[FD] ARA-2020-005: Insecure Direct Object Reference in 1CRM (CVE-2020-15958)

# Security Advisory ARA-2020-005: Insecure Direct Object Reference (CVE-2020-15958) ## Affected Product(s) and Environment(s) Product: 1CRM <=8.6.7, confirmed for CRBM System ENT-8.6.5, CRBM System ENT-8.6.6 and Startup+ Edition 8.5.15 Environments: All host environments ## Security Risk Severity:

[FD] ModSecurity v3 affected by DoS (CVE-2020-15598)

ModSecurity v3.0.x is affected by a Denial of Service vulnerability due to the global matching of regular expressions. The combination of a non-anchored regular expression and the ModSecurity “capture” action can be exploited via a specially crafted payload. While ModSecurity v2.x used to quit the

[FD] [CVE-2020-16171] Acronis Cyber Backup <= v12.5 Build 16341 Full Unauthenticated SSRF

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION === Product:Acronis Cyber Backup Vendor URL: https://www.acronis.com Type: Server-Side Request Forgery [CWE-918] Date found: 2020-07-30 Date published: 2020-09-14 CVSSv3 Score: