‘Fancy Bear’ Targets Ukrainian Oil Firm Burisma in Phishing Attack

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-6306
PUBLISHED: 2020-01-14

Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17).

PUBLISHED: 2020-01-14

Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.

PUBLISHED: 2020-01-14

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was intended functionality. Notes: none.

PUBLISHED: 2020-01-14

Norton Power Eraser, prior to, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

PUBLISHED: 2020-01-14

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.

Source: http://www.darkreading.com

Leave a Reply