Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Confident in the size of his perimiter defense, he never saw the beach ball heading for the back of his head.
Latest Comment: Confident in the size of his perimiter defense, he never saw the beach ball heading for the back of his head.
Special Report: Computing’s New Normal, a Dark Reading PerspectiveThis special report examines how IT security organizations have adapted to the “new normal” of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.Flash Poll
The Threat from the Internet–and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2020-16135
PUBLISHED: 2020-07-29
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
CVE-2017-18923
PUBLISHED: 2020-07-29
beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials.
CVE-2020-14308
PUBLISHED: 2020-07-29
In grub2 versions before 2.06 the grub memory allocator doesn’t check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts durin…
CVE-2020-5761
PUBLISHED: 2020-07-29
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.
CVE-2020-5762
PUBLISHED: 2020-07-29
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the …
From DHS/US-CERT’s National Vulnerability Database
CVE-2020-16135
PUBLISHED: 2020-07-29
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
CVE-2017-18923
PUBLISHED: 2020-07-29
beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials.
CVE-2020-14308
PUBLISHED: 2020-07-29
In grub2 versions before 2.06 the grub memory allocator doesn’t check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts durin…
CVE-2020-5761
PUBLISHED: 2020-07-29
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.
CVE-2020-5762
PUBLISHED: 2020-07-29
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the …
https://www.malwaredevil.com/2020/07/29/security-flaws-discovered-in-okcupid-dating-service/?utm_source=rss&utm_medium=rss&utm_campaign=security-flaws-discovered-in-okcupid-dating-service
No comments:
Post a Comment