βΌ CVE-2020-14732 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2020-14829 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2020-14845 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2020-14877 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2020-14890 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2020-14876 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).π Read
via "National Vulnerability Database".
β Oracle Kills 402 Bugs in Massive October Patch Update β
π Read
via "Threat Post".
Over half of Oracle's flaws in its quarterly patch update can be remotely exploitable without authentication; 65 are critical, and two have CVSS scores of 10 out of 10.π Read
via "Threat Post".
Threat Post
Oracle Kills 402 Bugs in Massive October Patch Update
Over half of Oracle's flaws in its quarterly patch update can be remotely exploitable without authentication; two have CVSS scores of 10 out of 10.
π΄ How AI Will Supercharge Spear-Phishing π΄
π Read
via "Dark Reading".
To keep pace with intelligent, unpredictable threats, cybersecurity will have to adopt an intelligent security of its own.π Read
via "Dark Reading".
Dark Reading
How AI Will Supercharge Spear-Phishing
To keep pace with intelligent, unpredictable threats, cybersecurity will have to adopt an intelligent security of its own.
π΄ Dealing With Insider Threats in the Age of COVID π΄
π Read
via "Dark Reading".
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.π Read
via "Dark Reading".
Dark Reading
Dealing With Insider Threats in the Age of COVID
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
βΌ CVE-2020-5651 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5650 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
β Cisco Warns of Severe DoS Flaws in Network Security Software β
π Read
via "Threat Post".
The majority of the bugs in Ciscoβs Firepower Threat Defense (FTD) and Adaptive Security Appliance (ASA) software can enable denial of service (DoS) on affected devices.π Read
via "Threat Post".
Threat Post
Cisco Warns of Severe DoS Flaws in Network Security Software
The majority of the bugs in Ciscoβs Firepower Threat Defense (FTD) and Adaptive Security Appliance (ASA) software can enable denial of service (DoS) on affected devices.
π NSA: Patch These 25 Vulnerabilities to Deter Chinese Hackers π
π Read
via "Digital Guardian".
In hopes that enterprises patch them, the NSA shared a list of 25 vulnerabilities currently being targeted by Chinese hackers.π Read
via "Digital Guardian".
Digital Guardian
NSA: Patch These 25 Vulnerabilities to Deter Chinese Hackers
In hopes that enterprises patch them, the NSA shared a list of 25 vulnerabilities currently being targeted by Chinese hackers.
π΄ As Smartphones Become a Hot Target, Can Mobile EDR Help? π΄
π Read
via "Dark Reading".
Lookout Security debuts a mobile endpoint detection and response offering that will integrate into its mobile security platform.π Read
via "Dark Reading".
Dark Reading
As Smartphones Become a Hot Target, Can Mobile EDR Help?
Lookout Security debuts a mobile endpoint detection and response offering that will integrate into its mobile security platform.
β Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks β
π Read
via "Threat Post".
The Feds have published a Top 25 exploits list, rife with big names like BlueKeep, Zerologon and other notorious security vulnerabilities.π Read
via "Threat Post".
Threat Post
Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks
The Feds have published a Top 25 exploits list, rife with big names like BlueKeep, Zerologon and other notorious security vulnerabilities.
βΌ CVE-2020-3563 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a large number of TCP packets to a specific port on an affected device. A successful exploit could allow the attacker to exhaust system memory, which could cause the device to reload unexpectedly. No manual intervention is needed to recover the device after it has reloaded.π Read
via "National Vulnerability Database".
βΌ CVE-2020-3565 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies (including Geolocation) and Service Polices on an affected system. The vulnerability exists because TCP Intercept is invoked when the embryonic connection limit is reached, which can cause the underlying detection engine to process the packet incorrectly. An attacker could exploit this vulnerability by sending a crafted stream of traffic that matches a policy on which TCP Intercept is configured. A successful exploit could allow the attacker to match on an incorrect policy, which could allow the traffic to be forwarded when it should be dropped. In addition, the traffic could incorrectly be dropped.π Read
via "National Vulnerability Database".
βΌ CVE-2020-3317 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances. The vulnerability is due to insufficient input validation in the ssl_inspection component. An attacker could exploit this vulnerability by sending a malformed TLS packet through a Cisco Adaptive Security Appliance (ASA). A successful exploit could allow the attacker to crash a Snort instance, resulting in a denial of service (DoS) condition.π Read
via "National Vulnerability Database".
βΌ CVE-2020-3585 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange. An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. To exploit this vulnerability, an attacker must be able to perform both of the following actions: Capture TLS traffic that is in transit between clients and the affected device Actively establish a considerable number of TLS connections to the affected deviceπ Read
via "National Vulnerability Database".
βΌ CVE-2020-3599 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
π΄ Oracle Releases Another Mammoth Security Patch Update π΄
π Read
via "Dark Reading".
October's CPU contains 402 patches for vulnerabilities across 29 product sets, many of which are remotely executable without the need for authentication.π Read
via "Dark Reading".
Dark Reading
Oracle Releases Another Mammoth Security Patch Update
October's CPU contains 402 patches for vulnerabilities across 29 product sets, many of which are remotely executable without the need for authentication.