CVE-2020-28360 – private-ip npm package – Incorrect Regular Expression – Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF.
Extraordinary Vulnerabilities Discovered in TCL Android TVs, Now World’s 3rd Largest TV Manufacturer.
CVE-2020-28055 – TCL Android Smart TV (All) – Incorrect Permission Assignment for Critical Vendor Resources – TCL Android TV Vendor Configuration & Upgrade Folders World Writable to Local Attacker
CVE-2020-27403 – TCL Android Smart TV (All) – Exposure of Information Through Directory Listing – TCL Android TV Filesystem Browsable to Unauthenticated Attackers Over the Adjacent Network on Port 7989
CVE-2020-8276 – Exposure of Sensitive Information to an Unauthorized Actor – Brave Browser Potentially Logs The Last Time A Tor Window Was Used.
