Information Disclosure

chromium is vulnerable to information disclosure. The vulnerability exists through the inappropriate implementation in cache that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

Design/Logic Flaw

An issue was discovered in the GPS daemon on Samsung mobile devices with O8.x, P9.0, and Q10.0 non-Qualcomm chipsets software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 December 2020...

CVE-2020-35552

An issue was discovered in the GPS daemon on Samsung mobile devices with O8.x, P9.0, and Q10.0 non-Qualcomm chipsets software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 December 2020...

Security Bulletin: PostgresSQL JDBC Driver as used in IBM QRadar SIEM is vulnerable to information disclosure (CVE-2020-13692)

Summary PostgresSQL JDBC Driver as used in IBM QRadar SIEM is vulnerable to information disclosure caused by an XML external entity XXE Vulnerability Details CVEID: CVE-2020-13692 DESCRIPTION: PostgreSQL JDBC Driver could allow a remote authenticated attacker to obtain sensitive information, caus...

Automattic: XSS in Email Input [intensedebate.com]

Summary: I found an XSS in Email input. This input is not sanitized like other inputs allowing user to execute xss payloads. Platforms Affected: https://www.intensedebate.com/edit-user-account Steps To Reproduce: 1. Navigate to your account. 2. In email address, add the below payload next to your...

CVE-2020-27130

Cisco Security Manager (CSM) contains a path-traversal vulnerability (CVE-2020-27130) that allows an unauthenticated, remote attacker to download arbitrary files from an affected device. The root cause is improper validation of directory traversal sequences in requests to CSM, enabling crafted re...

CVE-2020-2307

Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables...

CVE-2020-2307

Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables...

Ubuntu: Security Advisory (USN-4600-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Backup, Restore and Migrate plugin 4.2.1 – 4.2.12 - Unprotected AJAX Action to Arbitrary File Overwrite and Sensitive Information Disclosure vulnerability

Unprotected AJAX Action to Arbitrary File Overwrite and Sensitive Information Disclosure vulnerability discovered by Chloe Chamberland WordFence in WordPress Backup, Restore and Migrate plugin versions 4.2.1 – 4.2.12. Solution Update the WordPress Backup, Restore and Migrate plugin to the latest...

CVE-2014-1420

On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the OEXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by...

CVE-2020-3518 Cisco Data Center Network Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of the affected software. The vulnerability exists because the...

Cisco SD-WAN vManage Software Directory Traversal Vulnerability

A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation o...

iPhone Apps Stealing Clipboard Data

iOS apps are repeatedly reading clipboard data, which can include all sorts of sensitive information. While Haj Bakry and Mysk published their research in March, the invasive apps made headlines again this week with the developer beta release of iOS 14. A novel feature Apple added provides a bann...

Microsoft Windows Multiple Vulnerabilities (KB4561612)

This host is missing a critical security update according to Microsoft KB4561612 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Dark web hacker leaks sensitive Indian defense contractor data

By Waqas Indian defense contactor Bharat Earth Movers Limited BEML has been hacked. This is a post from HackRead.com Read the original post: Dark web hacker leaks sensitive Indian defense contractor data...

CVE-2020-11550

The CVE-2020-11550 entry concerns NETGEAR Orbi devices: SRS60 AC3000 (SW 2.5.1.106), Outdoor Satellite RBS50Y (2.5.1.106), and SRR60 AC3000 (2.5.1.106). The issue is an unauthenticated disclosure via the administrative SOAP interface that can leak sensitive Wi‑Fi data, including SSIDs and PSKs. R...

CVE-2020-5248 Public GLPIKEY can be used to decrypt any data in GLPI

GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data mu...

CVE-2020-3318

Multiple vulnerabilities in Cisco Firepower Management Center FMC Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of...

CVE-2020-3301 Cisco Firepower Management Center Static Credential Vulnerabilities

Multiple vulnerabilities in Cisco Firepower Management Center FMC Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of...