Sophos 2021 Threat Report: Navigating Cybersecurity in an Uncertain World

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-29458
PUBLISHED: 2020-12-02

Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.

CVE-2020-29456
PUBLISHED: 2020-12-02

Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document’s filename. If email consumption is configured in …

CVE-2020-5423
PUBLISHED: 2020-12-02

CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.

CVE-2020-29454
PUBLISHED: 2020-12-02

Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.

CVE-2020-7199
PUBLISHED: 2020-12-02

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access,…

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips