7 Tips for Choosing Security Metrics That Matter

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-27638
PUBLISHED: 2020-10-22

receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.

CVE-2020-27642
PUBLISHED: 2020-10-22

A cross-site scripting (XSS) vulnerability exists in the ‘merge account’ functionality in admins.js in BigBlueButton Greenlight 2.7.6.

CVE-2020-27621
PUBLISHED: 2020-10-22

The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user’s IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inab…

CVE-2020-27620
PUBLISHED: 2020-10-22

The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.

CVE-2020-27619
PUBLISHED: 2020-10-22

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

Read More HERE

Leave a Reply