Riasztások

US CERT: Current Activity · 47 perc 47 másodperc

Fortinet FortiOS System File Leak

Original release date: November 27, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of the possible exposure of passwords on Fortinet devices that are vulnerable to CVE 2018-13379. Exploitation of this vulnerability may allow an unauthenticated attacker to access FortiOS system files. Potentially affected devices may be located in the United States.

Fortinet has released a security advisory to highlight mitigation of this vulnerability. CISA encourages users and administrators to review the advisory and apply the necessary updates immediately. Additionally, CISA recommends Fortinet users conduct a thorough review of logs on any connected networks to detect any additional threat actor activity.

This product is provided subject to this Notification and this Privacy & Use policy.

Linux security Advisories · 6 óra 25 perc

SUSE: 2020:3548-1 important: MozillaFirefox>

An update that fixes 12 vulnerabilities is now available.
NVD: all CVE · 10 óra 30 perc

CVE-2020-25738

CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.
Linux security Advisories · 10 óra 47 perc

Debian LTS: DLA-2466-1: drupal7 security update>

Two vulnerabilities were found in the Archive_Tar PHP module, used by Drupal, which could result in the execution of arbitrary code if a malicious user is allowed to upload tar archives.
NVD: all CVE · 12 óra 30 perc

CVE-2020-29144

In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework.
NVD: all CVE · 12 óra 30 perc

CVE-2020-29145

In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework.
NVD: all CVE · 14 óra 30 perc

CVE-2020-29136

In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
NVD: all CVE · 14 óra 30 perc

CVE-2020-29137

cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).
NVD: all CVE · 14 óra 30 perc

CVE-2020-29135

cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).
NVD: all CVE · 15 óra 30 perc

CVE-2020-29133

jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter.
NVD: all CVE · 16 óra 30 perc

CVE-2020-12262

Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS.