‼ CVE-2020-7925 ‼
📖 Read
via "National Vulnerability Database".
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc12; v4.2 versions prior to 4.2.9.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-1778 ‼
📖 Read
via "National Vulnerability Database".
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-20924 ‼
📖 Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14553 ‼
📖 Read
via "National Vulnerability Database".
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-2392 ‼
📖 Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-20805 ‼
📖 Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10. This issue affects: MongoDB Inc. MongoDB Server 3.6 versions prior to 3.6.10; 4.0 versions prior to 4.0.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14562 ‼
📖 Read
via "National Vulnerability Database".
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14559 ‼
📖 Read
via "National Vulnerability Database".
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.📖 Read
via "National Vulnerability Database".
❌ Spotify Users Hit with Rash of Account Takeovers ❌
📖 Read
via "Threat Post".
Users of the music streaming service were targeted by attackers using credential-stuffing approaches.📖 Read
via "Threat Post".
Threat Post
Spotify Users Hit with Rash of Account Takeovers
Users of the music streaming service were targeted by attackers using credential-stuffing approaches.
‼ CVE-2020-0569 ‼
📖 Read
via "National Vulnerability Database".
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14587 ‼
📖 Read
via "National Vulnerability Database".
Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14586 ‼
📖 Read
via "National Vulnerability Database".
Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14563 ‼
📖 Read
via "National Vulnerability Database".
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4783 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12352 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12351 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-6939 ‼
📖 Read
via "National Vulnerability Database".
Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14575 ‼
📖 Read
via "National Vulnerability Database".
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7928 ‼
📖 Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects: MongoDB Inc. MongoDB Server v4.5 versions prior to 4.5.1; v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4854 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4771 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993.📖 Read
via "National Vulnerability Database".