Cyber Security

Name That Toon: Insider Threat


Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-20949
PUBLISHED: 2021-01-20

Bleichenbacher’s attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher’s oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vul…

CVE-2020-25683
PUBLISHED: 2021-01-20

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. T…

CVE-2020-25684
PUBLISHED: 2021-01-20

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query,…

CVE-2020-25685
PUBLISHED: 2021-01-20

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSS…

CVE-2020-35271
PUBLISHED: 2021-01-20

Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Employees, First Name and Last Name fields.



 

Source link

Back to top button
SoundCloud To Mp3