πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-6316 β€Ό

SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.

πŸ“– Read

via "National Vulnerability Database".
65 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26808 β€Ό

SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application.

πŸ“– Read

via "National Vulnerability Database".
66 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26819 β€Ό

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control.

πŸ“– Read

via "National Vulnerability Database".
64 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26815 β€Ό

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network to retrieve sensitive / confidential resources which are otherwise restricted for internal usage only, resulting in a Server-Side Request Forgery vulnerability.

πŸ“– Read

via "National Vulnerability Database".
63 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26814 β€Ό

SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure.

πŸ“– Read

via "National Vulnerability Database".
65 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26817 β€Ό

SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

πŸ“– Read

via "National Vulnerability Database".
67 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-27403 β€Ό

A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files & directories. An unprivileged remote attacker on the adjacent network, can download most system files, leading to serious critical information disclosure.

πŸ“– Read

via "National Vulnerability Database".
70 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26809 β€Ό

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality.

πŸ“– Read

via "National Vulnerability Database".
74 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25074 β€Ό

The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.

πŸ“– Read

via "National Vulnerability Database".
79 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26818 β€Ό

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure.

πŸ“– Read

via "National Vulnerability Database".
85 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26822 β€Ό

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service.

πŸ“– Read

via "National Vulnerability Database".
90 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26821 β€Ό

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service.

πŸ“– Read

via "National Vulnerability Database".
92 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Cloud Usage, Biometrics Surge As Remote Work Grows Permanent πŸ•΄

A new report reveals organizations are increasing their adoption of biometric authentication and disallowing SMS as a login method.

πŸ“– Read

via "Dark Reading".
Dark Reading
Cloud Usage, Biometrics Surge As Remote Work Grows Permanent
A new report reveals organizations are increasing their adoption of biometric authentication and disallowing SMS as a login method.
105 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” New Government Contractor Cybersecurity Requirements Loom πŸ”

A new cybersecurity rule will go into effect for DoD contractors at the end of the month to enhance the protection of unclassified information within the supply chain.

πŸ“– Read

via "Digital Guardian".
Digital Guardian
New Government Contractor Cybersecurity Requirements Loom
A new cybersecurity rule will go into effect for DoD contractors at the end of the month to enhance the protection of unclassified information within the supply chain.
132 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Scalper-Bots Shake Down Desperate PS5, Xbox Series X Shoppers ❌

Retail bots are helping scalpers scoop up PS5, Xbox Series X inventory and charge massive markups.

πŸ“– Read

via "Threat Post".
Threat Post
Scalper-Bots Shake Down Desperate PS5, Xbox Series X Shoppers
Retail bots are helping scalpers scoop up PS5, Xbox Series X inventory and charge massive markups.
91 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs ❌

Intel released 40 security advisories in total, addressing critical- and high-severity flaws across its Active Management Technology, Wireless Bluetooth and NUC products.

πŸ“– Read

via "Threat Post".
Threat Post
Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs
Intel released 40 security advisories in total, addressing critical- and high-severity flaws across its Active Management Technology, Wireless Bluetooth and NUC products.
92 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28368 β€Ό

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.

πŸ“– Read

via "National Vulnerability Database".
95 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2019-7357 β€Ό

Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.

πŸ“– Read

via "National Vulnerability Database".
95 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23968 β€Ό

Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.

πŸ“– Read

via "National Vulnerability Database".
99 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-27165 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-28050. Reason: This candidate is a reservation duplicate of CVE-2020-28050. Notes: All CVE users should reference CVE-2020-28050 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

πŸ“– Read

via "National Vulnerability Database".
102 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Microsoft Patch Tuesday Update Fixes 17 Critical Bugs ❌

Remote code execution vulnerabilities dominate this month’s security bulletin of warnings and patches.

πŸ“– Read

via "Threat Post".
Threat Post
Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Remote code execution vulnerabilities dominate this month’s security bulletin of warnings and patches.
121 views