CVE-2020-35564

MB CONNECT LINE’s MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 (affected up to v2.6.2) contain an outdated, unused component that allows malicious input of active code. This CVE (CVE-2020-35564) is documented with a CVSS v3 base score of 7.5 (HIGH) and describes remote, unauthenticated risk due ...

CVE-2020-35564

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code...

Compromise of U.S. Water Treatment Facility

Summary On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition SCADA system at a U.S. drinking water treatment facility. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also...

USN-4608-1: ca-certificates update | Cloud Foundry

Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.44 version of the Mozilla certificate...

Ubuntu: Security Advisory (USN-4719-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : ca-certificates update (USN-4719-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4719-1 advisory. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the...

USN-4719-1 ca-certificates update

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.46 version of the Mozilla certificate authority bundle...

GHSA-HHW9-35P2-Q2C5 Steam Socialite Provider v1 does not correctly validate openid server

Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These are no longer...

Steam Socialite Provider v1 does not correctly validate openid server

Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These are no longer...

Exploit for Out-of-bounds Write in Accfly 720P_Firmware

PoC exploit for CVE-2020-25782, CVE-2020-25783, CVE-2020-25784,...

Vulnerability fixed in McAfee Agent

McAfee has fixed a vulnerability in McAfee Agent. Due to a flaw in the permissions structure, a local malicious agent can disrupt the operation of Agent by manipulating a directory used by Agent used for temporary files. The result of this is that Agent continues to work, but no longer processes...

Vega Cross-Site Scripting Vulnerability

Vega is a Javscript-based software from the Vega team that can be used to create interactive visual displays. The software can use JSON format to describe the data visualization and use HTML5 Canvas or SVG to generate interactive views. A cross-site scripting vulnerability exists in Vega versions...

U.S. Dept Of Defense: [CVE-2018-7600] Remote Code Execution due to outdated Drupal server on www.█████████

Summary Due to an outdated Drupal version, remote code execution is possible on www.█████ via CVE-2018-7600. Description Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple...

PT-2020-5285 · Vmware · Vmware Workstation +3

Name of the Vulnerable Software and Affected Versions: VMware ESXi versions 7.0 prior to ESXi70U1c-17325551 VMware Workstation versions 16.x prior to 16.0 and 15.x prior to 15.5.7 VMware Fusion versions 12.x prior to 12.0 and 11.x prior to 11.5.7 VMware Cloud Foundation affected versions not...

The Risky Business: Rapid7 Report Highlights Need for Improved Vulnerability Management Practices

Back in July, Rapid7 released its first-ever National / Industry / Cloud Exposure Report, otherwise known as “NICER.” This report had a big job: to assess not only the prevalence of known threats, but also to provide a geographic census of those threats. It tells the all-too-true story of...

Design/Logic Flaw

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...

CVE-2020-25230

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...

GHSA-RCJJ-H6GH-JF3R Information Disclosure in Apache Groovy

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the...

U.S. Dept Of Defense: Sensitive data exposure via https://███/secure/QueryComponent!Default.jspa - CVE-2020-14179

Summary: Information Disclosure vulnerability in outdated Jira. Description: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the...

ZTE MF253V 1.0.0B04 XSS / CSRF / Hardcoded Password

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: ZTE WLAN router MF253V vulnerable version: V1.0.0B04 fixed version: V1.0.0B05 CVE number: impact: Medium homepage: https://www.zte.com.c...