Title NoMagic (Dassault Systèmes) Teamwork Cloud 18.0-19.0 - Incorrect Permissions Assignment for a Critical Resource Allows Arbitrary Code Execution and...

CVE-2020-28360 – private-ip npm package – Incorrect Regular Expression – Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF.

by admin

November 23, 2020 - Updated on December 31, 2020

CVE ID CVE-2020-28360 CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Internal ID SICK-2020-022 Vendor private-ip Project Product private-ip Product Versions: 1.0.5 and below...

Extraordinary Vulnerabilities Discovered in TCL Android TVs, Now World’s 3rd Largest TV Manufacturer.

by admin

November 9, 2020 - Updated on April 3, 2021

The following piece is the culmination of a three-month long investigation into Smart TVs running Android. Having lived through this...

CVE-2020-28055 – TCL Android Smart TV (All) – Incorrect Permission Assignment for Critical Vendor Resources – TCL Android TV Vendor Configuration & Upgrade Folders World Writable to Local Attacker

by admin

November 9, 2020 - Updated on December 31, 2020

Title TCL Android Smart TV (All) - Incorrect Permission Assignment for Critical Vendor Resources - TCL Android TV Vendor Configuration...

TCL Smart TV Vulnerability Browse Filesystem

CVE-2020-27403 – TCL Android Smart TV (All) – Exposure of Information Through Directory Listing – TCL Android TV Filesystem Browsable to Unauthenticated Attackers Over the Adjacent Network on Port 7989

by admin

November 9, 2020 - Updated on December 31, 2020

Title TCL Android Smart TV (All) - Exposure of Information Through Directory Listing - TCL Android TV Filesystem Browsable to...

CVE-2020-8276 – Exposure of Sensitive Information to an Unauthorized Actor – Brave Browser Potentially Logs The Last Time A Tor Window Was Used.

by admin

November 5, 2020 - Updated on November 24, 2020

Title Exposure of Sensitive Information to an Unauthorized Actor - Brave Browser Potentially Logs The Last Time A Tor Window...

SICK-2020-004 Hindotech HK1 TV Box - Root Privilege Escalation - Improper Access Control

CVE-2020-27402 – Hindotech HK1 TV Box – Root Privilege Escalation

by admin

October 12, 2020 - Updated on November 24, 2020

CVE-2020-27402 Hindotech HK1 TV Box - Root Privilege Escalation - Improper Access Control CVE ID CVE-2020-27402 CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H...

CVE-2020-15590 – Private Internet Access VPN for Linux – Exposure of Sensitive Information to an Unauthorized Actor

by admin

August 31, 2020 - Updated on November 24, 2020

CVE-2020-15590 Private Internet Access VPN for Linux - Exposure of Sensitive Information to an Unauthorized Actor CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...

No Result

View All Result

Security

CVE-2021-29662 – Perl module Data::Validate::IP – Improper Input Validation of octal literals in Perl Data::Validate::IP v0.29 and below results in indeterminate SSRF & RFI vulnerabilities.

Universal “netmask” npm package, used by 270,000+ projects, vulnerable to octal input data: server-side request forgery, remote file inclusion, local file inclusion, and more (CVE-2021-28918)

CVE-2021-28918 – netmask npm package – Improper Input Validation in netmask npm package v1.1.0 and below of octal literals results in indeterminate SSRF & RFI vulnerabilities.

Finding a Vulnerability in Teamwork Cloud Server (NoMagic, 3DS), Which Is Used By Gov/Enterprise to Design Rockets, Missiles, and Satellites.

CVE-2020-25507 – NoMagic (Dassault Systèmes 3DS) Teamwork Cloud 18.0-19.0 – Incorrect Permissions Assignment for a Critical Resource Allows Arbitrary Code Execution and Local Privilege Escalation to Root.

CVE-2020-28360 – private-ip npm package – Incorrect Regular Expression – Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF.

Extraordinary Vulnerabilities Discovered in TCL Android TVs, Now World’s 3rd Largest TV Manufacturer.

CVE-2020-28055 – TCL Android Smart TV (All) – Incorrect Permission Assignment for Critical Vendor Resources – TCL Android TV Vendor Configuration & Upgrade Folders World Writable to Local Attacker

CVE-2020-27403 – TCL Android Smart TV (All) – Exposure of Information Through Directory Listing – TCL Android TV Filesystem Browsable to Unauthenticated Attackers Over the Adjacent Network on Port 7989

CVE-2020-8276 – Exposure of Sensitive Information to an Unauthorized Actor – Brave Browser Potentially Logs The Last Time A Tor Window Was Used.

CVE-2020-27402 – Hindotech HK1 TV Box – Root Privilege Escalation

CVE-2020-15590 – Private Internet Access VPN for Linux – Exposure of Sensitive Information to an Unauthorized Actor

Welcome Back!

Create New Account!

Retrieve your password