Vumetric Cybersecurity Portal

Security expert weighs in on cybersecurity regulation and ransomware attacks of US cities

2020-05-26 20:03

Bryson Bort, founder and CEO of cybersecurity company SCYTHE, fears "death by a thousand paper...

#security

Security expert weighs in on cybersecurity regulation and ransomware attacks of US cities

2020-05-26 20:00

Bryson Bort, founder and CEO of cybersecurity company SCYTHE, fears "death by a thousand paper...

#security

If someone could stop hackers pwning medical systems right now, that would be cool, say Red Cross and friends

2020-05-26 19:51

The rules of war that protect hospitals should extend into cyberspace Following the surge of...

Hacker Behind 'Doxxing' of German Politicians Charged

2020-05-26 17:04

German prosecutors said Tuesday they had brought charges against a 22-year-old hacker who...

#hacker #hack

How bots impact retail and e-commerce

2020-05-26 16:51

Akamai CTO Patrick Sullivan explains how bots affect pricing and availability for various retail...

New iPhone jailbreak released

2020-05-26 16:38

Apple’s latest iOS versions have only been out for a week, but there's already a jailbreak available.

Airline-chasing lawyers leap on Easyjet for £18bn after 9m folks' data, itineraries nicked

2020-05-26 16:22

No win, no fee. But if they win it's an up to £5.4bn fee A law firm that is already chasing...

#AI #airline

Vulnerabilities by Risk level (Last 12 months)

Risk level	Last 12 months	#
Critical		1085
High		2990
Medium		11020
Low		2089

Vulnerabilities by Vendor (Last 12 months)

Vendor	Last 12 months	#
Microsoft		808
Oracle		521
Google		963
Apple		339
IBM		425

Latest Vulnerabilities

CVE-2020-13486

Medium

2020-05-25 23:15
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
CVE-2020-13485

Medium

2020-05-25 23:15
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
CVE-2020-13482

Medium

2020-05-25 22:15
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server...
CVE-2020-13459

Medium

2020-05-25 17:15
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
CVE-2020-13458

Medium

2020-05-25 17:15
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.

Latest Critical Vulnerabilities

CVE-2020-1176 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Critical

2020-05-21 23:15
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID...

CWE-119 - Improper...
CVE-2020-1175 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Critical

2020-05-21 23:15
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID...

CWE-119 - Improper...
CVE-2020-1174 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Critical

2020-05-21 23:15
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID...

CWE-119 - Improper...
CVE-2020-1051 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Critical

2020-05-21 23:15
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID...

CWE-119 - Improper...
CVE-2020-13252 - OS Command Injection vulnerability in Centreon

Critical

2020-05-21 04:15
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the...

CWE-78 - OS Command Injection
CVE-2020-9409 - Incorrect Default Permissions vulnerability in Tibco Jasperreports Server

Critical

2020-05-20 13:15
The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a...

CWE-276 - Incorrect...
CVE-2020-13129 - Information Exposure vulnerability in Heinekingmedia Stashcat

Critical

2020-05-18 05:15
An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query...

CWE-200 - Information Exposure
CVE-2020-12651 - Integer Overflow OR Wraparound vulnerability in Vandyke Securecrt

Critical

2020-05-15 18:15
SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX.

CWE-190 - Integer Overflow...