CVE-2020-12388

The Mozilla Foundation Security Advisory describes this flaw as: The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape...

CVE-2020-5881

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition VE is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer NDAL Interfaces can lock up and in turn disrupting the communicatio...

CVE-2020-5881

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition VE is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer NDAL Interfaces can lock up and in turn disrupting the communicatio...

CVE-2020-8484

Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI all published versions enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash...

Design/Logic Flaw

Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 all published versions enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash...

CVE-2020-8484 ABB System 800xA Inter process communication vulnerability - 800xA for DCI

Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI all published versions enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash...

CVE-2020-8484

ABB System 800xA for DCI contains an inter-process communication protection weakness that allows an authenticated local attacker to inject data, enabling reads/writes to controllers or causing Windows processes to crash. Affected products include System 800xA for DCI (all published versions). CVS...

CVE-2020-12266

An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed...

CVE-2020-10996

An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transitionkey for SST processes in place of the random key expected...

CVE-2020-10996

An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transitionkey for SST processes in place of the random key expected...

UBUNTU-CVE-2020-10996

An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transitionkey for SST processes in place of the random key expected...

CVE-2020-10996

An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transitionkey for SST processes in place of the random key expected...

CVE-2020-10996

CVE-2020-10996 affects Percona XtraDB Cluster prior to 5.7.28-31.41.2. A bundled script sets a static transition_key for SST processes instead of the random key, indicating a potential security weakness in SST key handling. The documented remediation is to upgrade to Percona XtraDB Cluster 5.7.28...

Malicious USB Drives Infect 35,000 Computers With Crypto-Mining Botnet

Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency. The botnet, named "VictoryGate," has been active since May 2019, with infectio...

CVE-2019-12522

A flaw was found in squid. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leavesuid call. leavesuid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their...

WebKit AudioArray::allocate Data Race / Out-Of-Bounds Access Vulnerability

WebKit: Data race in AudioArray::allocate can lead to OOB access VULNERABILITY DETAILS Source/WebCore/platform/audio/AudioArray.h: void allocateChecked n ... while !isAllocationGood // Initially we try to allocate the exact size, but if it's not aligned // then we'll have to reallocate and from...

CVE-2020-4260

IBM UrbanCode Deploy UCD 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639...

Information disclosure

IBM UrbanCode Deploy UCD 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639...

CVE-2020-7277

Protection mechanism failure in all processes in McAfee Endpoint Security ENS for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered...

CVE-2020-7277 McAfee processes not protected

Protection mechanism failure in all processes in McAfee Endpoint Security ENS for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered...