** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
Daily Archives: March 22, 2023
CVE-2020-0581
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
CVE-2020-0580
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
CVE-2020-0579
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
CVE-2020-0552
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
CVE-2020-0509
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
aCropalypse now! Cropped and redacted images suffer privacy fail on Google Pixel smartphones
Have you ever shared a photograph where you’ve redacted some sensitive information?
Perhaps you’ve cropped out part of the image you didn’t want others to see?
Well, users of Google’s Pixel Android smartphone might be alarmed to learn that pictures they’ve shared in the past may have been less discreet than they imagined.
Read more in my article on the Hot for Security blog.
Average enterprise storage/backup device has 14 vulnerabilities, three high or critical risks
The average enterprise storage and backup device has 14 vulnerabilities, three of which are high or critical risk that could present a significant compromise if exploited. That’s according to Continuity’s State of Storage and Backup Security Report 2023, which revealed a significant gap in the state of enterprise storage and backup security compared to other layers of IT and network security. The findings are based on assessments of 245 environments with 8,589 storage and backup devices from leading providers including Dell, NetApp, Veritas, and Hitachi Vantara.
Backslash AppSec solution targets toxic code flows, threat model automation
Backslash Security has announced its launch with a new cloud-native application security (AppSec) solution designed to identify toxic code flows and automate threat models. The solution is built to address time-consuming and manual methods for discovering and mapping applications code risks, along with filling the cloud-native context gaps left by traditional static application security testing (SAST) tools, Backslash stated.
Multiple Vulnerabilities in FortiWeb could allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in FortiWeb, which could allow for Arbitrary Code Execution. FortiWeb is a web application firewall (WAF). Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.