This week Google has rolled out fixes for multiple vulnerabilities in its Android operating system, including two serious elevation-of-privilege flaws in the Android System component (CVE-2020-0215 and CVE-2020-0416), and a slew of high- and critical-severity issues affecting Qualcomm chips. Overall, the tech giant addressed nearly 50 vulnerabilities as part of October security update for Android.
In addition to Android, Google has patched more than two dozen vulnerabilities in its Chrome browser, the most severe of which could be exploited by a remote attacker to execute arbitrary code on a system, or gain access to sensitive information.
Multiple vulnerabilities have been discovered in Tenda AC15 AC1900 Smart Dual-Band Gigabit WiFi Router, which if exploited could allow a remote attackers to execute arbitrary commands and gain full access to the system. At a present, patches for these bugs are not available, which is unfortunate because some of these flaws (CVE-2018-14558, CVE-2020-10987) have already been observed being exploited in real-world attacks.
GLPI, a free asset and IT management software package, contains numerous vulnerabilities, including two high severity bugs (CVE-2020-15226 and CVE-2020-15176) that allow a remote attacker to execute arbitrary SQL queries in database.
Pepperl+Fuchs Comtrol’s RocketLinx industrial switches have been found to be vulnerable to several dangerous issues, including ones that can be exploited to take complete control of devices, gain access to impacted switches, execute commands, obtain information, or conduct DoS attacks. Note: the vendor has yet to release security updates for these flaws.
qdPM, a free open source web-based project management tool, has multiple vulnerabilities, including a dangerous issue that allows a remote hacker to compromise vulnerable system. As with previous case, there is no official solution to resolve the issues.
GitLab has released updates to address multiple flaws impacting GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed privilege escalation, remote commands execution, cross-site scripting and denial of service (CVE-2020-13333) attacks. Some vulnerabilities (CVE-2020-13332, CVE-2020-13335) could be used by a remote attacker to gain unauthorized access to otherwise restricted functionality.
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.
Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/
UK +44 20 8089 9944