Vulnerabilities

Re: Etherify 4 – jumping air gaps with real ethernet hardware

December 1, 2020

Posted by Dave Horsfall on Dec 01I'm impressed, but for all the wrong reasons :-) -- Dave VK2KFU If you...

scikit-learn 0.23.2 Local Denial of Service

December 1, 2020

Posted by pabloec20 on Nov 30 svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products,...

Etherify 4 – jumping air gaps with real ethernet hardware

December 1, 2020

Posted by Jacek Lipkowski on Nov 30Hello, Another amusing etherify hack, this time not with raspberry pis, but with normal...

SEC Consult SA-20201123-0 :: Multiple Vulnerabilities in ZTE WLAN router MF253V

November 24, 2020

Posted by SEC Consult Vulnerability Lab on Nov 23SEC Consult Vulnerability Lab Security Advisory < 20201123-0 > ======================================================================= title: Multiple...

CA20201116-01: Security Notice for CA Unified Infrastructure Management

November 24, 2020

Posted by Ken Williams via Fulldisclosure on Nov 23CA20201116-01: Security Notice for CA Unified Infrastructure Management Issued: November 16th, 2020...

KL-001-2020-009 : Barco wePresent Insecure Firmware Image

November 21, 2020

Posted by KoreLogic Disclosures via Fulldisclosure on Nov 20KL-001-2020-009 : Barco wePresent Insecure Firmware Image Title: Barco wePresent Insecure Firmware...

KL-001-2020-008 : Barco wePresent Global Hardcoded Root SSH Password

November 21, 2020

Posted by KoreLogic Disclosures via Fulldisclosure on Nov 20KL-001-2020-008 : Barco wePresent Global Hardcoded Root SSH Password Title: Barco wePresent...

KL-001-2020-007 : Barco wePresent Undocumented SSH Interface Accessible Via Web UI

November 21, 2020

Posted by KoreLogic Disclosures via Fulldisclosure on Nov 20KL-001-2020-007 : Barco wePresent Undocumented SSH Interface Accessible Via Web UI Title:...

KL-001-2020-006 : Barco wePresent Authentication Bypass

November 21, 2020

Posted by KoreLogic Disclosures via Fulldisclosure on Nov 20KL-001-2020-006 : Barco wePresent Authentication Bypass Title: Barco wePresent Authentication Bypass Advisory...

KL-001-2020-005 : Barco wePresent Admin Credentials Exposed In Plain-text

November 21, 2020

Posted by KoreLogic Disclosures via Fulldisclosure on Nov 20KL-001-2020-005 : Barco wePresent Admin Credentials Exposed In Plain-text Title: Barco wePresent...

VTiger v7.0 CRM – (To) Persistent Email Vulnerability

November 20, 2020

Posted by Vulnerability Lab on Nov 20Document Title: =============== VTiger v7.0 CRM - (To) Persistent Email Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2227...

SOWA.OPAC Reflected Cross Site Scripting

November 19, 2020

Posted by hacker on Nov 18 # Title: SOWA.OPAC Reflected Cross Site Scripting # Vulnerability Type: Cross Site Scripting (XSS)...

SEC Consult SA-20201117-0 :: Blind Out-Of-Band XML External Entity Injection in Avaya Web License Manager

November 18, 2020

Posted by SEC Consult Vulnerability Lab on Nov 17SEC Consult Vulnerability Lab Security Advisory < 20201117-0 > ======================================================================= title: Blind...

Fancy Product Designer for WooCommerce – Unrestricted File Upload

November 18, 2020

Posted by Jonathan Gregson via Fulldisclosure on Nov 17## About Fancy Product Designer for WooCommerce Fancy Product Designer for WooCommerce...

Fancy Product Designer for WooCommerce – Stored XSS via SVG upload

November 18, 2020

Posted by Jonathan Gregson via Fulldisclosure on Nov 17## About Fancy Product Designer for WooCommerce Fancy Product Designer for WooCommerce...

SugarCRM v6.5.18 – (Employees) Persistent Cross Site Vulnerability

November 16, 2020

Posted by Vulnerability Lab on Nov 16Document Title: =============== SugarCRM v6.5.18 - (Employees) Persistent Cross Site Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2257...

SugarCRM v6.5.18 – (Contacts) Persistent Cross Site Web Vulnerability

November 16, 2020

Posted by Vulnerability Lab on Nov 16Document Title: =============== SugarCRM v6.5.18 - (Contacts) Persistent Cross Site Web Vulnerability References (Source):...

Intel NUC – Local Privilege Escalation Vulnerability

November 16, 2020

Posted by Vulnerability Lab on Nov 16Document Title: =============== Intel NUC - Local Privilege Escalation Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2267http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24525 CVE-ID:...

Buddypress v6.2.0 WP Plugin – Persistent Web Vulnerability

November 16, 2020

Posted by Vulnerability Lab on Nov 16Document Title: =============== Buddypress v6.2.0 WP Plugin - Persistent Web Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2263...

Froxlor v0.10.16 CP – (Customer) Persistent Vulnerability

November 16, 2020

Posted by Vulnerability Lab on Nov 16Document Title: =============== Froxlor v0.10.16 CP - (Customer) Persistent Vulnerability References (Source): ====================https://www.vulnerability-lab.com/get_content.php?id=2241 Release...

APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0

November 16, 2020

Posted by Apple Product Security via Fulldisclosure on Nov 15APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0 watchOS 7.0 addresses the...

APPLE-SA-2020-11-13-7 Additional information for APPLE-SA-2020-09-24-1 macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave

November 16, 2020

Posted by Apple Product Security via Fulldisclosure on Nov 15APPLE-SA-2020-11-13-7 Additional information for APPLE-SA-2020-09-24-1 macOS Catalina 10.15.7, Security Update 2020-005...

APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0

November 16, 2020

Posted by Apple Product Security via Fulldisclosure on Nov 15APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0 tvOS 14.0 addresses the...

APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0

November 16, 2020

Posted by Apple Product Security via Fulldisclosure on Nov 15APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 iOS...

Vulnerabilities

Re: Etherify 4 – jumping air gaps with real ethernet hardware

scikit-learn 0.23.2 Local Denial of Service

Etherify 4 – jumping air gaps with real ethernet hardware

SEC Consult SA-20201123-0 :: Multiple Vulnerabilities in ZTE WLAN router MF253V

CA20201116-01: Security Notice for CA Unified Infrastructure Management

KL-001-2020-009 : Barco wePresent Insecure Firmware Image

KL-001-2020-008 : Barco wePresent Global Hardcoded Root SSH Password

KL-001-2020-007 : Barco wePresent Undocumented SSH Interface Accessible Via Web UI

KL-001-2020-006 : Barco wePresent Authentication Bypass

KL-001-2020-005 : Barco wePresent Admin Credentials Exposed In Plain-text

VTiger v7.0 CRM – (To) Persistent Email Vulnerability

SOWA.OPAC Reflected Cross Site Scripting

SEC Consult SA-20201117-0 :: Blind Out-Of-Band XML External Entity Injection in Avaya Web License Manager

Fancy Product Designer for WooCommerce – Unrestricted File Upload

Fancy Product Designer for WooCommerce – Stored XSS via SVG upload

SugarCRM v6.5.18 – (Employees) Persistent Cross Site Vulnerability

SugarCRM v6.5.18 – (Contacts) Persistent Cross Site Web Vulnerability

Intel NUC – Local Privilege Escalation Vulnerability

Buddypress v6.2.0 WP Plugin – Persistent Web Vulnerability

Froxlor v0.10.16 CP – (Customer) Persistent Vulnerability

APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0

APPLE-SA-2020-11-13-7 Additional information for APPLE-SA-2020-09-24-1 macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave

APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0

APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0

CISA: CISA Releases Eight Industrial Control Systems Advisories

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Releases Seven Industrial Control Systems Advisories

You may have missed