAT móvel”, destaca Assolini. 

from Olhar Digital :: Segurança https://ift.tt/3n9zpzx

SAP Releases November 2020 Security Updates

Original release date: November 10, 2020

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. These include missing authentication check vulnerabilities affecting SAP Solution Manager (JAVA stack).

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the SAP Security Notes for November 2020 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/38wcBpI

Check Point CloudGuard integrates with AWS Gateway Load Balancer at Launch

By Jonathan Maresky, CloudGuard Product Marketing Manager, published November 10, 2020 Cloud security is not a trivial practice of “click-and-deploy”, “one-size-fits-all” or even “my cloud vendor is responsible for cloud security”. The shared responsibility model is a critical component of a cloud user’s ability to protect their organization’s cloud assets in the long term and…

The post Check Point CloudGuard integrates with AWS Gateway Load Balancer at Launch appeared first on Check Point Software.

from Check Point Software https://ift.tt/35hqQN6

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Original release date: November 10, 2020

Mozilla has released security updates to address a vulnerability in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/2UfDS7g

Após ataque hacker, Judiciário anuncia comitê de segurança digital

Em resposta ao ataque hacker sofrido pelo Superior Tribunal de Justiça (STJ) na última terça-feira (3), o Conselho Nacional de Justiça (CNJ) estuda a implementação de um comitê cibernético para monitorar a segurança dos sistemas eletrônicos dos tribunais.O anúncio foi feito pelo presidente do Supremo Tribunal Federal (STF), Luiz Fux, nesta segunda-feira (9). O ministro afirmou que ainda discute o modelo do comitê com assessores, e que a iniciativa será formalizada em reunião do CNJ nesta terça-feira (10).Fux reverberou a opinião de especialistas ao indicar que o evento da última semana mostrou a urgência de uma preocupação maior, por parte do governo, com a segurança digital. Ele disse ter ajuda do ministro Humberto Martins, presidente do STJ, para se debruçar sobre o caso e pensar em futuras medidas de proteção."Nós vamos criar um Comitê Cibernético de Proteção à Justiça Digital do Poder Judiciário, com parceria de todas as entidades que têm expertise sobre esse tema", afirmou. "Então, todas as entidades que fizeram parceria com o ministro Humberto Martins farão com o CNJ".ReproduçãoMinistro Luiz Fux reforçou a importância da segurança digital nos sistemas eletrônicos do Judiciário. Imagem: Nelson Jr./SCO/STFJulgamentos por videoconferênciaA fala de Fux ocorreu durante sessão online que discutia o projeto "Juízo 100% Digital", que prevê a realização de todos os atos processuais por meio eletrônico e de forma remota. Isso inclui a possibilidade (facultativa) de julgamentos e audiências feitos por videoconferência, ficando a cargo de cada tribunal decidir se adota o sistema.Naturalmente, este é mais um motivo para o investimento em segurança digital. Estima-se que a interdição do STJ por conta do ataque tenha impossibilitado o julgamento de 12 mil processos.Na última quinta-feira (5), o presidente Jair Bolsonaro (sem partido) afirmou no Twitter que a Polícia Federal já identificou o hacker responsável pela invasão. "Já descobriram quem é o 'hackeador' (sic). Já descobriram? Pô, o cara hackeou e não conseguiu ficar aí duas horas escondido", disse.A informação foi confirmada no dia seguinte à TV Globo pelo delegado Rolando Alexandre de Souza, diretor-geral da Polícia Federal. Segundo Bolsonaro, Rolando foi elogiado por Humberto Martins por seu desempenho à frente do caso.Em nota emitida na última semana, a Polícia Federal diz avaliar a extensão do ocorrido, além de buscar restabelecer a rede por meio de diligências adotadas com a participação de peritos do STJ. Fonte: Globo

from Olhar Digital :: Segurança https://ift.tt/38vgnQc

Check Point Software´s predictions for 2021: Securing the ‘next normal’

“Life is what happens while you’re making other plans,” said John Lennon. And the events of 2020 have shown how right he was.  If you had looked through the predictions and contingency plans of the world’s top 1,000 companies 12 months ago, few (if any) would have included detail on dealing with a global pandemic.…

The post Check Point Software´s predictions for 2021: Securing the ‘next normal’ appeared first on Check Point Software.

from Check Point Software https://ift.tt/3pgafRt

Watch Out! New Android Banking Trojan Steals From 112 Financial Apps

Four months after security researchers uncovered a "Tetrade" of four Brazilian banking Trojans targeting financial institutions in Brazil, Latin America, and Europe, new findings show that the criminals behind the operation have expanded their tactics to infect mobile devices with spyware. According to Kaspersky's Global Research and Analysis Team (GReAT), the Brazil-based threat group Guildma

from The Hacker News https://ift.tt/35fvXgJ

Critical Vulnerability in Windows OS – Check Point customers remain protected

Only five days after Google disclosed information about a critical vulnerability in the Microsoft Windows operating system (CVE-2020-17087), Check Point has officially released protection to keep its customers completely safe. Early protections against vulnerabilities that are under active attack are crucial. Microsoft is expected to release an update today, November 10, 2020, but Google research…

The post Critical Vulnerability in Windows OS – Check Point customers remain protected appeared first on Check Point Software.

from Check Point Software https://ift.tt/3nmb75F

Celulares Android antigos podem ter problemas com sites seguros em 2021

Smartphones Android com versões antigas do sistema operacional podem ter problemas para acessar sites seguros a partir de setembro de 2021. Isso porque o acordo entre a Let’s Encrypt e a IdenTrust vai chegar ao fim. Modelos com versões anteriores à 7.1.1 devem ser atingidos.Conexões seguras a sites ou serviços dependem de certificados de segurança, que são emitidos por autoridades de certificação como a Let’s Encrypt e a IdenTrust. Essas empresas assinam as operações com seu certificado raiz.Quando o sistema do aparelho não reconhece esse certificado raiz nativamente, as conexões seguras a sites que os usam falham. Segundo o Android Police, o certificado raiz da Let’s Encrypt é usado em 30% dos sites seguros na web. Um acordo com a IdenTrust garantir que essas páginas fossem acessadas pelos aparelhos com versões antigas do sistema.A lista de certificados reconhecidos pelo Android só pode ser modificada com uma atualização, o que não é uma opção para muitos aparelhos antigos. De acordo com a Let’s Encrypt, 33,8% dos smartphones Android em uso têm versões do sistema operacional anteriores à 7.1.1.Uma solução temporária é usar o navegador Firefox, que tem sua própria base de certificados e funciona em qualquer versão do Android superior à 5.0. Já os apps que usam o navegador do sistema para exibir conteúdo vão deixar de funcionar. A solução definitiva é trocar o smartphone por um que tenha a versão mais recente do Android.

from Olhar Digital :: Segurança https://ift.tt/3eJqAcF

FBI emite alerta sobre roubo de código-fonte

O FBI publicou em seu site um alerta a empresas e agências governamentais dos EUA, avisando que hackers estão se aproveitando de falhas de configuração de uma ferramenta chamada SonarQube, usada para detectar bugs e falhas de segurança em programas, para roubar código-fonte.O problema, segundo o FBI, é que muitas empresas deixam suas instâncias do SonarQube expostas à web, com credenciais de login (usuário admin, senha admin) e portas (9000) padrão. Os hackers usam estes dados para fazer login na ferramenta e, a partir dela, acessar repositórios de código-fonte em serviços como o GitHub, BitBucket, GitLab e outros.Estes repositórios são usados por empresas para centralizar o desenvolvimento de software, permitindo que vários programadores trabalhem em um projeto simultâneamente, sem risco de conflitos.O código-fonte roubado pode ser analisado em busca de segredos de mercado, para dar uma vantagem competitiva a um concorrente ou para determinar falhas de segurança ou “brechas” que possam ser usadas em um ataque em busca de informações confidenciais.VítimasDe acordo com a agência, os “vazamentos” de código-fonte relacionados ao SonarQube começaram a ser identificados em abril deste ano, e a ferramenta é usada por agências do governo dos EUA e também por empresas privadas em setores como tecnologia, finanças, varejo, alimentação, e-commerce e manufatura.A agência relata dois casos de roubo de código-fonte: um em julho, quando um indivíduo roubou código de várias empresas e o divulgou em um repositório público, e outro em agosto, quando duas organizações foram afetadas. Os nomes das vítimas não foram divulgados.Como se prevenirO FBI recomenda que usuários do SonarQube mudem a configuração padrão, incluindo o nome de usuário e senha do administrador e porta na qual o serviço responde. Também sugere que instâncias sejam colocadas atrás de uma tela de login, e que tentativas de acesso não autorizado sejam monitoradas.Além disso, se possível as chaves de API (API Keys) usadas por outros apps para acessar o SonarQube (e vice-versa) devem ser revogadas, e novas chaves emitidas. Por fim, recomenda que instâncias do SonarQube sejam colocadas atrás de um firewall corporativo e outras “defesas de perímetro”, para impedir acesso não autorizado.Fonte: FBI

from Olhar Digital :: Segurança https://ift.tt/38yCIfo

Vulnerability Summary for the Week of November 2, 2020

Original release date: November 9, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- acrobat	Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment.	2020-11-05	9.3	CVE-2020-24433 MISC
google -- chrome	Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	2020-11-03	7.5	CVE-2020-16011 SUSE SUSE MISC MISC
qnap -- music_station	If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.	2020-11-02	7.5	CVE-2018-19950 CONFIRM
qualcomm -- agatti_firmware	u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130	2020-11-02	10	CVE-2020-3654 CONFIRM MISC
qualcomm -- agatti_firmware	u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead peripheral system enter into dead lock state.(This CVE is equivalent to InvalidConnectionRequest(CVE-2019-19193) mentioned in sweyntooth paper)' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8017, APQ8053, AR9344, Bitra, IPQ5018, Kamorta, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA6174A, QCA6390, QCA6574AU, QCA9377, QCA9886, QCM6125, QCN7605, QCS404, QCS405, QCS605, QCS610, QRB5165, Rennell, SA415M, SA515M, Saipan, SC7180, SC8180X, SDA845, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130	2020-11-02	7.8	CVE-2020-3704 CONFIRM MISC
qualcomm -- agatti_firmware	u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, Bitra, Kamorta, Nicobar, QCA6390, QCS404, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130	2020-11-02	7.2	CVE-2020-3690 CONFIRM MISC
qualcomm -- agatti_firmware	u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for parameters received from server' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Agatti, Kamorta, Nicobar, QCM6125, QCS610, Rennell, SA415M, Saipan, SC7180, SC8180X, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130	2020-11-02	10	CVE-2020-3692 CONFIRM MISC
qualcomm -- agatti_firmware	u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to validate the index length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130	2020-11-02	10	CVE-2020-3673 CONFIRM MISC
qualcomm -- apq8009_firmware	u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered client through webserver due to lack of array bound check.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6574AU, QCS405, QCS610, QRB5165, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8250	2020-11-02	10	CVE-2020-3657 CONFIRM MISC
qualcomm -- apq8009_firmware	u'Buffer overflow while processing PDU packet in bluetooth due to lack of check of buffer length before copying into it.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55	2020-11-02	8.3	CVE-2020-11155 CONFIRM MISC
qualcomm -- apq8009_firmware	u'Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55	2020-11-02	8.3	CVE-2020-11154 CONFIRM MISC
qualcomm -- apq8053_firmware	u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central device(This CVE is equivalent to Link Layer Length Overfow issue (CVE-2019-16336,CVE-2019-17519) and Silent Length Overflow issue(CVE-2019-17518) mentioned in sweyntooth paper)' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8076, AR9344, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8917, MSM8937, MSM8940, MSM8953, Nicobar, QCA6174A, QCA9377, QCM2150, QCM6125, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SC8180X, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130	2020-11-02	7.5	CVE-2020-3703 CONFIRM MISC
qualcomm -- apq8053_firmware	u'Out of bound memory access while processing GATT data received due to lack of check of pdu data length and leads to remote code execution' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8053, QCA6390, QCA9379, QCN7605, SC8180X, SDX55	2020-11-02	10	CVE-2020-11153 CONFIRM MISC
qualcomm -- ipq4019_firmware	u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack overflow' in Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA9531, QCA9980	2020-11-02	7.5	CVE-2020-11172 CONFIRM MISC
whatsapp -- whatsapp	A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold.	2020-11-03	7.5	CVE-2020-1909 CONFIRM
wordpress -- wordpress	WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.	2020-11-02	7.5	CVE-2020-28032 MISC MLIST MISC MISC DEBIAN
wordpress -- wordpress	WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.	2020-11-02	7.5	CVE-2020-28035 MLIST MISC DEBIAN
wordpress -- wordpress	wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.	2020-11-02	7.5	CVE-2020-28036 MISC MLIST MISC MISC DEBIAN
wordpress -- wordpress	is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).	2020-11-02	7.5	CVE-2020-28037 MISC MLIST MISC MISC DEBIAN

Back to top

 

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- acrobat	Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2020-11-05	6.8	CVE-2020-24429 MISC
adobe -- acrobat	Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2020-11-05	4.3	CVE-2020-24438 MISC
adobe -- acrobat	Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2020-11-05	4.3	CVE-2020-24427 MISC
adobe -- acrobat	Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2020-11-05	5.1	CVE-2020-24428 MISC
adobe -- acrobat	Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2020-11-05	5.8	CVE-2020-24431 MISC
adobe -- acrobat	Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2020-11-05	4.3	CVE-2020-24434 MISC
adobe -- acrobat	Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2020-11-05	4.3	CVE-2020-24426 MISC
adobe -- acrobat	Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2020-11-05	6.8	CVE-2020-24437 MISC MISC
adobe -- acrobat	Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit in that the victim must open a malicious document.	2020-11-05	6.8	CVE-2020-24436 MISC
adobe -- acrobat	Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file in Acrobat Reader.	2020-11-05	6.8	CVE-2020-24435 MISC MISC
adobe -- acrobat	Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is trusted by the victim. The attacker then needs to convince the victim to open the document.	2020-11-05	6.8	CVE-2020-24432 MISC
adobe -- acrobat	Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a malicious file.	2020-11-05	6.8	CVE-2020-24430 MISC
basercms -- basercms	baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.	2020-10-30	6.5	CVE-2020-15277 MISC MISC CONFIRM
google -- chrome	Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	2020-11-03	6.8	CVE-2020-15997 MISC MISC
google -- chrome	Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.	2020-11-03	6.8	CVE-2020-15992 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	6.8	CVE-2020-15993 MISC MISC
google -- chrome	Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	6.8	CVE-2020-15995 MISC MISC
google -- chrome	Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	6.8	CVE-2020-16006 SUSE SUSE MISC MISC
google -- chrome	Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	2020-11-03	6.8	CVE-2020-15996 MISC MISC
google -- chrome	Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	6.8	CVE-2020-16005 SUSE SUSE MISC MISC
google -- chrome	Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	2020-11-03	6.8	CVE-2020-15998 MISC MISC
google -- chrome	Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	6.8	CVE-2020-16000 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	6.8	CVE-2020-16001 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.	2020-11-03	6.8	CVE-2020-16002 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	6.8	CVE-2020-16004 SUSE SUSE MISC MISC
google -- chrome	Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	2020-11-03	6.8	CVE-2020-15990 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.	2020-11-03	4.3	CVE-2020-15977 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	2020-11-03	6.8	CVE-2020-15991 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	6.8	CVE-2020-16003 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.	2020-11-03	6.8	CVE-2020-15988 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.	2020-11-03	4.3	CVE-2020-15982 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	4.3	CVE-2020-15999 SUSE MISC MISC FEDORA
google -- chrome	Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	2020-11-03	6.8	CVE-2020-16010 MISC MISC
google -- chrome	Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	6.8	CVE-2020-15979 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.	2020-11-03	4.3	CVE-2020-15985 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.	2020-11-03	4.3	CVE-2020-15984 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.	2020-11-03	6.8	CVE-2020-15974 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	4.3	CVE-2020-15986 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.	2020-11-03	4.3	CVE-2020-15981 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.	2020-11-03	4.3	CVE-2020-6557 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	6.8	CVE-2020-16009 SUSE SUSE MISC MISC
google -- chrome	Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.	2020-11-03	4.4	CVE-2020-15983 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	6.8	CVE-2020-15994 MISC MISC
google -- chrome	Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	6.8	CVE-2020-15975 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	6.8	CVE-2020-15976 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.	2020-11-03	6.8	CVE-2020-15978 SUSE MISC MISC FEDORA FEDORA
ibm -- i2_ibase	IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579.	2020-10-30	6.8	CVE-2020-4588 XF CONFIRM
ibm -- i2_ibase	IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574.	2020-10-30	5	CVE-2020-4584 XF CONFIRM
icewarp -- mail_server	IceWarp 11.4.5.0 allows XSS via the language parameter.	2020-11-02	4.3	CVE-2020-27982 MISC
jenkins -- active_directory	A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials.	2020-11-04	4.3	CVE-2020-2303 MLIST CONFIRM
jenkins -- active_directory	A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page.	2020-11-04	4	CVE-2020-2302 CONFIRM
jenkins -- aws_global_configuration	A missing permission check in Jenkins AWS Global Configuration Plugin 1.5 and earlier allows attackers with Overall/Read permission to replace the global AWS configuration.	2020-11-04	4	CVE-2020-2311 CONFIRM
jenkins -- azure_key_vault	A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.	2020-11-04	4	CVE-2020-2313 CONFIRM
jenkins -- kubernetes	A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.	2020-11-04	4	CVE-2020-2308 CONFIRM
jenkins -- kubernetes	A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.	2020-11-04	4	CVE-2020-2309 CONFIRM
jenkins -- mercurial	A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.	2020-11-04	4	CVE-2020-2306 CONFIRM
marmind -- marmind	A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker to perform unauthorized actions in the application on behalf of legitimate users or spread malware via the application. By using the “Assets Upload” function, an attacker can abuse the upload function to upload a malicious PDF file containing a stored XSS.	2020-11-05	4.3	CVE-2020-26505 MISC MISC
oleacorner -- olea_gift_on_order	The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal.	2020-11-02	5	CVE-2020-9368 MISC MISC
pimcore -- pimcore	The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: https://ift.tt/3jFoKdS	2020-10-30	6.5	CVE-2020-7759 CONFIRM CONFIRM
qnap -- music_station	If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.	2020-11-02	4.3	CVE-2018-19951 CONFIRM
qnap -- music_station	If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.	2020-11-02	5	CVE-2018-19952 CONFIRM
qnap -- photo_station	The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.	2020-11-02	4.3	CVE-2018-19956 CONFIRM
qnap -- photo_station	The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.	2020-11-02	4.3	CVE-2018-19955 CONFIRM
qnap -- photo_station	The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.	2020-11-02	4.3	CVE-2018-19954 CONFIRM
qualcomm -- agatti_firmware	u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130	2020-11-02	4.6	CVE-2020-11174 CONFIRM MISC
qualcomm -- agatti_firmware	u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access control' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Bitra, Kamorta, QCA6390, QCS404, QCS610, Rennell, SA515M, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130	2020-11-02	4.6	CVE-2020-3638 CONFIRM MISC
qualcomm -- agatti_firmware	u'A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param' in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Kamorta, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SXR1130	2020-11-02	4.6	CVE-2020-3678 CONFIRM MISC
qualcomm -- agatti_firmware	u'Potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element(IEI) NAS message container' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCM6125, QCS605, QCS610, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130	2020-11-02	6.4	CVE-2020-3670 CONFIRM MISC
qualcomm -- agatti_firmware	u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8098, Bitra, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8998, Nicobar, QCA6390, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130	2020-11-02	4.6	CVE-2020-3684 CONFIRM MISC
qualcomm -- agatti_firmware	u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9150, MDM9607, MDM9650, MSM8905, MSM8917, MSM8953, Nicobar, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130	2020-11-02	4.6	CVE-2020-11125 CONFIRM MISC
qualcomm -- agatti_firmware	u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8053, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8953, Nicobar, QCA6390, QCS404, QCS405, QCS610, Rennell, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM632, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130	2020-11-02	4.4	CVE-2020-11173 CONFIRM MISC
qualcomm -- apq8009_firmware	u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for particular process' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8996AU, QCA4531, QCA6574AU, QCA9531, QCM2150, QCS605, SDM429W, SDX20, SDX24	2020-11-02	4.6	CVE-2020-3696 CONFIRM MISC
qualcomm -- apq8009_firmware	u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8098, Bitra, MSM8909W, MSM8996AU, Nicobar, QCM2150, QCS605, Saipan, SDM429W, SDX20, SM6150, SM8150, SM8250, SXR2130	2020-11-02	4.6	CVE-2020-3693 CONFIRM MISC
qualcomm -- apq8009_firmware	u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap configuration request received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, SA415M, SA515M, SC8180X, SDX55, SM8250	2020-11-02	4.8	CVE-2020-11141 CONFIRM MISC
qualcomm -- apq8009_firmware	u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55	2020-11-02	6.4	CVE-2020-11169 CONFIRM MISC
qualcomm -- apq8053_firmware	u'Lack of handling unexpected control messages while encryption was in progress can terminate the connection and thus leading to a DoS' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8076, MDM9640, MDM9650, MSM8905, MSM8917, MSM8937, MSM8940, MSM8953, QCA6174A, QCA9886, QCM2150, QM215, SDM429, SDM439, SDM450, SDM632	2020-11-02	5	CVE-2020-11157 CONFIRM
qualcomm -- bitra_firmware	u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in Bitra, Nicobar, Saipan, SM6150, SM8150, SM8250, SXR2130	2020-11-02	4.6	CVE-2020-3694 CONFIRM MISC
qualcomm -- qca6390_firmware	u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in QCA6390, QCN7605, QCS404, SA415M, SA515M, SC8180X, SDX55, SM8250	2020-11-02	4.8	CVE-2020-11156 CONFIRM MISC
trendmicro -- antivirus	Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.	2020-10-30	6.9	CVE-2020-27014 N/A N/A
wordpress -- wordpress	WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.	2020-11-02	4.3	CVE-2020-28040 MISC MLIST MISC DEBIAN
wordpress -- wordpress	WordPress before 5.5.2 allows stored XSS via post slugs.	2020-11-02	4.3	CVE-2020-28038 MISC MLIST MISC DEBIAN
wordpress -- wordpress	WordPress before 5.5.2 allows XSS associated with global variables.	2020-11-02	4.3	CVE-2020-28034 MLIST MISC DEBIAN
wordpress -- wordpress	WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.	2020-11-02	5	CVE-2020-28033 MLIST MISC DEBIAN
wordpress -- wordpress	is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.	2020-11-02	6.4	CVE-2020-28039 MISC MLIST MISC MISC DEBIAN
zte -- zxa10_eodn_firmware	A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1	2020-11-05	4	CVE-2020-6877 MISC

Back to top

 

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
basercms -- basercms	baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, subsite setting list, widget area edit, and feed list on the management screen. The issue was introduced in version 4.0.0. It is fixed in version 4.4.1.	2020-10-30	3.5	CVE-2020-15273 MISC CONFIRM MISC
basercms -- basercms	baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.	2020-10-30	3.5	CVE-2020-15276 MISC MISC CONFIRM
evms -- redcap	A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this XSS attack. A user could craft a message and send it to anyone on the platform including admins. The XSS payload would execute on the other account without interaction from the user on several pages.	2020-11-02	3.5	CVE-2020-27359 MISC MISC MISC
nedi -- nedi	NeDi 1.9C allows inc/rt-popup.php d XSS.	2020-11-02	3.5	CVE-2020-23868 MISC
nedi -- nedi	NeDi 1.9C allows pwsec.php oid XSS.	2020-11-02	3.5	CVE-2020-23989 MISC
trendmicro -- antivirus	Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.	2020-10-30	2.1	CVE-2020-27015 N/A N/A

Back to top

 

Severity Not Yet Assigned

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- acrobat_reader_dc	Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update process.	2020-11-05	not yet calculated	CVE-2020-24439 MISC
alerta -- alerta	In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication mechanism for anonymous authorization are affected. A fix has been implemented in version 8.1.0 that returns HTTP 401 Unauthorized response for any authentication attempts where the password field is empty. As a workaround LDAP administrators can disallow unauthenticated bind requests by clients.	2020-11-06	not yet calculated	CVE-2020-26214 MISC MISC MISC CONFIRM MISC MISC
apache -- shiro	Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.	2020-11-05	not yet calculated	CVE-2020-17510 MLIST MISC
aruba -- airwave_software	A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.	2020-11-04	not yet calculated	CVE-2020-7129 MISC
aruba -- airwave_software	A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.	2020-11-04	not yet calculated	CVE-2020-7128 MISC
asterisk -- asterisk_open_source	A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.	2020-11-06	not yet calculated	CVE-2020-28327 MISC
asterisk -- asterisk_open_source	An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.	2020-11-06	not yet calculated	CVE-2020-28242 MISC
audimexee -- audimexee	AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' parameters that can lead to data leakage.	2020-11-05	not yet calculated	CVE-2020-28047 MISC
audimexee -- audimexee	SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter.	2020-11-05	not yet calculated	CVE-2020-28115 MISC
auth0 -- ad-idap-connector	ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine that has access to the ad-ldap-connector admin console via a browser. You may be affected if you use the admin console included with ad-ldap-connector versions <=5.0.12. If you do not have ad-ldap-connector admin console enabled or do not visit any other public URL while on the machine it is installed on, you are not affected. The issue is fixed in version 5.0.13.	2020-11-06	not yet calculated	CVE-2020-15259 MISC CONFIRM
axios -- axios	Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.	2020-11-06	not yet calculated	CVE-2020-28168 MISC
b.braun_melsungen_ag -- onlinesuite	A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user.	2020-11-06	not yet calculated	CVE-2020-25174 MISC
b.braun_melsungen_ag -- onlinesuite	A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files.	2020-11-06	not yet calculated	CVE-2020-25172 MISC
b.braun_melsungen_ag -- onlinesuite	An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export.	2020-11-06	not yet calculated	CVE-2020-25170 MISC
bookstack -- bookstack	In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in version 0.30.4.	2020-11-03	not yet calculated	CVE-2020-26210 MISC MISC MISC CONFIRM
bookstack -- bookstack	In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a page could insert a particular meta tag which could be used to silently redirect users to a alternative location upon visit of a page. Dangerous content may remain in the database but will be removed before being displayed on a page. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround without upgrading, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in BookStack version 0.30.4.	2020-11-03	not yet calculated	CVE-2020-26211 MISC MISC CONFIRM MISC
cellinx -- nvt_web_server	Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side.	2020-11-06	not yet calculated	CVE-2020-28250 MISC MISC
check_point -- endpoint_security_client	Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.	2020-11-02	not yet calculated	CVE-2020-6014 MISC
check_point -- endpoint_security_client	Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations.	2020-11-05	not yet calculated	CVE-2020-6015 MISC
cisco -- anyconnect_secure_mobility_client	A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device. The vulnerability is due to an exposed IPC function. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device.	2020-11-06	not yet calculated	CVE-2020-27123 CISCO
cisco -- anyconnect_secure_mobility_client_software	A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit could allow an attacker to cause the targeted AnyConnect user to execute a script. This script would execute with the privileges of the targeted AnyConnect user. In order to successfully exploit this vulnerability, there must be an ongoing AnyConnect session by the targeted user at the time of the attack. To exploit this vulnerability, the attacker would also need valid user credentials on the system upon which the AnyConnect client is being run. Cisco has not released software updates that address this vulnerability.	2020-11-06	not yet calculated	CVE-2020-3556 CISCO
cisco -- edge_fog_fabric	A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.	2020-11-06	not yet calculated	CVE-2020-26084 CISCO
cisco -- identity_services_engine	A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.	2020-11-06	not yet calculated	CVE-2020-3551 CISCO
cisco -- identity_services_engine	A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected device. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to the system with a crafted Active Directory account. A successful exploit could allow the attacker to obtain root privileges on an affected device.	2020-11-06	not yet calculated	CVE-2020-27122 CISCO
cisco -- identity_services_engine	A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials.	2020-11-06	not yet calculated	CVE-2020-26083 CISCO
cisco -- integrated_management_controller	A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands at the underlying operating system level.	2020-11-06	not yet calculated	CVE-2020-3371 CISCO
cisco -- ios_xr_64-bit_software	A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management interface of hardware platforms that are running Cisco IOS XR Software only. The vulnerability exists because internal commands that are issued when the PXE network boot process is loading a software image are not properly verified. An attacker could exploit this vulnerability by compromising the PXE boot server and replacing a valid software image with a malicious one. Alternatively, the attacker could impersonate the PXE boot server and send a PXE boot reply with a malicious file. A successful exploit could allow the attacker to execute unsigned code on the affected device. Note: To fix this vulnerability, both the Cisco IOS XR Software and the BIOS must be upgraded. The BIOS code is included in Cisco IOS XR Software but might require additional installation steps. For further information, see the Fixed Software section of this advisory.	2020-11-06	not yet calculated	CVE-2020-3284 CISCO
cisco -- ip_phones	A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition.	2020-11-06	not yet calculated	CVE-2020-3574 CISCO
cisco -- sd-wan_software	A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could exploit this vulnerability by executing the affected command on an affected system. A successful exploit could allow the attacker to gain root privileges.	2020-11-06	not yet calculated	CVE-2020-3595 CISCO
cisco -- sd-wan_software	A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a targeted device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet into the network.	2020-11-06	not yet calculated	CVE-2020-3444 CISCO
cisco -- sd-wan_software	A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to a utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges.	2020-11-06	not yet calculated	CVE-2020-3593 CISCO
cisco -- sd-wan_software	A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient security controls on the CLI. An attacker could exploit this vulnerability by using an affected CLI utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges.	2020-11-06	not yet calculated	CVE-2020-3600 CISCO
cisco -- sd-wan_software	A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted options to a specific command. A successful exploit could allow the attacker to gain root privileges.	2020-11-06	not yet calculated	CVE-2020-3594 CISCO
cisco -- sd-wan_vmanage_software	A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the affected application. An attacker could exploit this vulnerability by sending malicious requests to the affected application. A successful exploit could allow the attacker to inject arbitrary commands and potentially gain elevated privileges.	2020-11-06	not yet calculated	CVE-2020-27129 CISCO
cisco -- sd-wan_vmanage_software	A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.	2020-11-06	not yet calculated	CVE-2020-3587 CISCO
cisco -- sd-wan_vmanage_software	A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.	2020-11-06	not yet calculated	CVE-2020-3579 CISCO
cisco -- sd-wan_vmanage_software	A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.	2020-11-06	not yet calculated	CVE-2020-3591 CISCO
cisco -- sd-wan_vmanage_software	A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.	2020-11-06	not yet calculated	CVE-2020-3590 CISCO
cisco -- sd-wan_vmanage_software	A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary location on the targeted system.	2020-11-06	not yet calculated	CVE-2020-27128 CISCO
cisco -- sd-wan_vmanage_software	A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. This could allow the attacker to modify the configuration of an affected system.	2020-11-06	not yet calculated	CVE-2020-3592 CISCO
cisco -- telepresence_collaboration_endpoint_software	A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected device. An attacker could exploit this vulnerability by accessing information that should not be accessible to users with low privileges. A successful exploit could allow the attacker to gain access to sensitive information.	2020-11-06	not yet calculated	CVE-2020-26086 CISCO
cisco -- unified_communications_manager_im_and_presence_service_software	A vulnerability in Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of login requests. An attacker could exploit this vulnerability by sending a crafted client login request to an affected device. A successful exploit could allow the attacker to cause a process to crash, resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected. There are workarounds that address this vulnerability.	2020-11-06	not yet calculated	CVE-2020-27121 CISCO
cisco -- webex_meetings_desktop_app	A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sending malicious messages to the affected software by using the virtualization channel interface. A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user. Note: This vulnerability can be exploited only when Cisco Webex Meetings Desktop App is in a virtual desktop environment on a hosted virtual desktop (HVD) and is configured to use the Cisco Webex Meetings virtual desktop plug-in for thin clients.	2020-11-06	not yet calculated	CVE-2020-3588 CISCO
cisco -- webex_network_player	Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.	2020-11-06	not yet calculated	CVE-2020-3573 CISCO
cisco -- webex_network_recording_player_and_webex_player	Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.	2020-11-06	not yet calculated	CVE-2020-3604 CISCO
cisco -- webex_network_recording_player_and_webex_player	Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.	2020-11-06	not yet calculated	CVE-2020-3603 CISCO
cybozu -- garoon	Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector.	2020-11-06	not yet calculated	CVE-2020-5643 MISC MISC
databaseschemaviewer -- databaseschemaviewer	DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v2.7.4.3. As a workaround, ensure `.dbschema` files from untrusted sources are not opened.	2020-11-04	not yet calculated	CVE-2020-26207 MISC MISC CONFIRM
debian -- bounty_castle_bc	In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.	2020-11-02	not yet calculated	CVE-2020-26939 MISC MISC MLIST
debian -- raptor_xml_writer.c	raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).	2020-11-06	not yet calculated	CVE-2017-18926 MISC MLIST DEBIAN MISC
eramba -- eramba	eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users.	2020-11-02	not yet calculated	CVE-2020-28031 MISC MISC
f5 -- big-ip	In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password.	2020-11-05	not yet calculated	CVE-2020-5943 MISC
f5 -- big-ip	In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured with DataSafe may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).	2020-11-05	not yet calculated	CVE-2020-5946 MISC
f5 -- big-ip	In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV) enabled on vSphere, may fail and leave the Traffic Management Microkernel (TMM) in a state where it cannot transmit traffic.	2020-11-05	not yet calculated	CVE-2020-5939 MISC
f5 -- big-ip	On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel (TMM) to generate a core file and restart. This issue occurs when data exceeding the maximum limit of a hostname passes to the RESOLV::lookup command.	2020-11-05	not yet calculated	CVE-2020-5941 MISC
f5 -- big-ip	In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration.	2020-11-05	not yet calculated	CVE-2020-5944 MISC
f5 -- big-ip	In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin.	2020-11-05	not yet calculated	CVE-2020-5945 MISC
f5 -- big-ip	In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility.	2020-11-05	not yet calculated	CVE-2020-5940 MISC
f5 -- big-ip	In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when processing Capabilities-Exchange-Answer (CEA) packets with certain attributes from the Policy and Charging Rules Function (PCRF) server, the Traffic Management Microkernel (TMM) may generate a core file and restart.	2020-11-05	not yet calculated	CVE-2020-5942 MISC
foxit -- reader	Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.	2020-11-02	not yet calculated	CVE-2020-14425 MISC MISC MISC
fruitywifi_project -- fruitywifi	A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317.	2020-11-05	not yet calculated	CVE-2020-24849 MISC MISC MISC
fuel -- cms	In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.	2020-11-04	not yet calculated	CVE-2020-26167 MISC MISC MISC MISC
git-lfs -- git-lfs	Git LFS 2.12.0 allows Remote Code Execution.	2020-11-05	not yet calculated	CVE-2020-27955 MISC FULLDISC MISC MISC MISC MISC
google -- chrome	Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.	2020-11-03	not yet calculated	CVE-2020-15980 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.	2020-11-03	not yet calculated	CVE-2020-15973 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.	2020-11-03	not yet calculated	CVE-2020-16007 SUSE SUSE MISC MISC
google -- chrome	Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.	2020-11-03	not yet calculated	CVE-2020-16008 SUSE SUSE MISC MISC
google -- chrome	Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	not yet calculated	CVE-2020-15968 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.	2020-11-03	not yet calculated	CVE-2020-15989 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	2020-11-03	not yet calculated	CVE-2020-15970 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	2020-11-03	not yet calculated	CVE-2020-15971 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	not yet calculated	CVE-2020-15972 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-11-03	not yet calculated	CVE-2020-15969 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.	2020-11-03	not yet calculated	CVE-2020-15967 SUSE MISC MISC FEDORA FEDORA
google -- chrome	Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.	2020-11-03	not yet calculated	CVE-2020-15987 SUSE MISC MISC FEDORA FEDORA
hashicorp -- consul_enterprise	HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.	2020-11-04	not yet calculated	CVE-2020-25201 CONFIRM MISC
hcl -- digital_experience	HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).	2020-11-05	not yet calculated	CVE-2020-14222 MISC
hcl -- notes	In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client.	2020-11-05	not yet calculated	CVE-2020-4097 MISC
hcl -- notes	HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.	2020-11-05	not yet calculated	CVE-2020-14240 MISC
hewlett_packard_enterprise -- oneview_and_synergy_composer	There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.	2020-11-06	not yet calculated	CVE-2020-7198 MISC
hewlett_packard_enterprise -- proliant_gen10_servers	A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board.	2020-11-05	not yet calculated	CVE-2020-7207 MISC
hindotech -- hk1_s905x3_tv_box	The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb.	2020-11-05	not yet calculated	CVE-2020-27402 MISC MISC MISC MISC MISC
horizontcms -- horizontcms	An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta.	2020-11-05	not yet calculated	CVE-2020-27387 MISC MISC
ibm -- app_connect_enerprise_certified_container	IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219.	2020-11-03	not yet calculated	CVE-2020-4785 XF CONFIRM
ibm -- maximo_anywhere	IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service. IBM X-Force ID: 161486	2020-11-03	not yet calculated	CVE-2019-4349 XF CONFIRM
ibm -- qradar_siem	IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440.	2020-11-05	not yet calculated	CVE-2018-1725 XF CONFIRM
ibm -- urbancode_deploy	IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857.	2020-11-06	not yet calculated	CVE-2020-4483 XF CONFIRM
ibm -- urbancode_deploy	IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.	2020-11-03	not yet calculated	CVE-2020-4649 XF CONFIRM
ibm -- urbancode_deploy	IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856.	2020-11-06	not yet calculated	CVE-2020-4482 XF CONFIRM
ibm -- urbancode_deploy	IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858.	2020-11-06	not yet calculated	CVE-2020-4484 XF CONFIRM
immuta -- immuta	Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal credentials.	2020-11-05	not yet calculated	CVE-2020-15951 MISC MISC MISC
immuta -- immuta	Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout.	2020-11-05	not yet calculated	CVE-2020-15950 MISC MISC MISC
immuta -- immuta	Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover.	2020-11-05	not yet calculated	CVE-2020-15949 MISC MISC MISC
immuta -- immuta	Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based XSS.	2020-11-05	not yet calculated	CVE-2020-15952 MISC MISC MISC
intelliants -- subrion_cms	Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.	2020-11-04	not yet calculated	CVE-2019-7356 MISC MISC
intermind -- imind_server	Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat.	2020-11-05	not yet calculated	CVE-2020-25399 MISC
intermind -- imind_server	CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality.	2020-11-05	not yet calculated	CVE-2020-25398 MISC
ipfs -- ipfs	An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later versions, in particular go-ipfs 0.7, mitigate this.	2020-11-02	not yet calculated	CVE-2020-10937 MISC MISC
jenkins -- active_directory_plugin	Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.	2020-11-04	not yet calculated	CVE-2020-2299 MLIST CONFIRM
jenkins -- active_directory_plugin	Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.	2020-11-04	not yet calculated	CVE-2020-2301 CONFIRM
jenkins -- active_directory_plugin	Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server.	2020-11-04	not yet calculated	CVE-2020-2300 MLIST CONFIRM
jenkins -- active_subversion_plugin	Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.	2020-11-04	not yet calculated	CVE-2020-2304 MLIST CONFIRM
jenkins -- ansible_plugin	Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.	2020-11-04	not yet calculated	CVE-2020-2310 CONFIRM
jenkins -- appspider_plugin	Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.	2020-11-04	not yet calculated	CVE-2020-2314 CONFIRM
jenkins -- findbugs_plugin	Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step.	2020-11-04	not yet calculated	CVE-2020-2317 CONFIRM
jenkins -- kubernetes_plugin	Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.	2020-11-04	not yet calculated	CVE-2020-2307 CONFIRM
jenkins -- mail_commander_plugin	Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.	2020-11-04	not yet calculated	CVE-2020-2318 CONFIRM
jenkins -- mercurial_plugin	Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.	2020-11-04	not yet calculated	CVE-2020-2305 CONFIRM
jenkins -- sqlplus_script_runner_plugin	Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask a password provided as command line argument in build logs.	2020-11-04	not yet calculated	CVE-2020-2312 CONFIRM
jenkins -- static_analysis_utilities_plugin	Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.	2020-11-04	not yet calculated	CVE-2020-2316 CONFIRM
jenkins -- visualworks_store_plugin	Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.	2020-11-04	not yet calculated	CVE-2020-2315 CONFIRM
jenkins -- vmware_lab_manager_slaves_plugin	Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.	2020-11-04	not yet calculated	CVE-2020-2319 CONFIRM
joomla -- jomsocial	JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile.	2020-11-04	not yet calculated	CVE-2020-22274 MISC MISC MISC
joplin -- joplin	Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.	2020-11-06	not yet calculated	CVE-2020-28249 MISC MISC
kuka -- visual_components	Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds to all interfaces (0.0.0.0) and listensfor packets over UDP port 5093. No authentication/authorization is required in order to communicate with theserver. The protocol being used is a property protocol by RMS Sentinel which provides the licensing infrastructurefor the network license server. RMS Sentinel license manager service exposes UDP port 5093 which provides sensitivesystem information that could be leveraged for further exploitation without any kind of authentication. Thisinformation includes detailed hardware and OS characteristics.After a decryption process, a textual protocol is found which contains a simple header with the requested command,application-identifier, and some arguments. The protocol is vulnerable to DoS through an arbitrary pointerderreference. This flaw allows an attacker to to pass a specially crafted package that, when processed by theservice, causes an arbitrary pointer from the stack to be dereferenced, causing an uncaught exception thatterminates the service. This can be further contructed in combination with RVDP#710 which exploits an informationdisclosure leak, or with RVDP#711 for an stack-overflow and potential code execution.Beyond denying simulations, Visual Components provides capabilities to interface with industrial machinery andautomate certain processes (e.g. testing, benchmarking, etc.) which depending on the DevOps setup might beintegrated into the industrial flow. Accordingly, a DoS in the simulation might have higher repercusions, dependingon the Industrial Control System (ICS) ICS infrastructure.	2020-11-06	not yet calculated	CVE-2020-10292 CONFIRM
kuka -- visual_components	Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds to all interfaces (0.0.0.0) and listensfor packets over UDP port 5093. No authentication/authorization is required in order to communicate with theserver. The protocol being used is a property protocol by RMS Sentinel which provides the licensing infrastructurefor the network license server. RMS Sentinel license manager service exposes UDP port 5093 which provides sensitivesystem information that could be leveraged for further exploitation without any kind of authentication. Thisinformation includes detailed hardware and OS characteristics.After a decryption process, a textual protocol is found which contains a simple header with the requested command,application-identifier, and some arguments. The protocol leaks information regarding the receiving serverinformation, license information and managing licenses, among others.Through this flaw, attackers can retreive information about a KUKA simulation system, particularly, the version ofthe licensing server, which is connected to the simulator, and which will allow them to launch local simulationswith similar characteristics, further understanding the dynamics of motion virtualization and opening doors toother attacks (see RVDP#711 and RVDP#712 for subsequent vulnerabilities that compromise integrity andavailability).Beyond compromising simulations, Visual Components provides capabilities to interface with industrial machinery.Particularly, their PLC Connectivity feature 'makes it easy' to connect simulations with control systems usingeither the industry standard OPC UA or other supported vendor specific interfaces. This fills the gap of jumpingfrom simulation to real and enables attackers to pivot from the Visual Components simulator to robots or otherIndustrial Control System (ICS) devices, such as PLCs.	2020-11-06	not yet calculated	CVE-2020-10291 CONFIRM
libmaxminddb -- libmaxminddb	libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.	2020-11-06	not yet calculated	CVE-2020-28241 MISC MISC MISC
lightbend -- play_framework	In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.	2020-11-06	not yet calculated	CVE-2020-26882 MISC MISC
lightbend -- play_framework	In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.	2020-11-06	not yet calculated	CVE-2020-26883 MISC MISC
lightbend -- play_framework	An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service.	2020-11-06	not yet calculated	CVE-2020-27196 MISC MISC
linux -- linux_kernel	An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9.	2020-11-06	not yet calculated	CVE-2020-27152 MLIST MISC CONFIRM CONFIRM
linux -- swift	A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input.	2020-11-02	not yet calculated	CVE-2020-9861 MISC
marmind -- marmind	An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI.	2020-11-05	not yet calculated	CVE-2020-26506 MISC MISC
marmind -- marmind	A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Notes” functionality in the main screen, an attacker can inject a payload into the “Description” field under the “Insert To-Do” option. Other users might download this data, for example a CSV file, and execute the malicious commands on their computer by opening the file using a software such as Microsoft Excel. The attacker could gain remote access to the user’s PC.	2020-11-05	not yet calculated	CVE-2020-26507 MISC MISC
microfocus -- self_service_password_reset	Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information.	2020-11-05	not yet calculated	CVE-2020-25837 MISC
misp-project -- misp	MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.	2020-11-02	not yet calculated	CVE-2020-28043 MISC
mit -- kerberos5	MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.	2020-11-06	not yet calculated	CVE-2020-28196 CONFIRM MLIST FEDORA
mitsubishi_electric -- gt14_model_of_got_1000_series	Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.	2020-11-06	not yet calculated	CVE-2020-5649 MISC MISC MISC MISC
mitsubishi_electric -- gt14_model_of_got_1000_series	Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.	2020-11-06	not yet calculated	CVE-2020-5647 MISC MISC MISC MISC
mitsubishi_electric -- gt14_model_of_got_1000_series	Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.	2020-11-06	not yet calculated	CVE-2020-5648 MISC MISC MISC MISC
mitsubishi_electric -- gt14_model_of_got_1000_series	NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.	2020-11-06	not yet calculated	CVE-2020-5646 MISC MISC MISC MISC
mitsubishi_electric -- gt14_model_of_got_1000_series	Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.	2020-11-06	not yet calculated	CVE-2020-5644 MISC MISC MISC MISC
mitsubishi_electric -- gt14_model_of_got_1000_series	Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.	2020-11-06	not yet calculated	CVE-2020-5645 MISC MISC MISC MISC
mitsubishi_electric -- melsec_iq	Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition .	2020-11-02	not yet calculated	CVE-2020-5652 MISC MISC MISC
mitsubishi_electric -- melsec_iq-r_series	Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.	2020-11-02	not yet calculated	CVE-2020-5658 MISC MISC MISC
mitsubishi_electric -- melsec_iq-r_series	Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.	2020-11-02	not yet calculated	CVE-2020-5657 MISC MISC MISC
mitsubishi_electric -- melsec_iq-r_series	NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.	2020-11-02	not yet calculated	CVE-2020-5655 MISC MISC MISC
mitsubishi_electric -- melsec_iq-r_series	Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.	2020-11-02	not yet calculated	CVE-2020-5656 MISC MISC MISC
mitsubishi_electric -- melsec_iq-r_series	Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.	2020-11-02	not yet calculated	CVE-2020-5654 MISC MISC MISC
mitsubishi_electric -- melsec_iq-r_series	Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.	2020-11-02	not yet calculated	CVE-2020-5653 MISC MISC MISC
moxa -- mxview	An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality.	2020-11-05	not yet calculated	CVE-2020-13536 MISC
moxa -- mxview	An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run.	2020-11-05	not yet calculated	CVE-2020-13537 MISC
moxa -- vport_461_firmware	A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers.	2020-11-02	not yet calculated	CVE-2020-23639 MISC
nats -- jwt_library	The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.	2020-11-06	not yet calculated	CVE-2020-26892 MISC CONFIRM
nats -- jwt_library	The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).	2020-11-06	not yet calculated	CVE-2020-26521 CONFIRM MISC
neoflex -- video_subscritpion_system	Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings)	2020-11-04	not yet calculated	CVE-2020-22273 MISC MISC
nessus -- nessus_for_windows_and_nessus_agent	A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.	2020-11-05	not yet calculated	CVE-2020-5793 MISC MISC
nessus -- network_monitor	A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.	2020-11-06	not yet calculated	CVE-2020-5794 MISC
netapp -- santricity_os_controller_software	SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS).	2020-11-06	not yet calculated	CVE-2020-8580 MISC
netapp -- santricity_os_controller_software	SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.	2020-11-06	not yet calculated	CVE-2020-8577 MISC
netgear -- nighthawk_r7000_devices	The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data.	2020-11-02	not yet calculated	CVE-2020-28041 MISC MISC MISC MISC
nextcloud -- nextcloud_server	A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.	2020-11-02	not yet calculated	CVE-2020-8236 MISC MISC
nextcloud -- nextcloud_server	A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.	2020-11-02	not yet calculated	CVE-2020-8183 MISC MISC
nextcloud -- nextcloud_server	A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.	2020-11-02	not yet calculated	CVE-2020-8173 MISC MISC
openfind -- mailgates_and_mailaudit	MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token.	2020-11-01	not yet calculated	CVE-2020-25849 CONFIRM
opensuse -- opesuse	An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.	2020-11-04	not yet calculated	CVE-2020-28049 SUSE MISC MISC MISC MLIST DEBIAN
oracle -- weblogic_server	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).	2020-11-02	not yet calculated	CVE-2020-14750 MISC
origin -- origin_client	A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may be able to take control of the system and perform actions otherwise reserved for high privileged users or system Administrators.	2020-11-02	not yet calculated	CVE-2020-27708 MISC
origin -- origin_client	A cross-site scripting (XSS) vulnerability exists in the Origin Client that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’s Origin account, or to control or monitor the Origin text chat window.	2020-11-02	not yet calculated	CVE-2020-15914 MISC
osticket -- osticket	SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.	2020-11-02	not yet calculated	CVE-2020-24881 MISC MISC
pax -- point_of_sale_device	An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions.	2020-11-02	not yet calculated	CVE-2020-28044 MISC
pax -- prolinos	An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user (MAINAPP) can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables --modprobe switch.	2020-11-02	not yet calculated	CVE-2020-28046 MISC
pax -- prolinos	An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in the kernel prior to ELF execution. Shared libraries, however, do not need to be signed, and they are not verified. An attacker may execute a custom binary by compiling it as a shared object and loading it via LD_PRELOAD.	2020-11-02	not yet calculated	CVE-2020-28045 MISC
qemu -- qemu	ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.	2020-11-06	not yet calculated	CVE-2020-27616 CONFIRM MISC
qemu -- qemu	eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.	2020-11-06	not yet calculated	CVE-2020-27617 CONFIRM MISC
qualcomm -- multiple_snapdragon_products	u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8909W, MSM8917, MSM8940, Nicobar, QCA6390, QCM2150, QCS605, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429W, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130	2020-11-02	not yet calculated	CVE-2020-11164 CONFIRM
qualcomm -- multiple_snapdragon_products	u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCA6390, QCM2150, QCS404, QCS405, QCS605, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130	2020-11-02	not yet calculated	CVE-2020-11162 CONFIRM
qualcomm -- multiple_snapdragon_products	u'Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio range to cause a buffer overflow via a crafted Link Layer packet(Equivalent to CVE-2019-17060,CVE-2019-17061 and CVE-2019-17517 in Sweyntooth paper)' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in AR9344	2020-11-02	not yet calculated	CVE-2020-11114 CONFIRM
red_hat -- red_hat	A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.	2020-11-05	not yet calculated	CVE-2020-25662 CONFIRM CONFIRM CONFIRM
red_hat -- red_hat	A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.	2020-11-05	not yet calculated	CVE-2020-25661 CONFIRM CONFIRM CONFIRM
redcap -- redcap	An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}.	2020-11-02	not yet calculated	CVE-2020-27358 MISC MISC MISC
relish -- verve_connect_vh510_devices	The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings.	2020-11-04	not yet calculated	CVE-2020-27691 MISC MISC
relish -- verve_connect_vh510_devices	The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware.	2020-11-04	not yet calculated	CVE-2020-27692 MISC MISC
relish -- verve_connect_vh510_devices	The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a malicious version.	2020-11-04	not yet calculated	CVE-2020-27689 MISC MISC
relish -- verve_connect_vh510_devices	The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes.	2020-11-04	not yet calculated	CVE-2020-27690 MISC MISC
rvtools -- rvtools	RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances.	2020-11-05	not yet calculated	CVE-2020-27688 MISC MISC
saltstack -- salt	In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.	2020-11-06	not yet calculated	CVE-2020-25592 SUSE MISC FEDORA CONFIRM
saltstack -- salt	An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.	2020-11-06	not yet calculated	CVE-2020-16846 SUSE MISC FEDORA CONFIRM
saltstack -- salt	The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.	2020-11-06	not yet calculated	CVE-2020-17490 SUSE MISC FEDORA CONFIRM
servicestack -- servicestack	ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature.	2020-11-02	not yet calculated	CVE-2020-28042 MISC MISC MISC MISC
shun_hu_technology -- juuko_k-800	JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running.	2020-11-02	not yet calculated	CVE-2018-17932 MISC
shun_hu_technology -- juuko_k-800	In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.).	2020-11-02	not yet calculated	CVE-2018-19025 MISC
silver_peak -- unity_orchestrator	In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API.	2020-11-05	not yet calculated	CVE-2020-12146 MISC
silver_peak -- unity_orchestrator	In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing.	2020-11-05	not yet calculated	CVE-2020-12147 MISC
silver_peak -- unity_orchestrator	Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances that are hosted by customers –on-premise or in a public cloud provider –are affected by this vulnerability.	2020-11-05	not yet calculated	CVE-2020-12145 MISC
sonarqube -- sonarqube	In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint.	2020-11-02	not yet calculated	CVE-2020-28002 MISC
studyplus -- studyplus_app	Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.	2020-11-06	not yet calculated	CVE-2020-5667 MISC
suitecrm -- suitecrm	SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.	2020-11-06	not yet calculated	CVE-2020-28328 MISC MISC
synk -- absolunet/kafe	This affects the package @absolunet/kafe before 3.2.10. It allows cause a denial of service when validating crafted invalid emails.	2020-11-05	not yet calculated	CVE-2020-7761 MISC MISC
synk -- browerless-chrome	This affects all versions of package browserless-chrome. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server.	2020-11-02	not yet calculated	CVE-2020-7758 MISC MISC MISC
synk -- codemirror	This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://ift.tt/3oHS4nt. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*	2020-10-30	not yet calculated	CVE-2020-7760 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
synk -- droppy	This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server.	2020-11-02	not yet calculated	CVE-2020-7757 MISC MISC
synk -- jsreport-chrome-pdf	This affects the package jsreport-chrome-pdf before 1.10.0.	2020-11-05	not yet calculated	CVE-2020-7762 MISC MISC
synk -- phantom-html-to-pdf	This affects the package phantom-html-to-pdf before 0.6.1.	2020-11-05	not yet calculated	CVE-2020-7763 MISC MISC
synopsys -- blackduck	Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases.	2020-11-06	not yet calculated	CVE-2020-27589 MISC MISC MISC MISC
tcpdump -- tcpdump	The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.	2020-11-04	not yet calculated	CVE-2020-8037 MISC
tcpdump -- tcpdump	The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.	2020-11-04	not yet calculated	CVE-2020-8036 MISC
teler -- teler	In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1.	2020-11-06	not yet calculated	CVE-2020-26213 MISC CONFIRM
telerik -- fiddler	Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option. Fixed in version 5.0.20204.	2020-11-05	not yet calculated	CVE-2020-13661 MISC MISC MISC
tmux -- tmux	The function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.	2020-11-06	not yet calculated	CVE-2020-27347 MISC MISC
ubiquiti -- unifi_protect_controller	A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer.	2020-11-05	not yet calculated	CVE-2020-8267 MISC MISC MISC
ubuntu -- libvirt	Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.	2020-11-06	not yet calculated	CVE-2020-15708 MISC
ubuntu -- packagekit	PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.	2020-11-07	not yet calculated	CVE-2020-16121 CONFIRM MISC
ubuntu -- packagekit	PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.	2020-11-07	not yet calculated	CVE-2020-16122 CONFIRM
ubuntu -- ubuntu	There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root.	2020-10-31	not yet calculated	CVE-2020-15703 CONFIRM MISC
unix -- symbolic_link	UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router.	2020-11-06	not yet calculated	CVE-2020-5795 MISC
vmware -- tanzu	Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn't appear with LDAP because of chained authentication.	2020-10-31	not yet calculated	CVE-2020-5425 CONFIRM
whatsapp -- whatsapp_and_whatsapp_business	Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.	2020-11-03	not yet calculated	CVE-2020-1908 CONFIRM
wildfly -- wildfly	A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.	2020-11-02	not yet calculated	CVE-2020-25689 CONFIRM
wireshark -- wireshark	In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.	2020-11-02	not yet calculated	CVE-2020-28030 MISC MISC MISC
wondershare -- dr.fone	Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users.	2020-11-02	not yet calculated	CVE-2020-27992 MISC MISC
wordpress -- wordpress	Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.	2020-11-04	not yet calculated	CVE-2020-22277 MISC MISC MISC
wordpress -- wordpress	The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.	2020-11-07	not yet calculated	CVE-2020-28339 MISC MISC
wordpress -- wordpress	WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry.	2020-11-04	not yet calculated	CVE-2020-22276 MISC MISC MISC
wordpress -- wordpress	Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.	2020-11-04	not yet calculated	CVE-2020-22275 MISC MISC MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/35aVw2r