917 matches found
CVE-2020-27604
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can for example use api/join to join an arbitrary meeting...
CVE-2020-27604
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can for example use api/join to join an arbitrary meeting...
Design/Logic Flaw
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can for example use api/join to join an arbitrary meeting...
CVE-2020-27604
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can for example use api/join to join an arbitrary meeting...
CVE-2020-27604
BigBlueButton before 2.3 does not implement LibreOffice sandboxing, enabling remote authenticated users to read the API shared secret in bigbluebutton.properties and potentially join arbitrary meetings via api/join regardless of guestPolicy. Affected software: BigBlueButton prior to 2.3. Root cau...
CVE-2020-15174 Unpreventable top-level navigation in Electron
In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the will-navigate event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in...
Lock and Code S1Ep16: Investigating digital vulnerabilities with Samy Kamkar
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Samy Kamkar, chief security officer and co-founder of Open Path, about the digital vulnerabilities in our physical world. If you look through a recent...
Sandbox in security: what is it, and how it relates to malware
To better understand modern malware detection methods, it’s a good idea to look at sandboxes. In cybersecurity, the use of sandboxes has gained a lot of traction over the last decade or so. With the plethora of new malware coming our way every day, security researchers needed something to test ne...
Sandbox Bypass
firefox is vulnerable to sandbox bypass. Until explicitly accessed by script, window.global.This is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames window. Sites that deploy a sandboxing that depends on enumerating and freezing access to the window objec...
Microsoft Internet Explorer 11 Use-After-Free
Exploit Title: Internet Explorer 11 - Use-After-Free Google Dork: if applicable Date: 2020-09-06 Exploit Author: Tgroup Vendor Homepage: Microsoft.com Version: IE 11 REQUIRED Tested on: Windows 7 x64 CVE : CVE-2020-0674 //...
CVE-2019-8771
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy...
About the security content of Safari 13.0.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
CVE-2020-9847
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox...
Mozilla Firefox and Firefox ESR Input Validation Error Vulnerability (CNVD-2020-54930)
Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security vulnerability exists in Mozilla Firefox ESR versions prior to 68.8 an...
Building for Billions: Addressing Security Concerns for Platforms at Scale
Security operations once consisted of a multitude of manual operations based around alerts, thresholds and severity levels. As systems scale and platforms continue to grow, how do you keep up with the growing requirements to secure these transactions and the networks they are built upon?...
Microsoft Windows and Windows Server Security Feature Bypass Vulnerability
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security feature bypass vulnerability exists in Microsoft Windows and Windows Server,...
CVE-2020-3916
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos...
FreeBSD : grub2-bhyve -- multiple privilege escalations (9d6a48a7-4dad-11ea-8a1d-7085c25400ea)
Reno Robert reports : FreeBSD uses a two-process model for running a VM. For booting non-FreeBSD guests, a modified grub-emu is used grub-bhyve. Grub-bhyve executes command from guest grub.cfg file. This is a security problem because grub was never written to handle inputs from OS as untrusted. I...
Memory Corruption Vulnerability in WebKit Component of Multiple Apple Products (CNVD-2020-01907)
Apple Safari is a web browser that is the default browser that comes with the MacOSX and iOS operating systems. apple iOS is a suite of operating systems for mobile devices. apple macOS Mojave is a dedicated operating system developed specifically for Mac computers. WebKit is a component of the W...
Design/Logic Flaw
Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction...