Security Advisories & Alerts

CVE-2020-3347: Cisco Webex Meetings Desktop App Vulnerability

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system...

Read more

CVE-2020-13428: VLC Media Player 3.0.11 Fixes Severe Remote Code Execution Flaw

CVE-2020-13428:A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. Impact:According to VideoLan’s security bulletin, this vulnerability can...

Read more

6 New Vulnerabilities Found on D-Link Home Routers

Palo Alto Networks’ Unit 42 researchers discovered six new vulnerabilities in D-Link wireless cloud routers running their latest firmware.The vulnerabilities were found in the DIR-865L model of D-Link routers. The following are the six vulnerabilities found: CVE-2020-13782: Improper Neutralization of Special Elements Used in a Command (Command Injection)CVE-2020-13786: Cross-Site Request...

Read more

Critical Vulnerabilities in Treck TCP/IP stack software

The JSOF research lab has discovered a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. The 19 vulnerabilities, given the name Ripple20, affect hundreds of millions of devices and include multiple remote code execution vulnerabilities. These vulnerabilities affect Treck TCP/IP stack implementations...

Read more

CVE-2020-12695 : Data Exfiltration & Reflected Amplified TCP DDOS & Port Scan

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. What is UPnP? Universal Plug and Play (UPnP) is a set of networking protocols...

Read more

Page 2 of 7512345...102030...Last »