Month: August 2020
-
CVE-2020-13793 – Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded enc …
Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption …
-
CVE-2020-12441 – Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer …
Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the …
-
CVE-2020-7817 – MyBrowserPlus downloads the files needed to run the program through the setup file (Setup. …
MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). At this time, there is a vulnerability in …
-
CVE-2020-7460 – In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, …
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before …
-
CVE-2020-7459 – In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, …
In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before …
-
CVE-2020-7361 – The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in …
The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its ‘/pro/repo-create.html’ component. After …
-
CVE-2020-7357 – Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability usin …
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to …
-
CVE-2020-7356 – CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via …
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter ‘wayfinder_seqid’ in …
-
CVE-2020-7352 – The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a …
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping …
-
CVE-2020-13365 – Certain Zyxel products have a locally accessible binary that allows a non-root user to gen …
Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account …
-
CVE-2020-13364 – A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This af …
A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, …
-
Tales from the Trenches Show Security Issues Endemic to Healthcare
Mitchell Parker sees a great deal wrong with information security, especially in the healthcare industry, where he has worked for more than …
●●●