Special Report: Computing’s New Normal, a Dark Reading PerspectiveThis special report examines how IT security organizations have adapted to the “new normal” of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.Flash Poll
The Threat from the Internet–and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2020-16094
PUBLISHED: 2020-07-28
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.
CVE-2020-5377
PUBLISHED: 2020-07-28
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain f…
CVE-2020-15899
PUBLISHED: 2020-07-28
Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble.
CVE-2020-15419
PUBLISHED: 2020-07-28
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Reporter_ImportLicense class. Due to the improper restriction of …
CVE-2020-15416
PUBLISHED: 2020-07-28
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default…
From DHS/US-CERT’s National Vulnerability Database
CVE-2020-16094
PUBLISHED: 2020-07-28
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.
CVE-2020-5377
PUBLISHED: 2020-07-28
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain f…
CVE-2020-15899
PUBLISHED: 2020-07-28
Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble.
CVE-2020-15419
PUBLISHED: 2020-07-28
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Reporter_ImportLicense class. Due to the improper restriction of …
CVE-2020-15416
PUBLISHED: 2020-07-28
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default…
https://www.malwaredevil.com/2020/07/28/avon-server-leaks-user-info-and-administrative-data/?utm_source=rss&utm_medium=rss&utm_campaign=avon-server-leaks-user-info-and-administrative-data
No comments:
Post a Comment