Kia Denies Ransomware Attack as IT Outage Continues

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-28248
PUBLISHED: 2021-02-20

An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file.

CVE-2020-12668
PUBLISHED: 2021-02-19

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.

CVE-2020-12873
PUBLISHED: 2021-02-19

An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco.

CVE-2020-24392
PUBLISHED: 2021-02-19

In voloko twitter-stream 0.1.10, missing TLS…

Exit mobile version