CVE-2020-13559

A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability...

Exploit for Code Injection in Microfocus Arcsight_Logger

CVE-2020-11851 Remote Code Execution vulnerability on ArcSig...

Akamai's Technical Enablement and Education Team, Part of the Global Services and Support Organization, Wins 2020 Chief Learning Officer Magazine Gold Award

On October 2020, the Akamai Technical Enablement and Education TE&E Team -- responsible for creating product-training certifications for employees Global Services and Support GSS, customers Akamai University, and channel partners Advanced Partner Enablement -- won its second industry award for...

Akamai's Technical Enablement and Education Team, Part of the Global Services and Support Organization, Wins 2020 Chief Learning Officer Magazine Gold Award

On October 2020, the Akamai Technical Enablement and Education TE&E Team -- responsible for creating product-training certifications for employees Global Services and Support GSS, customers Akamai University, and channel partners Advanced Partner Enablement -- won its second industry award for...

CVE-2020-8289

Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in bztransmit helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3902-1)

This update for MozillaFirefox fixes the following issues : Firefox Extended Support Release 78.6.0 ESR - Fixed: Various stability, functionality, and security fixes MFSA 2020-55 bsc1180039 - CVE-2020-16042 bmo1679003 Operations on a BigInt could have caused uninitialized memory to be exposed -...

CVE-2020-35609

A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability...

Authentication flaw

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality...

SUSE-SU-2020:3903-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2020-55 bsc1180039 CVE-2020-16042 bmo1679003 Operations on a BigInt could have caused uninitialized memory to be exposed...

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

...

CVE-2020-13512

NZXT CAM 4.8.0 is affected by a privilege-escalation in the WinRing0x64 driver’s Privileged I/O Write IRPs. A crafted IRP (notably 0x9c40a0d8) can grant a low-privilege user elevated access by writing to CPU I/O ports, enabling privilege escalation. Public disclosures (Talos, Red Hat, CNVD, CVE r...

CVE-2020-13509

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP Using the IRP 0x9c4060cc gives a low privilege user direct access to the IN instruction that is completely unrestrained at ...

CVE-2020-13511

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP using the IRP 0x9c4060d4 gives a low privilege user direct access to the IN instruction that is completely unrestrained at ...

CVE-2020-12523

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports g...

PT-2020-13595 · Nzxt · Nzxt Cam

Name of the Vulnerable Software and Affected Versions: NZXT CAM version 4.8.0 Description: An information disclosure issue exists in the WinRing0x64 Driver IRP 0x9c402084 functionality. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can...

Huawei Taurus-AL00A Resource Management Error Vulnerability

Huawei Taurus-AL00A is a smartphone from Huawei of China.Huawei Taurus-AL00A is vulnerable to a resource management error. A module fails to properly process a message, and a function references freed memory. An attacker could use this vulnerability to trick a user into running a carefully...

Cross-site Scripting (XSS)

s-cart is vulnerable to cross-site scirpting XSS. An attacker is able to inject and execute malicious script via the search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex...

CVE-2020-28457

This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS...

Cross site scripting

This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS...

CVE-2020-13556

An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...