### Credit:
Author: duykham
Date: 2020-Apr-13
### Affected version:
Firefox 75.0 (64-bit), latest version as of 2020-Apr-13.
Google Chrome v81.0.4044.92 (64-bit) latest version as of 2020-Apr-13.
Platform: Windows 10
(As of my knowledge, until today 2020/05/31, there is no fix yet, late
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2020-06-01-1 iOS 13.5.1 and iPadOS 13.5.1
iOS 13.5.1 and iPadOS 13.5.1 are now available and address the
following:
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impac
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2020-06-01-2 macOS Catalina 10.15.5 Supplemental Update,
Security Update 2020-003 High Sierra
macOS Catalina 10.15.5 Supplemental Update, Security Update 2020-003
High Sierra are now available and address the following:
Kernel
Available fo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2020-06-01-3 tvOS 13.4.6
tvOS 13.4.6 is now available and addresses the following:
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2020-06-01-4 watchOS 6.2.6
watchOS 6.2.6 is now available and addresses the following:
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A
Hi list,
Managed to reproduce BIAS (Bluetooth Impersonation Attack) CVE 2020-10135.
Impersonation of any previously paired and connected Bluetooth device in
vulnerable setup. Reproduction on Linux host and Samsung S3 Neo+ mobile.
More info in the repo:
https://github.com/marcinguy/CVE-2020-10135-
Original post:
https://www.redtimmy.com/java-hacking/apache-tomcat-rce-by-deserialization-cve-2020-9484-write-up-and-exploit/
SUMMARY
Apache Tomcat is affected by a Java deserialization vulnerability, if
the PersistentManager is configured as session manager. Successful
exploitation requires t
Sabberworm PHP CSS parser - Code injection
===
Identifiers
-
* CVE-2020-13756
CVSSv3 score
-
8.6 - [AV:N/AC:L/PR:N/UI:N/S:U/