❌ Manchester United: IT Systems Disrupted in Cyberattack ❌
📖 Read
via "Threat Post".
The popular U.K. soccer club confirmed an attack but said personal fan data remains secure.📖 Read
via "Threat Post".
Threat Post
Manchester United: IT Systems Disrupted in Cyberattack
The popular U.K. soccer club confirmed an attack but said personal fan data remains secure.
‼ CVE-2020-7777 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28421 ‼
📖 Read
via "National Vulnerability Database".
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-20804 ‼
📖 Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-20802 ‼
📖 Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.9, v4.0 versions prior to 4.0.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7926 ‼
📖 Read
via "National Vulnerability Database".
A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects: MongoDB Server version 4.4 prior to 4.4.1. Versions before 4.4 are not affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-2393 ‼
📖 Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-20923 ‼
📖 Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7925 ‼
📖 Read
via "National Vulnerability Database".
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc12; v4.2 versions prior to 4.2.9.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-1778 ‼
📖 Read
via "National Vulnerability Database".
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-20924 ‼
📖 Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14553 ‼
📖 Read
via "National Vulnerability Database".
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-2392 ‼
📖 Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-20805 ‼
📖 Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10. This issue affects: MongoDB Inc. MongoDB Server 3.6 versions prior to 3.6.10; 4.0 versions prior to 4.0.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14562 ‼
📖 Read
via "National Vulnerability Database".
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14559 ‼
📖 Read
via "National Vulnerability Database".
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.📖 Read
via "National Vulnerability Database".
❌ Spotify Users Hit with Rash of Account Takeovers ❌
📖 Read
via "Threat Post".
Users of the music streaming service were targeted by attackers using credential-stuffing approaches.📖 Read
via "Threat Post".
Threat Post
Spotify Users Hit with Rash of Account Takeovers
Users of the music streaming service were targeted by attackers using credential-stuffing approaches.
‼ CVE-2020-0569 ‼
📖 Read
via "National Vulnerability Database".
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14587 ‼
📖 Read
via "National Vulnerability Database".
Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14586 ‼
📖 Read
via "National Vulnerability Database".
Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14563 ‼
📖 Read
via "National Vulnerability Database".
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".