Netwrix and Stealthbits Merge to Tackle Data Security

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-25013
PUBLISHED: 2021-01-04

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

CVE-2020-26292
PUBLISHED: 2021-01-04

Creeper is an experimental dynamic, interpreted language. The binary release of Creeper Interpreter 1.1.3 contains potential malware. The compromised binary release was available for a few hours between December 26, 2020 at 3:22 PM EST to December 26, 2020 at 11:00 PM EST.
If you used the source c…

CVE-2020-35219
PUBLISHED: 2021-01-04

The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= and uiViewTools_PasswordConfirm= substrin…

CVE-2020-36155
PUBLISHED: 2021-01-04

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defines a user’s role. During the registration pro…

CVE-2020-36156
PUBLISHED: 2021-01-04

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile u…

Read More HERE

Leave a Reply