Kia Denies Ransomware Attack as IT Outage Continues
From DHS/US-CERT’s National Vulnerability Database CVE-2020-28248
PUBLISHED: 2021-02-20
An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file.
CVE-2020-12668
PUBLISHED: 2021-02-19
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.
CVE-2020-12873
PUBLISHED: 2021-02-19
An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco.
CVE-2020-24392
PUBLISHED: 2021-02-19
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).
CVE-2020-24393
PUBLISHED: 2021-02-19
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack.
Read More HERE