EFF, Security Experts Condemn Politicization of Election Security

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-28917
PUBLISHED: 2020-11-18

An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data (e.g., cleartext passwords if ext:felogin is …

CVE-2020-28915
PUBLISHED: 2020-11-18

A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.

CVE-2020-28183
PUBLISHED: 2020-11-17

SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.

CVE-2020-28092
PUBLISHED: 2020-11-17

PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=

CVE-2020-28914
PUBLISHED: 2020-11-17

An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. Fo…

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips