Twitter Taps Mudge

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-27130
PUBLISHED: 2020-11-17

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerab…

CVE-2020-27131
PUBLISHED: 2020-11-17

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected…

CVE-2020-27125
PUBLISHED: 2020-11-17

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing…

CVE-2020-14389
PUBLISHED: 2020-11-17

It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.

CVE-2020-15349
PUBLISHED: 2020-11-17

BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions.

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips