CVE-2020-8618:An assertion check in BIND (that is meant to prevent going beyond the end of a buffer when processing incoming data) can be incorrectly triggered by a large response during zone transfer. Impact: An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to...
Read More
Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.8, 8.9, and 9.0. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. For more information, please visit following URL:https://www.drupal.org/sa-core-2020-004https://www.drupal.org/sa-core-2020-005
WordPress 5.4.1 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. WordPress 5.4.2 is now available. For more information, please visit following URL:https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is...
Read More
CVE-2020-13428:A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. Impact:According to VideoLan’s security bulletin, this vulnerability can be exploited by creating a specially crafted file and tricking a user into opening it...
Read More
