🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-28421

CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.

📖 Read

via "National Vulnerability Database".
140 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2018-20804

A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13.

📖 Read

via "National Vulnerability Database".
126 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2018-20802

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.9, v4.0 versions prior to 4.0.3.

📖 Read

via "National Vulnerability Database".
121 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-7926

A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects: MongoDB Server version 4.4 prior to 4.4.1. Versions before 4.4 are not affected.

📖 Read

via "National Vulnerability Database".
119 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2019-2393

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15.

📖 Read

via "National Vulnerability Database".
116 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2019-20923

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7.

📖 Read

via "National Vulnerability Database".
111 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-7925

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc12; v4.2 versions prior to 4.2.9.

📖 Read

via "National Vulnerability Database".
108 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-1778

When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.

📖 Read

via "National Vulnerability Database".
102 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2019-20924

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.2.

📖 Read

via "National Vulnerability Database".
105 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2019-14553

Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.

📖 Read

via "National Vulnerability Database".
104 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2019-2392

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.

📖 Read

via "National Vulnerability Database".
107 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2018-20805

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10. This issue affects: MongoDB Inc. MongoDB Server 3.6 versions prior to 3.6.10; 4.0 versions prior to 4.0.5.

📖 Read

via "National Vulnerability Database".
134 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2019-14562

Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.

📖 Read

via "National Vulnerability Database".
135 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2019-14559

Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

📖 Read

via "National Vulnerability Database".
140 views
🛡 Cybersecurity & Privacy 🛡 - News
Spotify Users Hit with Rash of Account Takeovers

Users of the music streaming service were targeted by attackers using credential-stuffing approaches.

📖 Read

via "Threat Post".
Threat Post
Spotify Users Hit with Rash of Account Takeovers
Users of the music streaming service were targeted by attackers using credential-stuffing approaches.
137 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-0569

Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.

📖 Read

via "National Vulnerability Database".
123 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2019-14587

Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.

📖 Read

via "National Vulnerability Database".
110 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2019-14586

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

📖 Read

via "National Vulnerability Database".
106 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2019-14563

Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

📖 Read

via "National Vulnerability Database".
99 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-4783

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214.

📖 Read

via "National Vulnerability Database".
91 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-12352

Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

📖 Read

via "National Vulnerability Database".
88 views