Alerts and Advisories




January   February   March   April   May   June  


  • Vulnerability in glib-networking (29 Jun 2020)

    It has been discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information.

  • zziplib security update (28 Jun 2020)

    Multiple vulnerabilities have been fixed in zziplib, a library providing read access on ZIP-archives. They are basically all related to invalid memory access and resulting crash or memory leak. It is recommended to upgrade the zziplib packages.

  • pngquant security update (28 Jun 2020)

    It has been discovered that pngquant, a PNG (Portable Network Graphics) image optimising utility, is susceptible to a buffer overflow write issue triggered by a maliciously crafted png image, which could lead into denial of service or other issues. It is recommended to upgrade the pngquant packages.

  • libtirpc security update (28 Jun 2020)

    It has been discovered that libtiprc, a transport-independent RPC library, could be used for a denial of service or possibly unspecified other impact by a stack-based buffer overflow due to a flood of crafted ICMP and UDP packets. It is recommended to upgrade the libtirpc packages.

  • libtasn1-6 security update (28 Jun 2020)

    A vulnerability has been discovered in Libtasn1, a library to manage ASN.1 structures, allowing a remote attacker to cause a denial of service against an application using the Libtasn1 library. It is recommended to upgrade the libtasn1-6 packages.

  • mcabber security update (28 Jun 2020)

    It has been discovered that there was a "roster push attack" in mcabber, a console-based Jabber (XMPP) client. This is identical to CVE-2015-8688 for gajim. It is recommended to upgrade the mcabber packages.

  • picocom security update (28 Jun 2020)

    It has been discovered that there was a command injection vulnerability in picocom, a minimal dumb-terminal emulation program. It is recommended to upgrade the picocom packages.

  • Denial of Service vulnerability in Apache Tomcat (25 Jun 2020)

    It has been discovered that a specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. An attacker could exploit this vulnerability to cause a denial-of-service condition. The affected versions are Apache Tomcat 8.5.0 to 8.5.55, 9.0.0.M1 to 9.0.35 and 10.0.0-M1 to 10.0.0-M5.

  • Vulnerability Summary (22 Jun 2020)

    Summary of vulnerabilities for the week of June 15, 2020.

  • ngircd security update (21 Jun 2020)

    It has been discovered that there was an out-of-bounds access vulnerability in the server-server protocol in the ngircd Internet Relay Chat (IRC) server. It is recommended to upgrade the ngircd packages.

  • lynis security update (21 Jun 2020)

    It has been discovered that there was a vulnerability in lynis, a security auditing tool. The license key could be obtained by simple observation of the process list when a data upload is being performed. It is recommended to upgrade the lynis packages.

  • Multiple vulnerabilities in DB2 (19 Jun 2020)

    Multiple vulnerabilities have been discovered in DB2 which affect IBM i2 EIA. The affected versions are IBM i2 Analyze 4.3.0, 4.3.1 and 4.3.2.

  • Multiple vulnerabilities in BIOTRONIK's Equipment (18 Jun 2020)

    Multiple vulnerabilities such as Improper Authentication, Cleartext Transmission of Sensitive Information, Missing Encryption of Sensitive Data, and Storing Passwords in a Recoverable Format have been discovered in BIOTRONIK's Equipment- CardioMessenger II-S T-Line and CardioMessenger II-S GSM. Successful exploitation of these vulnerabilities could allow an attacker with physical access to the CardioMessenger to obtain sensitive data, obtain transmitted medical data from implanted cardiac devices with the implant’s serial number or impact Cardio Messenger II product functionality. Successful exploitation of these vulnerabilities could allow an attacker with adjacent access to influence communications between the Home Monitoring Unit (HMU) and the Access Point Name (APN) gateway network.

  • Multiple vulnerabilities in Baxter's Equipment (18 Jun 2020)

    Multiple vulnerabilities have been discovered in Baxter's Equipment- Baxter ExactaMix EM 2400 & EM 1200, Phoenix Hemodialysis Delivery System, PrismaFlex and PrisMax, and Sigma Spectrum Infusion Pumps. Successful exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

  • Multiple vulnerabilities in Mitsubishi Electric's Equipment (18 Jun 2020)

    Multiple vulnerabilities have been discovered in Mitsubishi Electric's Equipment- MC Works64 and MC Works32. Successful exploitation of these vulnerabilities may allow remote code execution, a denial-of-service condition, information disclosure, or information tampering.

  • Vulnerability in Johnson Controls' Equipment (18 Jun 2020)

    Improper Verification of Cryptographic Signature vulnerability has been discovered in Johnson Controls' Equipment- exacqVision. Successful exploitation of this vulnerability could allow an attacker with administrative privileges to potentially download and run a malicious executable that could allow the execution of operating system commands on the system.

  • Multiple vulnerabilities in Treck Inc's Equipment (18 Jun 2020)

    Multiple vulnerabilities such as Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, and Improper Access Control have been discovered in Treck Inc's Equipment- TCP/IP. Successful exploitation of these vulnerabilities may allow remote code execution or exposure of sensitive information.

  • Multiple vulnerabilities in Rockwell Automation's FactoryTalk View SE (18 Jun 2020)

    Multiple vulnerabilities such as Improper Input Validation, Improper Restriction of Operations Within The Bounds of a Memory Buffer, Permissions, Privileges, and Access Controls, and Exposure of Sensitive Information to an Unauthorized Actor have been discovered in Rockwell Automation's Equipment- FactoryTalk View SE. Successful exploitation of these vulnerabilities may allow a remote authenticated attacker to manipulate data of affected devices.

  • Vulnerability in Rockwell Automation's FactoryTalk Services Platform (18 Jun 2020)

    Improper Input Validation vulnerability has been discovered in Rockwell Automation's Equipment- FactoryTalk Services Platform. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute remote COM objects with elevated privileges.

  • Multiple vulnerabilities in ICONICS' Equipment (18 Jun 2020)

    Multiple vulnerabilities such as buffer overflow or memory corruption have been discovered in ICONICS' Equipment- GENESIS64 and GENESIS32. Successful exploitation of these vulnerabilities may allow remote code execution or denial of service.

  • Vulnerability in McAfee Advanced Threat Defense (18 Jun 2020)

    Improper Access Control vulnerability has been discovered in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 that allows local users to view sensitive files via a carefully crafted HTTP request parameter. It is recommended to upgrade to Advanced Threat Defense (ATD) 4.10.0.

  • Vulnerability in VMware Tools for macOS (18 Jun 2020)

    It has been discovered that VMware Tools for macOS contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs.

  • Drupal releases security updates (17 Jun 2020)

    Drupal has released security updates to address multiple vulnerabilities such as Access bypass, Arbitrary PHP code execution and Cross Site Request Forgery affecting Drupal 7, 8.8, 8.9, and 9.0. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in BIND (17 Jun 2020)

    Multiple vulnerabilities have been discovered affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The affected versions are BIND 9.16.0 to 9.16.3, BIND 9.11.14 to 9.11.19, BIND 9.14.9 to 9.14.12, BIND 9.16.0 to 9.16.3 and versions 9.11.14-S1 to 9.11.19-S1 of BIND Supported Preview Edition.

  • Cisco releases multiple security updates (17 Jun 2020)

    Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Elevation of Privilege vulnerability in Windows Spatial Data Service (17 Jun 2020)

    It has been discovered that an elevation of privilege vulnerability exists in Windows 10 version 1903 when the Windows Spatial Data Service improperly handles objects in memory. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation.

  • Adobe releases security updates for multiple products (16 Jun 2020)

    Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability Summary (15 Jun 2020)

    Summary of vulnerabilities for the week of June 08, 2020.

  • Google releases security updates for Chrome (15 Jun 2020)

    Google has released Chrome version 83.0.4103.106 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Vulnerability in Hitachi Automation Director and Hitachi Ops Center Automator (12 Jun 2020)

    A Path Traversal vulnerability has been discovered in Hitachi Automation Director and Hitachi Ops Center Automator. The affected versions are Hitachi Automation Director 8.1.1-00 or more and less than 10.1.1-00 (Windows), Hitachi Automation Director 8.2.0-00 or more and less than 10.1.1-00 (Linux) and Hitachi Ops Center Automator 10.0.0-00 or more and less than 10.1.0-00 (Windows, Linux). It is recommended to upgrade to the appropriate version.

  • Multiple vulnerabilities in Citrix Workspace app and Receiver for Windows (11 Jun 2020)

    Multiple vulnerabilities have been discovered in Citrix Workspace app and Receiver for Windows that could result in a local user escalating their privilege level to administrator during the uninstallation process. These vulnerabilities do not affect Citrix Workspace app and Receiver on any other platforms.

  • Vulnerability in Philips' Equipment (11 Jun 2020)

    It has been discovered that unencrypted user credentials were stored in transaction logs in Philips' Equipment- IntelliBridge Enterprise (IBE) system. Successful exploitation of this vulnerability may allow an existing administrator and/or high privileged system user access to credentials to the hospital’s clinical information systems.

  • Multiple vulnerabilities in Rockwell Automation's Equipment (11 Jun 2020)

    Multiple vulnerabilities such as Improper Input Validation, Path Traversal, and Unrestricted Upload of File with Dangerous Type have been discovered in Rockwell Automation's Equipment- FactoryTalk Linx Software. Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition, obtain remote code execution, and read sensitive information.

  • Vulnerability in OSIsoft's Equipment (11 Jun 2020)

    Cross-site Scripting vulnerability has been discovered in OSIsoft's Equipment- PI Web API 2019. Successful exploitation of this vulnerability could allow a remote authenticated attacker with write access to a PI Server to trick a user into interacting with a PI Web API endpoint that executes arbitrary JavaScript in the user’s browser, resulting in view, modification, or deletion of data as allowed for by the victim’s user permissions.

  • mysql-connector-java security update (11 Jun 2020)

    Multiple vulnerabilities have been discovered in the MySQL Connector/J JDBC driver. It is recommended to upgrade the mysql-connector-java packages.

  • roundcube security update (11 Jun 2020)

    It has been discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform a Cross-Side Scripting (XSS) attack leading to the execution of arbitrary code. It is recommended to upgrade the roundcube packages.

  • libphp-phpmailer security update (11 Jun 2020)

    It has been discovered that PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. It is recommended to upgrade the libphp-phpmailer packages.

  • Red Hat JBoss Enterprise Application Platform 7.3.1 security update (10 Jun 2020)

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Multiple vulnerabilities have been discovered in Red Hat JBoss Enterprise Application Platform 7.3.0. An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8 that includes bug fixes and enhancements.

  • expat security update (10 Jun 2020)

    Expat is a C library for parsing XML documents. An Integer overflow leading to buffer overflow in XML_GetBuffer() of expat has been discovered. An update for expat is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.

  • WordPress releases security and maintenance update (10 Jun 2020)

    WordPress 5.4.1 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. It is recommended to upgrade to WordPress 5.4.2.

  • pcs security and bug fix update (10 Jun 2020)

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Unsafe Object Creation vulnerability in JSON has been discovered. An update for pcs is now available for Red Hat Enterprise Linux 8.

  • Multiple vulnerabilities in Intel (09 Jun 2020)

    Potential security vulnerabilities in Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Dynamic Application Loader (DAL) may allow escalation of privilege, denial of service or information disclosure. Intel recommends that users of Intel CSME, Intel SPS, Intel TXE, Intel AMT, Intel ISM and Intel DAL update to the latest versions provided by the system manufacturer that address these issues.

  • VMware releases security update for Horizon Client for Windows (09 Jun 2020)

    A privilege escalation vulnerability affecting VMware Horizon Client for Windows has been discovered. A local user on the system where the software is installed may exploit this vulnerability to run commands as any user.

  • Adobe releases security updates (09 Jun 2020)

    Adobe has released security updates to address vulnerabilities in Flash Player, Experience Manager, and Framemaker. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Microsoft releases June 2020 security updates (09 Jun 2020)

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in Philips' Equipment (09 Jun 2020)

    Multiple vulnerabilities such as Improper Input Validation, and Use of Hard Coded Credentials have been discovered in Philips' Equipment- PageWriter TC10, TC20, TC30, TC50, and TC70 Cardiographs. Successful exploitation of these vulnerabilities could allow buffer overflows, or allow an attacker to access and modify settings on the device.

  • Multiple vulnerabilities in Siemens' Equipment (09 Jun 2020)

    Multiple vulnerabilities have been discovered in multiple Siemens' Equipments. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in OSIsoft's Equipment (09 Jun 2020)

    Multiple vulnerabilities such as Uncontrolled Search Path Element, Improper Verification of Cryptographic Signature, Incorrect Default Permissions, Uncaught Exception, Null Pointer Dereference, Improper Input Validation, Cross-site Scripting, and Insertion of Sensitive Information into Log File have been discovered in OSIsoft's Equipment- PI System. Successful exploitation of these vulnerabilities could allow an attacker to access unauthorized information, delete or modify local processes, and crash the affected device.

  • Vulnerability in Mitsubishi Electric's Equipment (09 Jun 2020)

    Resource Exhaustion vulnerability has been discovered in Mitsubishi Electric's Equipment- MELSEC iQ-R series. Successful exploitation of this vulnerability could cause the Ethernet port to enter a denial-of-service condition.

  • Vulnerability in Advantech's Equipment (09 Jun 2020)

    Stack-based Buffer Overflow vulnerability has been discovered in Advantech's Equipment- WebAccess Node. Successful exploitation of this vulnerability could crash the application being accessed; a buffer overflow condition may allow remote code execution.

  • Vulnerability Summary (08 Jun 2020)

    Summary of vulnerabilities for the week of June 01, 2020.

  • Vulnerability in Universal Plug and Play (08 Jun 2020)

    The Universal Plug and Play (UPnP) protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using SUBSCRIBE functionality, leading to amplified DDoS attacks and data exfiltration.

  • Information disclosure vulnerability in OTRS (08 Jun 2020)

    It has been discovered that the BCC recipients are visible in article detail on external interface. This information disclosure vulnerability affects OTRS 7.0.17 and prior versions, and OTRS 8.0.3 and prior versions. It is recommended to upgrade to OTRS 7.0.18 or OTRS 8.0.4.

  • cups security update (07 Jun 2020)

    It has been discovered that the `ippReadIO` function may under-read an extension field and there was a heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c. It is recommended to upgrade the cups packages.

  • graphicsmagick security update (07 Jun 2020)

    A vulnerability has been discovered in graphicsmagick, a collection of image processing tools, that results in a heap buffer overwrite when magnifying MNG images. It is recommended to upgrade the graphicsmagick packages.

  • nodejs security update (06 Jun 2020)

    Multiple vulnerabilities have been discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code. It is recommended to upgrade the nodejs packages.

  • dbus security update (05 Jun 2020)

    It has been discovered that there was a file descriptor leak in the D-Bus message bus. An unprivileged local attacker could use this to attack the system DBus daemon, leading to denial of service for all users of the machine. It is recommended to upgrade the dbus packages.

  • Vulnerability in Bitdefender Antivirus Free (05 Jun 2020)

    It has been discovered that a vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178. An automatic update to Bitdefender Antivirus Free version 1.0.17.178 or newer fixes this vulnerability.

  • Vulnerability in WSO2 (05 Jun 2020)

    It has been discovered that the Management Console is vulnerable to a XXE attack when adding and updating a Lifecycle. The XXE attacks can affect any trusted system respective to the machine where the parser is located. This attack may result in disclosing local files, denial of service, server-side request forgery, port scanning and other system impacts on affected systems.

  • Vulnerability in SQLite (05 Jun 2020)

    It has been discovered that resetAccumulator of SQLite is vulnerable to Use after free.

  • Vulnerability in WinGate (04 Jun 2020)

    WinGate is a sophisticated integrated Internet gateway and communications server. It has been discovered that WinGate has insecure permissions for the installation directory, which allows local users ability to gain privileges by replacing an executable file with a Trojan horse. The affected versions are WinGate v9.4.1.5998.

  • Vulnerability in GnuTLS (04 Jun 2020)

    It has been discovered that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2. The affected versions are below GnuTLS 3.6.14.

  • Vulnerability in WebSphere Application Server (04 Jun 2020)

    It has been discovered that WebSphere Application Server is vulnerable to a remote code execution vulnerability. The IBM WebSphere Application Server traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects.

  • Vulnerability in HPE Edgeline Integrated System Manager (03 Jun 2020)

    Potential security vulnerabilities have been discovered in HPE Edgeline Integrated System Manager. These vulnerabilities, known as the "TCP SACK Panic", could be remotely exploited to cause a remote denial of service. The affected versions are HPE Edgeline EL300 Converged Edge System - Running HPE Edgeline Integrated System Manager Prior to 2.06.

  • Vulnerability in IBM QRadar (03 Jun 2020)

    It has been discovered that IBM QRadar is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. The affected products and versions are all SDEE protocol versions before 7.3.0-QRADAR-PROTOCOL-SDEE-7.3-20200429181957 and all SDEE protocol versions before 7.4.0-QRADAR-PROTOCOL-SDEE-7.4-20200429181942.

  • Multiple vulnerabilities in FortiGuard products (03 Jun 2020)

    An improper neutralization of input and an unquoted service path vulnerability has been discovered in FortiAnalyzer and FortiSIEM Windows Agent respectively. The affected versions are FortiAnalyzer version 6.2.3 and below and FortiSIEMWindowsAgent version 3.1.2 and below. It is recommended to upgrade to FortiAnalyzer version 6.2.4 or above or 6.4.0 or above and FortiSIEMWindowsAgent version 3.2.0 or above.

  • Google releases security updates for Chrome (03 Jun 2020)

    Google has released Chrome version 83.0.4103.97 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Cisco releases security updates for multiple products (03 Jun 2020)

    Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Jenkins security advisory (03 Jun 2020)

    Jenkins announced vulnerabilities in multiple Jenkins deliverables.

  • Vulnerability in Huawei Smartphones (03 Jun 2020)

    It has been discovered that there is an improper handling of exceptional condition vulnerability in Huawei Smartphones. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones.

  • Django security update (03 Jun 2020)

    Multiple vulnerabilities such as data leakage and XSS have been discovered in Django. The affected versions are Django master branch, Django 3.1 (currently at alpha status), Django 3.0, and Django 2.2. It is recommended to upgrade to Django 3.0.7 or Django 2.2.13.

  • Multiple vulnerabilities in Joomla! CMS (02 Jun 2020)

    Multiple vulnerabilities such as XSS and CSRF have been discovered in Joomla! CMS. An attacker could exploit these vulnerabilities to take control of an affected system.

  • Vulnerability in url-regex (02 Jun 2020)

    url-regex is a package with regular expression for matching URLs. It has been discovered that the affected versions of url-regex package are vulnerable to Regular Expression Denial of Service (ReDoS). An attacker providing a very long string in String.test can cause a Denial of Service.

  • IP-in-IP encapsulation vulnerability (02 Jun 2020)

    It has been discovered that IP Encapsulation within IP (RFC2003 IP-in-IP) can be abused by an unauthenticated attacker to unexpectedly route arbitrary network traffic through a vulnerable device.

  • Mozilla releases security updates for Firefox, Firefox ESR and Thunderbird (02 Jun 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in GE's Equipment (02 Jun 2020)

    Missing Authentication for Critical Function vulnerability has been discovered in GE's Equipment- Grid Solutions Reason RT Clocks. Successful exploitation of this vulnerability could allow access to sensitive information, execution of arbitrary code, and cause the device to become unresponsive.

  • Vulnerability in SWARCO TRAFFIC SYSTEMS' Equipment (02 Jun 2020)

    An Improper Access Control vulnerability has been discovered in SWARCO TRAFFIC SYSTEMS' Equipment- CPU LS4000. Successful exploitation of this vulnerability could allow access to the device and disturb operations with connected devices.

  • Calico and Calico Enterprise security update (01 Jun 2020)

    It has been discovered that clusters using IPv4 may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with default privilege is able to reconfigure the node’s IPv6 interface and redirect traffic from the node to the compromised pod. It is recommended to upgrade to the latest Calico or Calico Enterprise releases.

  • Vulnerability in Apache Ant (01 Jun 2020)

    Ant is a java based build tool like make. It has been discovered that Apache Ant created temporary files with insecure permissions. An attacker could use this vulnerability to read sensitive information leaked into /tmp, or potentially inject malicious code into a project that is built with Apache Ant.

  • Android security bulletin (01 Jun 2020)

    The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-06-05 or later address all of these issues.

  • Vulnerability in Flask (01 Jun 2020)

    Flask is a micro web framework based on Werkzeug and Jinja2. It has been discovered that Flask incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.

  • ca-certificates update (01 Jun 2020)

    ca-certificates is common CA certificates. It has been discovered that ca-certificates package contained an expired CA certificate that caused connectivity issues. This update removes the "AddTrust External Root" CA.

  • Use of Hard-coded Cryptographic Key vulnerability in FortiClient (01 Jun 2020)

    It has been discovered that use of a hard-coded cryptographic key to encrypt security sensitive data in configuration in FortiClient for Windows may allow an attacker with access to the configuration or the backup file to decrypt the sensitive data via knowledge of the hard-coded key. The affected versions are FortiClient for Windows below 6.4.0. It is recommended to upgrade to FortiClient for Windows 6.4.0.

  • Vulnerability in QEMU (01 Jun 2020)

    An Out-Of-Bound (OOB) access vulnerability has been discovered in the Message Signalled Interrupt (MSI-X) device support of QEMU. This vulnerability could occur while performing MSI-X mmio operations when a guest sent address goes beyond the mmio region. A guest user/process may use this vulnerability to crash the QEMU process resulting in DoS scenario.

  • Kubernetes cluster vulnerable to man-in-the-middle attacks (01 Jun 2020)

    It has been discovered that a Kubernetes cluster using an affected networking implementation is vulnerable to man-in-the-middle (MitM) attacks. Kubernetes itself is not vulnerable.

  • Multiple vulnerabilities in IBM Planning Analytics Workspace (01 Jun 2020)

    Multiple vulnerabilities have been discovered in the Planning Analytics Workspace component of IBM Planning Analytics. An attacker could exploit one of these vulnerabilities to take control of an affected system.

  • Vulnerability Summary (01 Jun 2020)

    Summary of vulnerabilities for the week of May 25, 2020.

  • Apple releases security updates (01 Jun 2020)

    Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected system.

  • Vulnerability in Cisco NX-OS Software (01 Jun 2020)

    A vulnerability has been discovered in the network stack of Cisco NX-OS Software that could allow an unauthenticated, remote attacker to bypass certain security boundaries or cause a denial of service (DoS) condition on an affected device.

  • Multiple vulnerabilities in ABB's Equipment (29 May 2020)

    Multiple vulnerabilities have been discovered in multiple products of ABB. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • freerdp security update (28 May 2020)

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Multiple vulnerabilities such as Out-of-bounds write and Integer overflow have been discovered in freerdp. An update for freerdp is now available for Red Hat Enterprise Linux 7.

  • Vulnerability in Teradici PCoIP Standard Agent and PCoIP Graphics Agent for Windows (28 May 2020)

    A security vulnerability in the exchange of information through Windows Named Pipes has been discovered in PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows. This would allow the interception of sensitive information. Additionally, if the user account had windows impersonation enabled, then the attacker could elevate privilege to execute as Windows System. The affected versions are PCoIP Agent (Standard or Graphics) for Windows 19.11.1 and earlier, and PCoIP Agent (Standard or Graphics) for Windows 2.7.8 and earlier. It is recommended to update the PCoIP Agent for Windows to 19.11.2 (or later) or the 2.7.9 patch.

  • bbPress 2.6.5 released (28 May 2020)

    Multiple vulnerabilities have been discovered in bbPress 2.6. These vulnerabilities have been fixed in bbPress 2.6.5. It is recommended to update from bbPress 2.6 to bbPress 2.6.5.

  • CVE - KB Correlation (27 May 2020)

    List of CVE ID and corresponding Knowledge Base IDs as released by Microsoft during May 2020.

  • Multiple vulnerabilities in Unbound (27 May 2020)

    Unbound is a validating, recursive, and caching DNS resolver. It has been discovered that Unbound incorrectly handled certain queries and malformed answers. A remote attacker could use these vulnerabilities to perform an amplification attack directed at a target or cause Unbound to crash, resulting in a denial of service.

  • Multiple vulnerabilities in Bosch Recording Station (27 May 2020)

    Multiple vulnerabilities such as EternalBlue, BlueKeep, Improper Access Control, and lack of Full Disk Encryption have been discovered in Bosch Recording Station (BRS). Bosch strongly recommends to operate the BRS system in a closed network and prevent unauthorized direct access to the BRS server.

  • Apple releases security updates (26 May 2020)

    Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • High-severity vulnerability in Android devices (26 May 2020)

    A new elevation of privilege vulnerability has been discovered in Android that allows hackers to gain access to almost all apps. This vulnerability has been named StrandHogg 2.0 due to its similarities with the infamous StrandHogg vulnerability.

  • Stored XSS vulnerability in File Picker at CMSMS (26 May 2020)

    A Stored XSS vulnerability has been discovered in the File Picker area under Extensions in CMS Made Simple Admin Console. This vulnerability affects the CMS Made Simple latest version (2.2.14) and below.

  • Multiple vulnerabilities in Inductive Automation's Equipment (26 May 2020)

    Multiple vulnerabilities such as Missing Authentication for Critical Function and Deserialization of Untrusted Data have been discovered in Inductive Automation's Equipment- Ignition. Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information and perform remote code execution with SYSTEM privileges.

  • Vulnerability in Johnson Controls' Equipment (26 May 2020)

    A system permissions vulnerability has been discovered in all versions of Tyco Kantech EntraPass Security Management Software Editions. An attacker with authorized access to a low-privileged user account could exploit this vulnerability to gain full system level privileges.

  • sqlite3 security update (26 May 2020)

    An integer overflow vulnerability has been discovered in the sqlite3_str_vappendf function of the src/printf.c file of sqlite3 from version 3.8.3. It is recommended to upgrade the sqlite3 packages.

  • Red Hat Data Grid 7.3.6 security update (26 May 2020)

    Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. Multiple vulnerabilities have been discovered in Red Hat Data Grid 7.3.5. These vulnerabilities have been fixed in new release Red Hat Data Grid 7.3.6.

  • httpd24-httpd and httpd24-mod_md security and enhancement update (26 May 2020)

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The mod_rewrite configurations of httpd is vulnerable to open redirect vulnerability. An update for httpd24-httpd and httpd24-mod_md is now available for Red Hat Software Collections.

  • rh-haproxy18-haproxy security, bug fix, and enhancement update (26 May 2020)

    HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. A HTTP request smuggling vulnerability with transfer-encoding header containing an obfuscated "chunked" value has been discovered in haproxy and HTTP/2 implementation of haproxy is vulnerable to intermediary encapsulation attacks. An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections.

  • Vulnerability in SELinux (25 May 2020)

    A vulnerability has been discovered in the Linux kernels SELinux LSM hook implementation where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.

  • Vulnerability Summary (25 May 2020)

    Summary of vulnerabilities for the week of May 18, 2020.

  • Vulnerability in Cybozu Desktop for Windows (25 May 2020)

    Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.

  • Multiple vulnerabilities in FortiGuard products (25 May 2020)

    Multiple vulnerabilities such as Improper Access Control, Privilege Escalation, and Unauthorized code execution have been discovered in FortiClient and FortiGateCloud of FortiGuard. The affected products are FortiClient for Windows 6.2.1 and below and FortiGateCloud version 4.4.

  • netqmail security update (24 May 2020)

    Multiple vulnerabilities have been discovered in qmail which could result in the execution of arbitrary code, bypass of mail address verification and a local information leak whether a file exists or not. It is recommended to upgrade the netqmail packages.

  • ruby-rack security update (23 May 2020)

    Directory traversal vulnerability has been discovered in the Rack::Directory app that is bundled with Rack. If certain directories exist in a director that is managed by `Rack::Directory`, an attacker could, using this vulnerability, read the contents of files on the server that were outside of the root specified in the Rack::Directory initializer. It is recommended to upgrade the ruby-rack packages.

  • HTTP Request Smuggling vulnerability in meinheld (22 May 2020)

    Meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.

  • Multiple vulnerabilities in Schneider Electric's Equipment (21 May 2020)

    Multiple vulnerabilities such as SQL Injection, Path Traversal, and Argument Injection have been discovered in Schneider Electric's Equipment- EcoStruxure Operator Terminal Expert. Successful exploitation of these vulnerabilities could allow unauthorized write access or remote code execution.

  • Vulnerability in Johnson Controls' Equipment (21 May 2020)

    Cleartext Storage of Sensitive Information vulnerability has been discovered in Johnson Controls' Equipment- Software House C-CURE 9000 and American Dynamics victor Video Management System. Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application.

  • Slurm security update (21 May 2020)

    A race condition for systems with Message Aggregation enabled has been discovered in Slurm. This race condition vulnerability could allow a user to launch a process as an arbitrary user. This vulnerability has been fixed in Slurm versions 20.02.3 and 19.05.7.

  • Apple releases security update for Xcode (20 May 2020)

    Apple has released a security update to address a vulnerability in Xcode. A remote attacker could exploit this vulnerability to take control of an affected system.

  • Drupal releases security updates (20 May 2020)

    Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.7, and 8.8. A remote attacker could exploit these vulnerabilities to take control of an affected system.

  • Remote Code Execution in Apache Tomcat (20 May 2020)

    It has been discovered in Apache Tomcat that using a specifically crafted request an attacker will be able to trigger remote code execution via deserialization of the file under their control. The affected versions are Apache Tomcat 10.0.0-M1 to 10.0.0-M4, Apache Tomcat 9.0.0.M1 to 9.0.34, Apache Tomcat 8.5.0 to 8.5.54 and Apache Tomcat 7.0.0 to 7.0.103.

  • Cisco releases security updates (20 May 2020)

    Cisco has released security updates to address multiple vulnerabilities affecting various Cisco products. An attacker could exploit these vulnerabilities to take control of an affected system.

  • Vulnerability in Fortinet products (20 May 2020)

    It has been discovered that in some Fortinet products the TCP stacks that lack RFC 5961 3.2 & 4.2 support (or have it disabled at application level) may allow remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST or SYN packet. The affected products are FortiAnalyzer 6.2.3 and below and FortiManager 6.2.3 and below. It is recommended to upgrade FortiAnalyzer to 6.2.4 or above and FortiManager to 6.2.4 or above.

  • Security update for Trend Micro InterScan Web Security Virtual Appliance (19 May 2020)

    Trend Micro has released a new Critical Patch (CP) for Trend Micro InterScan Web Security Appliance (IWSVA) 6.5. This CP resolves multiple vulnerabilities related to cross-site scripting (XSS), directory traversal information disclosure, authenticated command injection and authentication bypass.

  • Multiple vulnerabilities in Rockwell Automation's Equipment (19 May 2020)

    Multiple vulnerabilities such as Improper Restriction of Operations within the Bounds of a Memory Buffer, and SQL Injection have been discovered in Rockwell Automation's Equipment- EDS Subsystem. Successful exploitation of these vulnerabilities could lead to a denial-of-service condition.

  • Vulnerability in RAONWIZ Inc K Upload (19 May 2020)

    Arguments modification via missing support for integrity check vulnerability has been discovered in RAONWIZ Inc K Upload. Automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it.

  • Multiple vulnerabilities in Emerson's Equipment (19 May 2020)

    Multiple vulnerabilities such as Missing Authentication for Critical Function, Improper Ownership Management, and Inadequate Encryption Strength have been discovered in Emerson's Equipment- OpenEnterprise SCADA Software. Successful exploitation of these vulnerabilities could allow an attacker access to OpenEnterprise configuration services or access passwords for OpenEnterprise user accounts.

  • Multiple vulnerabilities in Bind (19 May 2020)

    Bind is an Internet Domain Name Server. It has been discovered that Bind incorrectly limited certain fetches and incorrectly handled checking TSIG validity. A remote attacker could possibly use this issue to cause Bind to consume resources or cause Bind to crash, resulting in a denial of service.

  • Vulnerability in Exim (19 May 2020)

    Exim is a mail transport agent. It has been discovered that Exim incorrectly handled certain inputs. A remote attacker could possibly use this vulnerability to access sensitive information or authentication bypass.

  • Multiple vulnerabilities in HPE products (19 May 2020)

    Multiple vulnerabilities have been discovered in HPE Superdome Flex Server Remote Management Controller (RMC) and HPE NimbleStorage. A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system.

  • Vulnerability in jquery (19 May 2020)

    It has been discovered that jquery is vulnerable to Cross-site Scripting (XSS). The affected versions are jquery prior to 1.9.0. It is recommended to upgrade jquery to version 1.9.0 or higher.

  • Adobe releases security updates (19 May 2020)

    Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain sensitive information or perform remote code execution.

  • Google releases security updates for Chrome (19 May 2020)

    Google has released Chrome version 83.0.4103.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • VMware releases security update for Cloud Director (19 May 2020)

    A code injection vulnerability has been discovered in VMware Cloud Director. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution.

  • Microsoft releases security advisory for Windows DNS Servers (19 May 2020)

    Microsoft has discovered a vulnerability involving packet amplification that affects Windows DNS servers. An attacker who successfully exploits this vulnerability could cause the DNS Server service to become nonresponsive.

  • Vulnerability in Signal Messenger App (19 May 2020)

    It has been discovered that Signal Messenger App has a vulnerability which allows a remote non-contact to ring a user's Signal phone and disclose the Signal user's current DNS server. This can result in a remote attacker obtaining coarse information via leaking DNS server IP of a Signal user, which may disclose coarse location as well as changes in internet connections at any given moment.

  • WordPress Plugin "Paid Memberships Pro" vulnerable to SQL injection (19 May 2020)

    It has been discovered that WordPress Plugin "Paid Memberships Pro" contains SQL injection vulnerability. An attacker who can access the administrative page of Paid Membership Pro may obtain and/or alter the information stored in the database. It is recommended to upgrade the plugin to version 2.3.3.

  • Dell EMC Isilon OneFS security update (18 May 2020)

    Multiple vulnerabilities such as SNMPv2 and remotesupport have been discovered in Dell EMC Isilon OneFS. These vulnerabilities could be exploited by malicious users to compromise the affected system. The affected verions are Dell EMC Isilon OneFS 8.2.2 and earlier.

  • Vulnerability Summary (18 May 2020)

    Summary of vulnerabilities for the week of May 11, 2020.

  • Multiple vulnerabilities in Moodle (18 May 2020)

    Multiple vulnerabilities such as stored XSS and remote code execution have been discovered in MathJax and SCORM package of Moodle respectively. The affected versions are 3.8 to 3.8.2, 3.7 to 3.7.5, 3.6 to 3.6.9, 3.5 to 3.5.11 and earlier unsupported versions.

  • Red Hat build of Thorntail 2.5.1 security and bug fix update (18 May 2020)

    Multiple vulnerabilities have been discovered in Red Hat build of Thorntail. An update is now available for Red Hat build of Thorntail. This release of Red Hat build of Thorntail 2.5.1 includes security updates, bug fixes, and enhancements.

  • Multiple vulnerabilities in DPDK (18 May 2020)

    DPDK is a set of libraries for fast packet processing. It has been discovered that DPDK incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. These vulnerabilities affects Ubuntu 20.04 LTS, Ubuntu 19.10 and Ubuntu 18.04 LTS.

  • Multiple vulnerabilities in Dovecot (18 May 2020)

    Sending malformed NOOP command or sending command followed by sufficient number of newlines or sending mail with empty quoted localpart can cause crash in submission, submission-login or lmtp service, causing denial of service attack. The affected verions are Dovecot prior to 2.3.10.1.

  • Vulnerability in Ivanti Workspace Control (18 May 2020)

    It has been discovered that a locally authenticated user with low privileges in Ivanti Workspace Control v10.3 and v10.4 can acquire admin privileges by changing certain user registry entries. This allows an attacker to start applications with elevated privileges. This only applies to configurations where administrator rights have been added to an application by using Dynamic Privileges. This vulnerability has been resolved in Ivanti Workspace Control 10.4.40.0.

  • Multiple vulnerabilities in Bluetooth devices supporting LE and BR/EDR implementation (18 May 2020)

    Multiple vulnerabilities such as Pairing Method Confusion and Bluetooth Impersonation Attacks have been discovered in Bluetooth devices supporting LE and BR/EDR implementation. The affected versions are Core Spec, v2.1 to v5.2.

  • Vulnerability in OpenEDX (18 May 2020)

    Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info" feature.

  • log4net security update (15 May 2020)

    An XML external entity vulnerability has been discovered in log4net, a logging API for the ECMA Common Language Infrastructure (CLI), sometimes referred to as "Mono". It is recommended to upgrade the log4net packages.

  • Multiple vulnerabilities in Hitachi products (15 May 2020)

    Multiple vulnerabilities have been discovered in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center, Hitachi Compute Systems Manager, JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2.

  • Vulnerability in SQL affects IBM i (15 May 2020)

    IBM i users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. The issue can be fixed by applying a PTF to the IBM i Operating System. It is recommended that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.

  • openstack-manila security update (14 May 2020)

    OpenStack Shared Filesystem Service (Manila) provides services to manage network filesystems for use by Virtual Machine instances. User with share-network UUID is able to show create and delete shares. An update for openstack-manila is now available for Red Hat OpenStack Platform 16 (Train).

  • kpatch-patch security update (13 May 2020)

    kpatch is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. A null pointer dereference while receiving CIPSO packet with null category may cause kernel panic. An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.

  • .NET Core security update (13 May 2020)

    .NET Core is a managed-software framework. A denial of service vulnerability via untrusted input has been discovered in dotnet. An update for .NET Core is now available for Red Hat Enterprise Linux 8. The updated version is .NET Core Runtime 2.1.18 and SDK 2.1.514.

  • Vulnerability in IPRoute (13 May 2020)

    It has been discovered that IPRoute incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

  • Vulnerability in PAN-OS Panorama management service (13 May 2020)

    An improper restriction of XML external entity reference (XXE) vulnerability has been discovered in Palo Alto Networks Panorama management service which allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This vulnerability affects all versions of PAN-OS for Panorama 7.1 and 8.0, PAN-OS for Panorama 8.1 versions earlier than 8.1.13, and PAN-OS for Panorama 9.0 versions earlier than 9.0.7.

  • Access bypass vulnerability in reCAPTCHA v3 (13 May 2020)

    The reCaptcha v3 module enables to protect forms using the Google reCaptcha V3. If the reCaptcha v3 challenge succeeds, all the other form validations are bypassed. This makes it possible for attackers to submit invalid or incomplete forms. This vulnerability only affects forms that are protected by reCaptcha v3 and have server side validation steps. It is recommended to upgrade to the latest version of reCAPTCHA v3.

  • Vulnerability in Pivotal Concourse (13 May 2020)

    Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse.

  • McAfee Security Bulletin (12 May 2020)

    McAfee has released security bulletin for ePolicy Orchestrator to fix Java vulnerabilities such as Denial of Service and Improper Access Control.

  • Adobe releases security updates for multiple products (12 May 2020)

    Adobe has released security updates to address vulnerabilities affecting Adobe DNG Software Development Kit, Acrobat, and Reader. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Microsoft releases May 2020 security updates (12 May 2020)

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in 3S-Smart Software Solutions GmbH's Equipment (12 May 2020)

    Cross-site Scripting vulnerability has been discovered in 3S-Smart Software Solutions GmbH's Equipment- CODESYS V3 Library Manager. Successful exploitation of this vulnerability may allow malicious content from manipulated libraries to be displayed or executed.

  • Multiple vulnerabilities in Interpeak's Equipment (12 May 2020)

    Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Injection, and Null Pointer Dereference have been discovered in different Equipments- OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River. Successful exploitation of these vulnerabilities could allow remote code execution.

  • Multiple vulnerabilities in OSIsoft's Equipment (12 May 2020)

    Multiple vulnerabilities such as Uncontrolled Search Path Element, Improper Verification of Cryptographic Signature, Incorrect Default Permissions, Uncaught Exception, Null Pointer Dereference, Improper Input Validation, Cross-site Scripting, and Insertion of Sensitive Information into Log File have been discovered in OSIsoft's Equipment- PI System. Successful exploitation of these vulnerabilities could allow an attacker to access unauthorized information, delete or modify local processes, and crash the affected device.

  • Multiple vulnerabilities in Eaton's Equipment (12 May 2020)

    Multiple vulnerabilities such as Improper Input Validation and Incorrect Privilege Assignment have been discovered in Eaton's Equipment- Intelligent Power Manager. Successful exploitation of these vulnerabilities could allow an attacker to perform command injection or code execution and allow non-administrator users to manipulate the system configurations.

  • podman security update (12 May 2020)

    The podman tool manages pods, container images, and containers. Crafted input tar file may lead to local file overwrite during image build process and Use-after-free in GPGME bindings during container image pull. An update for podman is now available for Red Hat Enterprise Linux 7 Extras.

  • TCP/IP Stack vulnerabilities in Siemens Power Meters (12 May 2020)

    Siemens low & high voltage power meters are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. The vulnerability could allow an attacker to execute a variety of exploits for the purpose of Denial-of-Service (DoS), data extraction, RCE, etc. targeting both availability and confidentiality of the devices and data.

  • ClamAV 0.102.3 security patch released (12 May 2020)

    A vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 and PDF-parsing module in ClamAV 0.101 - 0.102.2 that could cause a denial-of-service condition has been fixed. Other issues such as "Attempt to allocate 0 bytes" error when parsing some PDF documents and some minor memory leaks have also been fixed. The libclamunrar has been updated to UnRAR 5.9.2. It is recommended to upgrade ClamAV to 0.102.3.

  • Vulnerability Summary (11 May 2020)

    Summary of vulnerabilities for the week of May 04, 2020.

  • wordpress security update (11 May 2020)

    Multiple vulnerabilities have been discovered in the src wordpress package. An attacker could exploit these vulnerabilities to take control of an affected system. It is recommended to upgrade the wordpress packages.

  • qemu-kvm-ma security update (11 May 2020)

    The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. A heap buffer overflow vulnerability has been discovered during packet reassembly in slirp of QEMU. An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

  • Symantec Endpoint Protection security update (11 May 2020)

    Multiple vulnerabilities such as Out of Bounds, Directory Traversal, and Elevation of Privilege have been discovered in the Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Manager (SEPM). It is recommended to upgrade SEP and SEPM to 14.3.

  • libntlm security update (10 May 2020)

    It has been discovered that libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. It is recommended to upgrade the libntlm packages.

  • Multiple vulnerabilities in VMWare vRealize Operations Manager (08 May 2020)

    Multiple vulnerabilities such as Authentication Bypass and Directory Traversal have been discovered in Salt, an open source project by SaltStack, which have been determined to affect VMware vRealize Operations Manager (vROps). The affected versions are 8.1.0, 8.0.x, and 7.5.0.

  • Vulnerability in mkhomedir tool (07 May 2020)

    A race condition has been discovered in the mkhomedir tool shipped with the oddjob package. This vulnerability allows an attacker to leverage this flaw by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.

  • Multiple vulnerabilities in Wordpress Elementor Pro (07 May 2020)

    Multiple vulnerabilities have been discovered in Wordpress Elementor Pro. These vulnerabilities allows any logged-in user to upload and execute PHP scripts on the blog and a vulnerability in Ultimate Addons for Elementor allows for subscriber registration. It is recommended to upgrade to Elementor Pro 2.9.4.

  • Multiple vulnerabilities in Advantech's Equipment (07 May 2020)

    Multiple vulnerabilities such as Improper Validation of Array Index, Relative Path Traversal, SQL Injection, Stack-based Buffer Overflow, Heap-based Buffer Overflow, and Out-of-bounds Read have been discovered in Advantech's Equipment- WebAccess Node. Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, and compromise system availability.

  • Vulnerability in WSO2 (07 May 2020)

    In WSO2, it has been discovered that the Management Console is vulnerable to a XXE attack when updating an EventPublisher. The XXE attacks can affect any trusted system respective to the machine where the parser is located. This attack may result in disclosing local files, denial of service, server-side request forgery, port scanning and other system impacts on affected systems.

  • Zulip Desktop 5.2.0 security release (06 May 2020)

    A vulnerability has been discovered in Zulip Desktop 0.5.10, a certification validation handler inadvertently disabled all certificate validation whether or not ignoreCerts was enabled, except during initial association with the server. All versions of Zulip Desktop from 0.5.10 through 5.1.0 are affected. It is recommended to upgrade to latest release.

  • Cisco releases security updates for multiple products (06 May 2020)

    Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • keystone security update (06 May 2020)

    A vulnerability has been discovered in the EC2 credentials API of Keystone, the OpenStack identity service: Any user authenticated within a limited scope (trust/oauth/application credential) could create an EC2 credential with an escalated permission, such as obtaining "admin" while the user is on a limited "viewer" role. It is recommended to upgrade the keystone packages.

  • Vulnerability in ManageEngine DataSecurity Plus Application and Xnode Server (05 May 2020)

    ManageEngine DataSecurity Plus application uses default admin credentials to communicate with Dataengine Xnode server. This allows an attacker to bypass authentication for Dataengine Xnode server and execute all operations in the context of admin user.

  • Google releases security updates for Chrome (05 May 2020)

    Google has released Chrome version 81.0.4044.138 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Multiple vulnerabilities in SAE IT-systems' Equipment (05 May 2020)

    Multiple vulnerabilities such as Cross-site Scripting, and Path Traversal have been discovered in SAE IT-systems' Equipment- FW-50 Remote Telemetry Unit (RTU). Successful exploitation of these vulnerabilities may allow an attacker to execute remote code, disclose sensitive information, or cause a denial-of-service condition.

  • Vulnerability in Fazecast's Equipment (05 May 2020)

    Uncontrolled Search Path Element vulnerability has been discovered in Fazecast's Equipment- jSerialComm. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on a targeted system.

  • sqlite security update (05 May 2020)

    SQLite is a C library that implements an SQL database engine.The fts3 of sqlite has an improve shadow table corruption detection. An update for sqlite is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

  • Citrix ShareFile security update (05 May 2020)

    Muliple vulnerabilities have been discovered in customer-managed Citrix ShareFile storage zone controllers. These vulnerabilities, if exploited, would allow an unauthenticated attacker to compromise the storage zones controller potentially giving an attacker the ability to access ShareFile users’ documents and folders.

  • roundcube security update (05 May 2020)

    It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform either a Cross-Site Request Forgery (CSRF) forcing an authenticated user to be logged out, or a Cross-Side Scripting (XSS) leading to execution of arbitrary code. It is recommended to upgrade the roundcube packages.

  • Mozilla releases security update for Thunderbird, Firefox and Firefox ESR (05 May 2020)

    Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in ServiceNow IT Service Management (05 May 2020)

    The ServiceNow product is affected by a Stored Cross-Site Scripting vulnerability on one of the parameters issued by the client when opening a new Incident Request. By exploiting this vulnerability, an attacker can create a malicious Incident Request which can then be sent out to users in the platform via a direct link to the Request.

  • Android Security Bulletin (04 May 2020)

    The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-05-05 or later address all of these issues.

  • Vulnerability Summary (04 May 2020)

    Summary of vulnerabilities for the week of Apr 27, 2020.

  • Zimbra security update (04 May 2020)

    A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring (including the quotes) followed immediately by a DOM event listener such as onmouseover. This is fixed in 9.0.0 Patch 2.

  • Launch import security update (04 May 2020)

    A vulnerability has been discovered in JUnit XML launch import starting from version 3.1.0. The XML parser was not configured properly to prevent XML external entity (XXE) attacks. This allows a user to import a specifically-crafted XML file that uses external entities for extraction of secrets from Report Portal service-api module or server-side request forgery. It is recommended to install the latest releases.

  • openldap security update (02 May 2020)

    A vulnerability was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. LDAP search filters with nested boolean expressions can result in denial of service (slapd daemon crash). It is recommended to upgrade the openldap packages.

  • Vulnerability in SimpliSafe (SS3) (01 May 2020)

    A vulnerability has been discovered in SimpliSafe SS3 which is an incomplete fix to TRA-2020-03. An attacker, with physical access, can add PINs without prior knowledge of the PIN. This allows the attacker to disarm the system.

  • SaltStack patches critical vulnerabilities in Salt (01 May 2020)

    Salt is an open-source remote task and configuration management framework widely used in data centers and cloud servers. SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2. A remote attacker could exploit these vulnerabilities to take control of an affected system.

  • miniupnpc security update (30 Apr 2020)

    It has been discovered that there was an integer signedness error in the miniupnpc UPnP client that could allow remote attackers to cause a denial of service attack. It is recommended to upgrade the miniupnpc packages.

  • vlc security update (30 Apr 2020)

    Multiple security vulnerabilities have been discovered in the microdns plugin of the VLC media player, which could result in denial of service or potentially the execution of arbitrary code via malicious mDNS packets. It is recommended to upgrade the vlc packages.

  • Vulnerability in Apache OFBiz (30 Apr 2020)

    Apache OFBiz is vulnerable to Host header injection by accepting arbitrary hosts. It is recommended to upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583.

  • Cisco releases security updates for IOS XE SD-WAN Software (29 Apr 2020)

    A vulnerability has been discovered in the CLI of Cisco IOS XE SD-WAN Software that could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

  • WordPress releases security update (29 Apr 2020)

    WordPress 5.4 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. It is recommended to upgrade to WordPress 5.4.1.

  • Invalid Pointer Access vulnerability in Huawei OceanStor product (29 Apr 2020)

    An invalid pointer access vulnerability has been discovered in Huawei OceanStor 5310 product. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot.

  • Adobe releases security updates for multiple products (28 Apr 2020)

    Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Resource Management Error vulnerability in a ZTE product (28 Apr 2020)

    ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it results in no response for a long time and there is a memory overflow risk.

  • libtiff security update (28 Apr 2020)

    The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. An integer overflow vulnerability has been discovered in _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c. An update for libtiff is now available for Red Hat Enterprise Linux 8.

  • libmspack security and bug fix update (28 Apr 2020)

    The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. A buffer overflow vulnerability has been discovered in function chmd_read_headers(). An update for libmspack is now available for Red Hat Enterprise Linux 8.

  • glib2 and ibus security and bug fix update (28 Apr 2020)

    GLib provides the core application building blocks for libraries and applications written in C and Intelligent Input Bus (IBus) is an input method framework for multilingual input in Unix-like operating systems. A missing authorization allows local attacker to access the input bus of another user. An update for glib2 and ibus is now available for Red Hat Enterprise Linux 8.

  • wavpack security update (28 Apr 2020)

    WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Multiple vulnerabilities have been discovered in wavpack that could lead to crashing or Denial of Service. An update for wavpack is now available for Red Hat Enterprise Linux 8.

  • irssi security update (28 Apr 2020)

    Irssi is a modular IRC client with Perl scripting. Use after free vulnerability has been discovered in irssi when sending SASL login to server. An update for irssi is now available for Red Hat Enterprise Linux 8.

  • liblouis security and bug fix update (28 Apr 2020)

    Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. Multiple vulnerabilities such as Stack-based buffer overflow and Segmentation fault have been discovered in liblouis. An update for liblouis is now available for Red Hat Enterprise Linux 8.

  • edk2 security, bug fix, and enhancement update (28 Apr 2020)

    EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. Numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib has been discovered in edk2. An update for edk2 is now available for Red Hat Enterprise Linux 8.

  • dnsmasq security, bug fix, and enhancement update (28 Apr 2020)

    The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. A memory leak in the create_helper() function in /src/helper.c has been discovered in dnsmasq. An update for dnsmasq is now available for Red Hat Enterprise Linux 8.

  • Multiple vulnerabilities in LCDS' Equipment (28 Apr 2020)

    Multiple vulnerabilities such as Exposure of Sensitive Information to an Unauthorized Actor, and Improper Input Validation have been discovered in LCDS' Equipment- LAquis SCADA. Successful exploitation of these vulnerabilities could allow unauthorized attackers to view sensitive information and create files in arbitrary locations.

  • VMware releases security updates for ESXi (28 Apr 2020)

    A Stored Cross-Site Scripting (XSS) vulnerability has been discovered in VMware ESXi. A malicious actor with access to modify the system properties of a virtual machine from inside the guest os may be able to inject malicious script which will be executed by a victim's browser when viewing this virtual machine via the ESXi Host Client.

  • Genius Bytes security update (28 Apr 2020)

    A critical vulnerability has been discovered in Genius Server v. 3.2.2. An authenticated function allows the attacker with administrative privileges to execute arbitrary commands. It is recommended to upgrade to Genius Server version 3.2.8.

  • Samba releases security updates (28 Apr 2020)

    Samba has released security updates to address multiple vulnerabilities such as Use-after-free and Denial of Service in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.

  • Vulnerability in re2c (28 Apr 2020)

    re2c is a tool for generating fast C-based recognizers. It has been discovered that re2c could be made to execute arbitrary code if it received a specially crafted file. This vulnerability affects Ubuntu 20.04 LTS releases of Ubuntu and its derivatives.

  • ruby-json security update (28 Apr 2020)

    An unsafe object creation vulnerability has been discovered in ruby-json before 2.3.0. When parsing certain JSON documents, the json gem (including the one bundled with Ruby) can be coerced into creating arbitrary objects in the target system. It is recommended to upgrade the ruby-json packages.

  • Multiple vulnerabilities in Tiny File Manager 2.4.1 (28 Apr 2020)

    Multiple vulnerabilities such as Path Traversal Recursive Directory Listing and Absolute File Backup Copy have been discovered in Tiny File Manager 2.4.1. Both vulnerabilities are exploitable only while authenticated as a non-readonly user, or while authentication is disabled.

  • Vulnerability in Onkyo TX-NR585 (28 Apr 2020)

    A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow.

  • SQL Injection vulnerability in Sophos XG Firewall devices (27 Apr 2020)

    A SQL injection vulnerability was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone.

  • IntelMQ Manager 2.1.1 security bugfix release (27 Apr 2020)

    It has been discovered that the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue to execute arbitrary code with the privileges of the webserver.

  • Juniper releases security updates for Junos OS (27 Apr 2020)

    A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. An attacker can exploit this vulnerability to inject commands into the httpd.log, read files with 'world' readable file permission or obtain J-Web session tokens. Software releases have been updated to resolve this specific issue.

  • Google releases security updates for Chrome (27 Apr 2020)

    Google has released Chrome version 81.0.4044.129 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Vulnerability in FortiMail and FortiVoiceEntreprise (27 Apr 2020)

    An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.

  • CVE - KB Correlation (27 Apr 2020)

    List of CVE ID and corresponding Knowledge Base IDs as released by Microsoft during April 2020.

  • Vulnerability Summary (27 Apr 2020)

    Summary of vulnerabilities for the week of Apr 20, 2020.

  • Vulnerability in Apache Traffic Server (27 Apr 2020)

    It has been discovered that Apache Traffic Server (ATS) is vulnerable to a HTTP/2 slow read attack. The affected versions are ATS 6.0.0 to 6.2.3, ATS 7.0.0 to 7.1.9 and ATS 8.0.0 to 8.0.6.

  • mailman security update (26 Apr 2020)

    It has been discovered that it is possible to create a cross site scripting attack on the webarchives of the Mailman mailing list manager, by sending a special type of attachment. It is recommended to upgrade the mailman packages.

  • php5 security update (26 Apr 2020)

    Multiple vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. It is recommended to upgrade the php5 packages.

  • rzip security update (26 Apr 2020)

    A heap buffer overflow write vulnerability has been discovered in the rzip program (a compression program for large files) when uncompressing maliciously crafted files. It is recommended to upgrade the rzip packages.

  • libgsf security update (25 Apr 2020)

    It has been discovered that there is a null pointer dereference exploit in libgsf, an I/O abstraction library for GNOME. An error within the "tar_directory_for_file()" function could be exploited to trigger a null pointer dereference and subsequently cause a crash via a crafted TAR file.

  • jsch security update (25 Apr 2020)

    It has been discovered that there was a path traversal vulnerability in jsch, a pure Java implementation of the SSH2 protocol. It is recommended to upgrade the jsch packages.

  • ncmpc security update (25 Apr 2020)

    It has been discovered that a NULL pointer dereference could happen in ncmpc, an ncurses-based audio player. This could result in a crash and a denial of service. It is recommended to upgrade the ncmpc packages.

  • eog security update (25 Apr 2020)

    It has been discovered that eog (Eye of GNOME) incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this vulnerability to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code. It is recommended to upgrade the eog packages.

  • Radicale security update (25 Apr 2020)

    Radicale, a simple calendar and addressbook server - daemon, is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. It is recommended to upgrade the radicale packages.

  • python-reportlab security update (25 Apr 2020)

    It was discovered that python-reportlab, a Python library to create PDF documents, is prone to a code injection vulnerability while parsing a color attribute. An attacker can take advantage of this vulnerability to execute arbitrary code if a specially crafted document is processed. It is recommended to upgrade the python-reportlab packages.

  • Multiple vulnerabilities in Hitachi products (24 Apr 2020)

    Multiple vulnerabilities have been discovered in Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer.

  • Vulnerability in QEMU (24 Apr 2020)

    An integer overflow vulnerability has been discovered in QEMU in the way it implemented the ATI VGA emulation. A malicious guest could exploit this vulnerability to crash the QEMU process, resulting in a denial of service.

  • Vulnerability in BIG-IQ Grafana (24 Apr 2020)

    A remote access vulnerability has been discovered that may allow a remote user to run shell commands on affected systems using HTTP requests to the BIG-IQ user interface. A remote attacker may be able to leverage the Grafana component to run local shell commands on the system.

  • Multiple vulnerabilities in HPE UIoT (24 Apr 2020)

    Multiple vulnerabilities have been discovered in HPE UIoT version 1.4.2 and earlier that could allow unauthorized remote access and access to sensitive data. The versions affected are HPE IOT + GCP 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.

  • Multiple vulnerabilities in Sierra Wireless' Equipment (23 Apr 2020)

    Multiple vulnerabilities such as OS Command Injection, Use of Hard-coded Credentials, Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Cross-site Request Forgery, Information Exposure, and Missing Encryption of Sensitive Data have been discovered in Sierra Wireless' Equipment- AirLink ALEOS. Successful exploitation of these vulnerabilities could allow attackers to remotely execute code, discover user credentials, upload files, or discover file paths.

  • Multiple issues in ESI Response processing in Squid (23 Apr 2020)

    Due to incorrect buffer handling Squid is vulnerable to multiple vulnerabilities such as cache poisoning, remote execution, and denial of service attacks when processing ESI responses. The affected versions are Squid 3.x - 3.5.28, Squid 4.x - 4.10 and Squid 5.x - 5.0.1. The vulnerabilities have been fixed in Squid 4.11 and Squid 5.0.2.

  • Multiple issues in HTTP Digest authentication in Squid (23 Apr 2020)

    Due to an integer overflow bug Squid is vulnerable to credential replay and remote code execution attacks against HTTP Digest Authentication tokens. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden.

  • python-twisted-web security update (23 Apr 2020)

    Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. A HTTP request smuggling vulnerability has been discovered in python-twisted when presented with a Content-Length and a chunked Transfer-Encoding header. An update for python-twisted-web is now available for Red Hat Enterprise Linux 7.

  • Multiple vulnerabilities in dependent libraries affect IBM Db2 (23 Apr 2020)

    Multiple vulnerabilities in dependent libraries affect IBM Db2 leading to denial of service or privilege escalation. These vulnerabilities affects the Db2 versions V11.1 and V11.5.

  • Vulnerability in NGINX Controller (23 Apr 2020)

    The communication between NGINX Controller and NGINX Plus instances skip TLS verification by default. This vulnerability enables a man-in-the-middle (MITM) attack that can intercept the communication channel and read/modify data in transit.

  • kernel security update (22 Apr 2020)

    The kernel packages contain the Linux kernel, the core of any Linux operating system. The rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow vulnerability and the offset2lib allows for the stack guard page to be jumped over. An update for kernel is now available for Red Hat Enterprise Linux 6.

  • Apple iOS Zero-day vulnerabilities (22 Apr 2020)

    An Out-of-Bound Write and Heap Overflow vulnerabilities have been discovered in Apple iOS 13.4.1 and previous versions. These vulnerabilities allows remote code execution capabilities and enables an attacker to remotely infect a device by sending emails that consume significant amount of memory.

  • Multiple vulnerabilities in OpenJDK (22 Apr 2020)

    Multiple vulnerabilities have been discovered in OpenJDK. An attacker could exploit these vulnerabilities to take control of an affected system.

  • Vulnerability in GNU binutils (22 Apr 2020)

    Binutils is GNU assembler, linker and binary utilities. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code.

  • Google releases security updates for Chrome (21 Apr 2020)

    Google has released Chrome version 81.0.4044.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • OpenSSL releases security update (21 Apr 2020)

    Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. OpenSSL version 1.1.1g has been released to address the vulnerability affecting versions 1.1.1d, 1.1.1e, and 1.1.1f. An attacker could exploit this vulnerability in a Denial of Service attack.

  • Vulnerability in Inductive Automation's Equipment (21 Apr 2020)

    An Improper Access Control vulnerability has been discovered in Inductive Automation's Equipment- Ignition 8 Gateway. Successful exploitation of this vulnerability could allow an attacker to write endless log statements into the database, which could result in a denial-of-service condition.

  • http-parser security update (21 Apr 2020)

    The http-parser package provides a utility for parsing HTTP messages. HTTP request smuggling using malformed Transfer-Encoding header has been discovered. An update for http-parser is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

  • Multiple vulnerabilities in Python (21 Apr 2020)

    It has been discovered that Python incorrectly stripped certain characters from requests and incorrectly handled certain HTTP requests. A remote attacker could use these vulnerabilities to perform CRLF injection and cause a denial of service respectively.

  • Vulnerability in ipfw (21 Apr 2020)

    The ipfw system facility allows filtering, redirecting, and other operations on IP packets travelling through network interfaces. Incomplete packet data validation may result in accessing out-of-bounds memory or may access memory after it has been freed. Access to out of bounds or freed mbuf data can lead to a kernel panic or other unpredictable results. It is recommended to upgrade the vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot.

  • Vulnerability in SysAid (21 Apr 2020)

    It has been discovered that SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack.

  • Vulnerability in HCL AppScan Enterprise Edition (21 Apr 2020)

    HCL AppScan Enterprise Edition contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

  • Joomla! security update (21 Apr 2020)

    An issue has been discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups. It is recommended to upgrade to version 3.9.17.

  • Vulnerability Summary (20 Apr 2020)

    Summary of vulnerabilities for the week of Apr 13, 2020.

  • Multiple vulnerabilities in Cisco products (20 Apr 2020)

    Multiple vulnerabilities have been discovered in multiple products of Cisco. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • git security update (20 Apr 2020)

    A vulnerability has been discovered in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. It is recommended to upgrade the git packages.

  • OpenShift Container Platform 4.3.13 runc security update (20 Apr 2020)

    The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Volume mount race condition with shared mounts led to information leak and integrity manipulation. An update for runc is now available for Red Hat OpenShift Container Platform 4.3.

  • Vulnerability in re2c (19 Apr 2020)

    re2c is a tool for generating C-based recognizers from regular expressions. There is an heap overflow reproducible with a crafted file. The re2c-1.3 version has been affected by this vulnerability.

  • shiro security update (19 Apr 2020)

    It has been discovered that there was a path-traversal vulnerability in Apache Shiro, a security framework for the Java programming language. A specially-crafted request could cause an authentication bypass. It is recommended to upgrade the shiro packages.

  • Squid Proxy Cache security update (18 Apr 2020)

    Due to incorrect URL handling Squid is vulnerable to access control bypass, cache poisoning and cross-site scripting attacks when processing HTTP Request messages. These vulnerabilities have been fixed in Squid 4.8 version.

  • file-roller security update (18 Apr 2020)

    fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. It is recommended to upgrade the file-roller packages.

  • Information Disclosure vulnerability in FortiSwitch (17 Apr 2020)

    The Bluetooth BR/EDR specification up to and including version 5.1 in FortiSwitch permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

  • Apple releases security update for Xcode (16 Apr 2020)

    Apple has released a security update to address vulnerabilities in Xcode. A crafted git URL that contains a newline in it may cause credential information to be provided for the wrong host. A remote attacker could exploit this vulnerability to take control of an affected system. This update is available for macOS Catalina 10.15.2 and later.

  • webkit2gtk security update (16 Apr 2020)

    A vulnerability has been discovered in the webkit2gtk web engine, a maliciously crafted web content may lead to arbitrary code execution or a denial of service. It is recommended to upgrade the webkit2gtk packages.

  • TigerVNC security update (16 Apr 2020)

    TigerVNC is a suite of Virtual Network Computing servers and clients. Multiple vulnerabilities such as Stack use-after-return, Heap buffer overflow and Stack buffer overflow have been discovered in TigerVNC. An update for tigervnc is now available for Red Hat Enterprise Linux 8.

  • ipmitool security update (16 Apr 2020)

    The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. A Buffer overflow vulnerability in read_fru_area_section function in lib/ipmi_fru.c has been discovered. An update for ipmitool is now available for Red Hat Enterprise Linux 7.5 Extended Update Support.

  • Vulnerability in Apache Heron (16 Apr 2020)

    In versions 0.20.0-incubating and Apache Heron does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in remote code execution vulnerabilities. The versions affected are 0.20.2-incubating, 0.20.1-incubating and v-0.20.0-incubating.

  • kernel-alt security and bug fix update (16 Apr 2020)

    The kernel-alt packages provide the Linux kernel version 4.x. Multiple vulnerabilities such as Heap-based overflow, Heap overflow and Null pointer dereference have been discovered in kernel. An update for kernel-alt is now available for Red Hat Enterprise Linux 7.

  • Vulnerability in Veeam ONE (15 Apr 2020)

    Vulnerabilities in Veeam ONE Agent components residing on Veeam ONE and Veeam Backup & Replication servers allow executing malicious code remotely without authentication. This may lead to gaining control over the target system.

  • Multiple vulnerabilities in Huawei Smartphones (15 Apr 2020)

    Multiple vulnerabilities such as Improper Authentication, Information Disclosure, and Denial of Service have been discovered in some Huawei smartphones. Successful exploitation of these vulnerabilities may cause information disclosure, and abnormal service in specific scenario.

  • Multiple vulnerabilities in IBM HTTP Server (15 Apr 2020)

    Multiple vulnerabilities have been discovered in the IBM HTTP Server used by WebSphere Application Server. Apache HTTP Server could allow a remote attacker to conduct phishing attacks, and execute arbitrary code on the system. An attacker could exploit these vulnerabilities to redirect a victim to arbitrary websites and execute arbitrary code or cause a denial of service condition on the system respectively.

  • Multiple vulnerabilities in the Autodesk FBX Software Development Kit (15 Apr 2020)

    Applications and Services that utilize the FBX-SDK Ver. 2020.0 or earlier can be impacted by buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference, and heap overflow vulnerabilities.

  • Google releases security updates (15 Apr 2020)

    Google has released Chrome version 81.0.4044.113 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

  • Multiple vulnerabilities in Cisco products (15 Apr 2020)

    Multiple vulnerabilities have been discovered in multiple products of Cisco. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Multiple security updates in Citrix Hypervisor (14 Apr 2020)

    Multiple vulnerabilities have been identified within Citrix Hypervisor, which could, if exploited, allow privileged code in a PV guest VM to read a single uninitialized 4kB page of memory (that may contain data left by a previous VM) and also allow privileged code in a guest VM to cause the host to crash. These vulnerabilities affect all currently supported versions of Citrix Hypervisor up to and including Citrix Hypervisor 8.1. Updates have been released to address these issues.

  • Red Hat CodeReady Workspaces 2.1.0 release (14 Apr 2020)

    Red Hat CodeReady Workspaces 2.1.0 provides a cloud developer-workspace server and a browser-based IDE built for teams and organizations. JWT proxy bypass allows access to workspace pods of other users. Red Hat CodeReady Workspaces 2.1.0 has been released.

  • elfutils security update (14 Apr 2020)

    The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. Double-free due to double decompression of sections in crafted ELF causes crash. An update for elfutils is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

  • NTP security update (14 Apr 2020)

    The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. Stack-based buffer overflow vulnerability in ntpq and ntpdc allows denial of service or code execution. An update for NTP is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

  • Multiple vulnerabilities in ClearPass Policy Manager (14 Apr 2020)

    Multiple vulnerabilities such as Authentication Bypass, Authenticated Remote Code Execution, Authenticated Stored Cross Site Scripting and Information Disclosure have been discovered in ClearPass Policy Manager. Successful exploitation of these vulnerabilities could lead to database changes, remote code execution, privilege escalation attack and compromise of some of ClearPass' service accounts respectively.

  • Oracle releases April 2020 security bulletin (14 Apr 2020)

    Oracle has released its Critical Patch Update for April 2020 to address vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • McAfee security bulletin (14 Apr 2020)

    McAfee has released security bulletin for the endpoint security of Windows.

  • Vulnerability in SilverStripe (14 Apr 2020)

    It has been discovered that files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This is a security issue because the default "/Uploads" folder is publicly accessible by default, which means unauthorised parties may access the uploaded files via HTTP by guessing the file name.

  • Multiple vulnerabilities in CA API Developer Portal (14 Apr 2020)

    Multiple vulnerabilities have been discovered in CA API Developer Portal of CA Technologies. These vulnerabilities can allow attackers to bypass access controls, view or modify sensitive information, perform open redirect attacks, or elevate privileges.

  • git security update (14 Apr 2020)

    A vulnerability has been discovered in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline, the credential helper machinery can be fooled to return credential information for a wrong host. It is recommended to upgrade the git packages.

  • graphicsmagick security update (14 Apr 2020)

    A vulnerability has been discovered in graphicsmagick, a collection of image processing tools, that results in a heap overflow in 32-bit applications because of a signed overflow on range check in the HuffmanDecodeImage function. It is recommended to upgrade the graphicsmagick packages.

  • Vulnerability in One Plus 7 Pro Android Phone (14 Apr 2020)

    An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user (root) in the Rich Execution Environment (REE) to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The issue is that the Trusted Application (TA) supports an extended number of commands beyond what is needed to implement a fingerprint authentication system compatible with Android.

  • Adobe releases security updates for multiple products (14 Apr 2020)

    Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Microsoft releases April 2020 security updates (14 Apr 2020)

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Intel releases security updates (14 Apr 2020)

    Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • VMware releases security updates for vRealize Log Insight (14 Apr 2020)

    Cross Site Scripting (XSS) and Open Redirect vulnerabilities in vRealize Log Insight were discovered. Successful exploitation of this issue may result in a compromise of the victim's workstation.

  • Multiple vulnerabilities in Eaton's Equipment (14 Apr 2020)

    Multiple vulnerabilities such as Stack-based Buffer Overflow and Out-of-bounds Read were discovered in Eaton's Equipment- HMiSoft VU3 (HMIVU3 runtime not impacted). Successful exploitation of these vulnerabilities could crash the device being accessed and may allow remote code execution or information disclosure.

  • Vulnerability in Triangle MicroWorks' DNP3 Outstation Libraries Equipment (14 Apr 2020)

    Stacked-based Buffer Overflow vulnerability has been discovered in Triangle MicroWorks' Equipment- DNP3 Outstation Libraries. Successful exploitation of this vulnerability could possibly allow remote attackers to stop the execution of code on affected equipment.

  • Multiple vulnerabilities in Triangle MicroWorks' SCADA Data Gateway Equipment (14 Apr 2020)

    Multiple vulnerabilities such as Stacked-based Buffer Overflow, Out-of-Bounds Read, and Type Confusion have been discovered in Triangle MicroWorks' Equipment- SCADA Data Gateway. These vulnerabilities allow remote attackers to execute arbitrary code and disclose on affected installations of Triangle Microworks SCADA Data Gateway with DNP3 Outstation channels.

  • Multiple vulnerabilities in Siemens' Equipment (14 Apr 2020)

    Multiple vulnerabilities have been discovered in multiple products of Siemens. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in Wowza Streaming Engine (14 Apr 2020)

    A remote authenticated authorization bypass vulnerability has been discovered in Wowza Streaming Engine 4.7.8 (build 20191105123929) that allows any read-only user to issue requests to the administration panel in order to change functionality of the application.

  • Vulnerability in IBM QRadar SIEM (14 Apr 2020)

    IBM QRadar SIEM is vulnerable to improper input validation, allowing an authenticated attacker to perform unauthorized actions.

  • Vulnerability Summary (13 Apr 2020)

    Summary of vulnerabilities for the week of Apr 06, 2020.

  • Alert on Magento 1 End-Of-Life (13 Apr 2020)

    From 30 June 2020, Magento will no longer provide software and security updates for Magento 1 e-commerce platform. Affected software include all versions of Magento Commerce 1 and Magento Open Source 1. Websites running on Magento 1 e-commerce platform will continue to function even after the support ends.

  • Open Liberty 20.0.0.4 Runtime security update (13 Apr 2020)

    Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. WebSphere Application Server Liberty is vulnerable to Cross-site Scripting. Open Liberty 20.0.0.4 Runtime is now available and serves as a replacement for Open Liberty 20.0.0.3.

  • Multiple vulnerabilities in Grandstream GXP1625 (13 Apr 2020)

    Multiple vulnerabilities have been discovered in Grandstream GXP1625 that allow an authenticated remote attacker to gain root access.

  • Mozilla releases security updates for Thunderbird (09 Apr 2020)

    Mozilla has released security updates to address vulnerabilities in Thunderbird 68.7.0. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in libssh (09 Apr 2020)

    It has been discovered that libssh incorrectly handled AES-CTR ciphers. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service.

  • VMware releases security update (09 Apr 2020)

    A sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) was discovered. A malicious actor with network access to an affected vmdir deployment may be able to extract highly sensitive information which could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication.

  • Vulnerability in VMware Tanzu Application Service (09 Apr 2020)

    VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.

  • Vulnerability in Rockwell Automation's Equipment (09 Apr 2020)

    Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in Rockwell Automation's Equipment- RSLinx Classic. Successful exploitation of this vulnerability could allow a local authenticated attacker to execute malicious code when opening RSLinx Classic.

  • Vulnerability in IBM WebSphere Application Server (09 Apr 2020)

    IBM WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector.

  • Privilege escalation vulnerability in Juniper Networks (08 Apr 2020)

    A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, ACX Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. This issue affects Junos OS 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4.

  • Information disclosure vulnerabilities in Juniper Networks (08 Apr 2020)

    Multiple information disclosure vulnerabilities in Juniper Networks Junos OS Evolved allow a local, authenticated user with shell access the ability to view sensitive configuration information, such as the hashed values of login passwords and shared secrets. This issue affects Junos OS Evolved.

  • Vulnerability in IBM WebSphere Application Server- Liberty (08 Apr 2020)

    IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • Vulnerability in Junos OS and Junos OS Evolved (08 Apr 2020)

    Receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. This issue affects Junos OS Evolved and Junos OS 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4, 19.1, 19.2.

  • Vulnerability in PAN-OS (08 Apr 2020)

    A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges.

  • Vulnerability in Palo Alto Networks Traps (08 Apr 2020)

    An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows.

  • Vulnerability in JATP Series (08 Apr 2020)

    Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation allows an attacker to perform brute-force password attacks on the SSH service.

  • Vulnerability in Huawei Products (08 Apr 2020)

    There is an insufficient integrity validation vulnerability in several Huawei products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploitation could allow the attacker to load a crafted file to the device through USB.

  • Vulnerability in Drupal Spamicide Module (08 Apr 2020)

    The Spamicide module protects Drupal forms with a form field that is hidden from normal users, but visible to spam bots. The module doesn't require appropriate permissions for administrative pages leading to an Access Bypass.

  • OpenShift Container Platform 4.3.10 openshift-enterprise-hyperkube-container security update (08 Apr 2020)

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Crafted requests to kubelet API allowed for memory exhaustion. An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 4.3.

  • Vulnerability in libiberty (08 Apr 2020)

    It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code.

  • Mozilla releases security updates for Firefox, Firefox ESR (07 Apr 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Google releases security updates (07 Apr 2020)

    Google has released Chrome version 81.0.4044.92 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Vulnerability in HMS Networks' Equipment (07 Apr 2020)

    A Cross-site Scripting vulnerability has been discovered in HMS Networks' Equipment- eWON Flexy and Cosy. Successful exploitation of this vulnerability could initiate a password change.

  • Vulnerability in Fuji Electric's Equipment (07 Apr 2020)

    A Heap-based Buffer Overflow vulnerability has been discovered in Fuji Electric's Equipment- V-Server Lite. Successful exploitation of this vulnerability could allow a remote attacker to gain elevated privileges for remote code execution.

  • Vulnerability in KUKA's Equipment (07 Apr 2020)

    An Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability has been discovered in KUKA's Equipment- Sim Pro. Successful exploitation of this vulnerability could result in a loss of integrity in external 3D models fetched from remote servers. When tested on real machines, this effect is unpredictable.

  • Multiple vulnerabilities in Synergy Systems & Solutions' Equipment (07 Apr 2020)

    Multiple vulnerabilities such as Improper Authentication, Improper Input Validation, Missing Authentication for Critical Function, Improper Check for Unusual or Exceptional Conditions, Exposure of Sensitive Information to an Unauthorized Actor, and Incorrect Default Permissions have been discovered in Synergy Systems & Solutions' Equipment- HUSKY RTU. Successful exploitation of these vulnerabilities could allow an attacker to read sensitive information, execute arbitrary code, or cause a denial-of-service condition.

  • Vulnerability in GE Digital's Equipment (07 Apr 2020)

    An Improper Privilege Management vulnerability has been discovered in GE Digital's Equipment- CIMPLICITY. Successful exploitation of this vulnerability could allow an adversary to modify the systemwide CIMPLICITY configuration, leading to the arbitrary execution of code.

  • Multiple vulnerabilities in Advantech's Equipment (07 Apr 2020)

    Multiple vulnerabilities such as Unrestricted Upload of File with Dangerous Type, SQL Injection, Relative Path Traversal, Missing Authentication for Critical Function, Improper Restriction of XML External Entity Reference, and OS Command Injection have been discovered in Advantech's Equipment- WebAccess/NMS. Successful exploitation of these vulnerabilities may allow an attacker to gain remote code execution, upload files, delete files, cause a denial-of-service condition, and create an admin account for the application.

  • krb5-appl security update (07 Apr 2020)

    The krb5-appl packages contain Kerberos-aware versions of telnet, ftp, rsh, and rlogin clients and servers. No bounds checks in nextitem() function allows to remotely execute arbitrary code. An update for krb5-appl is now available for Red Hat Enterprise Linux 6.

  • nss-softokn security update (07 Apr 2020)

    The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. An Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate and Key Extraction Side Channel in multiple crypto libraries vulnerabilities have been discovered in nss and ROHNP respectively. An update for nss-softokn is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

  • telnet security update (07 Apr 2020)

    Telnet is a popular protocol for logging in to remote systems over the Internet. No bounds checks in nextitem() function allows to remotely execute arbitrary code. An update for telnet is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.

  • Hard-Coded Administrator Password discovered in OpsRamp Gateway (07 Apr 2020)

    A Hard-Coded Administrator Password vulnerability was discovered in OpsRamp Gateway. The OpsRamp Gateway has an administrative account named vadmin that allows root SSH access to the server.

  • Vulnerability in Periscope BuySpeed (06 Apr 2020)

    Periscope BuySpeed is a tool to automate the full procure-to-pay process efficiently and intelligently. Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which may allow a local, authenticated attacker to execute arbitrary JavaScript.

  • Vulnerability Summary (06 Apr 2020)

    Summary of vulnerabilities for the week of Mar 30, 2020.

  • Android security bulletin (06 Apr 2020)

    The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-04-05 or later address all of these issues.

  • Vulnerability in FortiADC (06 Apr 2020)

    An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system. The FortiADC version 5.3.4 and below are affected by this vulnerability. It is recommended to upgrade to FortiADC version 5.3.5 or above.

  • OpenStack-Manila security update (06 Apr 2020)

    OpenStack Shared Filesystem Service (Manila) provides services to manage network filesystems for use by Virtual Machine instances. An user with share-network UUID is able to show, create and delete shares. An update for openstack-manila is now available for Red Hat OpenStack Platform 15 (Stein).

  • python-XStatic-jQuery security update (06 Apr 2020)

    python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools. A prototype pollution in object's prototype leads to denial of service or remote code execution or property injection vulnerability. An update for python-XStatic-jQuery is now available for Red Hat OpenStack Platform 15 (Stein).

  • Symantec security update (06 Apr 2020)

    Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

  • libmtp security update (05 Apr 2020)

    libmtp is a library for communicating with MTP aware devices. An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file and in the ptp-pack.c (ptp_unpack_OPL function) allows attackers to cause a denial of service (out-of-bounds memory access) or remote code execution by inserting a mobile device into a personal computer through a USB cable. It is recommended to upgrade the libmtp packages.

  • gnutls28 security update (04 Apr 2020)

    A vulnerability was discovered in the DTLS protocol implementation in GnuTLS, a library implementing the TLS and SSL protocols. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol. It is recommended to upgrade the gnutls28 packages.

  • Vulnerability in DotNetNuke (04 Apr 2020)

    Information disclosure vulnerability has been discovered in DotNetNuke CMS (DNN) v.9.5 within the built in Message Center Module. A registered user is able to enumerate any file in the Admin File Manager that is not contained in a secure folder by sending themselves a message with the file attached.

  • Mozilla patches critical vulnerabilities in Firefox, Firefox ESR (03 Apr 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system.

  • UNC path injection vulnerability in Zoom (03 Apr 2020)

    UNC path injection vulnerability has been discovered in Zoom’s video conferencing software for Windows that could let hackers steal Windows passwords and execute arbitrary commands on their devices.

  • mediawiki security update (02 Apr 2020)

    It was discovered that some user-generated CSS selectors in MediaWiki, a website engine for collaborative work, were not escaped. It is recommended to upgrade the mediawiki packages.

  • Multiple vulnerabilities in B&R Automation's Equipment (02 Apr 2020)

    Multiple vulnerabilities such as Improper Privilege Management, Missing Required Cryptographic Step, and Path Traversal have been discovered in B&R Automation's Equipment- Automation Studio. Successful exploitation of these vulnerabilities could allow an attacker to delete arbitrary files from this system, fetch arbitrary files, or perform arbitrary write operations.

  • qbittorrent security update (02 Apr 2020)

    It has been discovered that qbittorrent, a bittorrent client with a Qt5 GUI user interface, allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, which could result in remote command execution via a crafted name within an RSS feed if qbittorrent is configured to run an external program on torrent completion. It is recommended to upgrade the qbittorrent packages.

  • nodejs:12 security update (02 Apr 2020)

    Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. An Integer overflow vulnerability in UnicodeString::doAppend() has been discovered in nodejs:12. An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.

  • HAProxy security update (02 Apr 2020)

    A critical vulnerability has been discovered in HAProxy’s HTTP/2 HPACK decoder that can be exploited to cause an out-of-bound memory write potentially leading to corruption of data, a crash, or code execution.

  • Multiple vulnerabilities in DrayTek (01 Apr 2020)

    Multiple vulnerabilities have been discovered in DrayTek devices which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could result in an attacker executing arbitrary code on the affected system.

  • Vulnerability in Huawei products (01 Apr 2020)

    A buffer overflow vulnerability has been discovered in some Huawei products. This vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal.

  • Google releases security updates for Chrome (31 Mar 2020)

    Google has released Chrome version 80.0.3987.162 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • unzip security update (31 Mar 2020)

    The unzip utility is used to list, test, and extract files from zip archives. An overlapping of files in ZIP container leads to denial of service. An update for unzip is now available for Red Hat Enterprise Linux 7.

  • Avahi security update (31 Mar 2020)

    Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It has been discovered that a multicast DNS responds to unicast queries outside of local network. An update for avahi is now available for Red Hat Enterprise Linux 7.

  • TagLib security update (31 Mar 2020)

    TagLib is a library for reading and editing the meta-data of different audio formats. It has been discovered that a heap-based buffer over-read via a crafted audio file. An update for taglib is now available for Red Hat Enterprise Linux 7.

  • polkit security and bug fix update (31 Mar 2020)

    The polkit packages provide a component for controlling system-wide privileges. An Improper authorization vulnerability in polkit_backend_interactive_authority_check_authorization function in polkitd has been discovered. An update for polkit is now available for Red Hat Enterprise Linux 7.

  • Vulnerability in Schneider Electric's Equipment (31 Mar 2020)

    Improper Check for Unusual or Exceptional Conditions vulnerability has been discovered in Schneider Electric's Equipment- Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium. Successful exploitation of this vulnerability could result in a denial-of-service condition.

  • Vulnerability in Mitsubishi Electric's Equipment (31 Mar 2020)

    Uncontrolled Resource Consumption vulnerability has been discovered in Mitsubishi Electric's Equipment- MELSEC. Successful exploitation of this vulnerability may render the device unresponsive.

  • Vulnerability in Hirschmann Automation and Control GmbH's Equipment (31 Mar 2020)

    Classic Buffer Overflow vulnerability has been discovered in Hirschmann Automation and Control GmbH's Equipment- HiOS and HiSecOS. Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to overflow a buffer and fully compromise the device.

  • Vulnerability in Becton, Dickinson and Company's Equipment (31 Mar 2020)

    Protection Mechanism Failure vulnerability has been discovered in Becton, Dickinson and Company's Equipment- Pyxis MedStation and Pyxis Anesthesia (PAS) ES System. The affected BD medical devices utilize a method of software application implementation called “kiosk mode.” This kiosk mode is vulnerable to local breakouts, which could allow an attacker with physical access to bypass kiosk mode and view and/or modify sensitive data.

  • CUPS security and bug fix update (31 Mar 2020)

    The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Multiple vulnerabilities such as Local privilege escalation, Manipulation of cupsd.conf and Predictable session cookie have been discovered in CUPS. An update for CUPS is now available for Red Hat Enterprise Linux 7.

  • Wireshark security and bug fix update (31 Mar 2020)

    The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Multiple vulnerabilities have been discovered in wireshark. An update for wireshark is now available for Red Hat Enterprise Linux 7.

  • LFTP security update (31 Mar 2020)

    LFTP is a file transfer utility for File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), Hypertext Transfer Protocol (HTTP), and other commonly used protocols. A particular remote file names may lead to current working directory erased. An update for LFTP is now available for Red Hat Enterprise Linux 7.

  • AdvanceCOMP security update (31 Mar 2020)

    AdvanceCOMP is a set of recompression utilities for .PNG, .MNG and .ZIP files. An integer overflow vulnerability in png_compress in pngex.cc has been discovered in AdvanceCOMP. An update for advancecomp is now available for Red Hat Enterprise Linux 7.

  • texlive security update (31 Mar 2020)

    The texlive packages contain TeXLive, an implementation of TeX for Linux or UNIX systems. A Buffer overflow vulnerability in t1_check_unusual_charstring function in writet1.c has been discovered in texlive. An update for texlive is now available for Red Hat Enterprise Linux 7.

  • GNOME security, bug fix and enhancement update (31 Mar 2020)

    GNOME is the default desktop environment of Red Hat Enterprise Linux. A partial lock screen bypass vulnerability has been discovered in GNOME. An update for GNOME is now available for Red Hat Enterprise Linux 7.

  • Expat security update (31 Mar 2020)

    Expat is a C library for parsing XML documents. An Integer overflow vulnerability leading to buffer overflow in XML_GetBuffer() has been discovered in Expat. An update for Expat is now available for Red Hat Enterprise Linux 7.

  • rsyslog security, bug fix and enhancement update (31 Mar 2020)

    The rsyslog packages provide an enhanced, multi-threaded syslog daemon. A heap-based overflow vulnerability has been discovered in rsyslog. An update for rsyslog is now available for Red Hat Enterprise Linux 7.

  • Zeus Sphinx banking trojan arises amid COVID-19 (30 Mar 2020)

    Sphinx (a.k.a. Zloader or Terdot) is a modular malware based on the leaked source code of the infamous Zeus banking trojan and began resurfacing in December 2019. There has been significant increase in volume in March, as Sphinx’s operators looked to take advantage of the interest and news around government relief payments. Sphinx is joining the growing fray of COVID-19-themed phishing and malspam campaigns ramping up worldwide. In the latest campaigns, Sphinx is spreading via coronavirus-themed email sent to victims. Sphinx’s core capability is to harvest online account credentials for online banking sites. When infected users land on a targeted online banking portal, Sphinx dynamically fetches web injections from its command-and-control (C2) server to modify the page that the user sees, so that the information that the user enters into the log-in fields is sent to the cybercriminals.

  • Vulnerability Summary (30 Mar 2020)

    Summary of vulnerabilities for the week of Mar 23, 2020.

  • Vulnerability in Linux Kernel (30 Mar 2020)

    It has been discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information (kernel memory) or gain administrative privileges.

  • Vulnerability in Timeshift (30 Mar 2020)

    It has been discovered that Timeshift did not securely create temporary files. An attacker could exploit a race condition in Timeshift and potentially execute arbitrary commands as root.

  • Multiple vulnerabilities in WebKitGTK+ (30 Mar 2020)

    WebKit2GTK is a web content engine library for GTK+. Multiple vulnerabilities have been discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

  • Vulnerability in Versiant LYNX Customer Service Portal (30 Mar 2020)

    The Versiant LYNX Customer Service Portal version 3.5.2 is vulnerable to stored cross-site scripting, which may allow a local, authenticated attacker to execute arbitrary JavaScript.

  • Vulnerability in OTRS (27 Mar 2020)

    A vulnerability has been discovered in OTRS, an authenticated user can guess other session IDs based on its own. It is also possible to guess a password reset token or generate an automated password. This issue affects ((OTRS)) Community Edition 5.0.x, 6.0.x and OTRS 7.0.x. It is recommended to upgrade to OTRS 7.0.16, ((OTRS)) Community Edition 6.0.27, 5.0.42.

  • BlueZ security update (26 Mar 2020)

    It was discovered that the BlueZ's HID and HOGP profile implementations don't specifically require bonding between the device and the host. Malicious devices can take advantage of this flaw to connect to a target host and impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source. It is recommended to upgrade the bluez packages.

  • PostgreSQL security update (26 Mar 2020)

    PostgreSQL is an advanced object-relational database management system (DBMS). Multiple vulnerabilities such as stack-based buffer overflow and missing authorization checks have been discovered in rh-postgresql10-postgresql. An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.

  • ipmitool security update (26 Mar 2020)

    The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. A Buffer overflow vulnerability in read_fru_area_section function in lib/ipmi_fru.c has been discovered. An update for ipmitool is now available for Red Hat Enterprise Linux 7.

  • Vulnerability in Advantech's Equipment (26 Mar 2020)

    Stack-based Buffer Overflow vulnerability has been discovered in Advantech's Equipment- WebAccess. Successful exploitation of this vulnerability may allow remote code execution.

  • GitLab security release (26 Mar 2020)

    Versions 12.9.1, 12.8.8, and 12.7.8 for GitLab Community Edition (CE) and Enterprise Edition (EE) have been released. These versions contain important security fixes, and it is strongly recommended that all GitLab installations be upgraded to one of these versions immediately.

  • OpenShift Container Platform 3.11 jenkins-2-plugins security update (26 Mar 2020)

    Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Deserialization in snakeyaml YAML() objects can allow remote code execution. An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11.

  • Vulnerability in SVG Image module for Drupal 8.x (25 Mar 2020)

    SVG Image module allows to upload SVG files. The module did not sufficiently protect against malicious code inside SVG files leading to a cross site scripting vulnerability.

  • ICU security update (25 Mar 2020)

    An integer overflow vulnerability has been discovered in the International Components for Unicode (ICU) library which could result in denial of service and potentially the execution of arbitrary code. It is recommended to upgrade the icu packages.

  • Multiple vulnerabilities in Micro Focus Service Management Automation (25 Mar 2020)

    Multiple vulnerabilities in SMA were discovered by the Micro Focus Service Management Automation (SMA) R&D Team. These vulnerabilities allow improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.

  • Improper authentication vulnerability in some Huawei Smartphones (25 Mar 2020)

    An improper authentication vulnerability has been discovered in some Huawei smartphones. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploitation could allow the attacker to bypass the authentication to perform unauthorized operations.

  • Serendipity releases security update (25 Mar 2020)

    Serendipity has released Serendipity 2.3.4, fixing a security flaw that was present on Windows installations only and exploitable only for users with upload rights on the Media library.

  • Vulnerability in Micro Focus Vibe (25 Mar 2020)

    A stored XSS vulnerability was discovered in Micro Focus Vibe prior to 4.0.7 which allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser.

  • McAfee security bulletin (24 Mar 2020)

    DLL Side Loading vulnerability has been discovered in the installer for McAfee Application and Change Control (MACC) prior to 8.3, this allows local users to execute arbitrary code via execution from a compromised folder. It is recommended to install or update to McAfee Application and Change Control (MACC) 8.3 or 8.2.6.

  • Vulnerability in IBus (24 Mar 2020)

    It was discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.

  • Multiple vulnerabilities in Schneider Electric's Equipment (24 Mar 2020)

    Multiple vulnerabilities such as Path Traversal and Missing Authentication for Critical Function have been discovered in Schneider Electric's Equipment- IGSS (Interactive Graphical SCADA System). Successful exploitation of these vulnerabilities could result in unauthorized access to sensitive data and functions.

  • Multiple vulnerabilities in VISAM's Equipment (24 Mar 2020)

    Multiple vulnerabilities such as Relative Path Traversal, Incorrect Default Permissions, Inadequate Encryption Strength, Insecure Storage of Sensitive Information, and Stack-based Buffer Overflow have been discovered in VISAM's Equipment- VBASE. Successful exploitation of these vulnerabilities could allow an attacker to read the contents of unexpected files, escalate privileges to system level, execute arbitrary code on the targeted system, bypass security mechanisms, and discover the cryptographic key for the web login.

  • Adobe releases security update (24 Mar 2020)

    Adobe has released a security update for the Adobe Creative Cloud Desktop Application for Windows. Successful exploitation could lead to arbitrary file deletion.

  • Apple releases security updates (24 Mar 2020)

    Apple has released security updates to address multiple vulnerabilities affecting various Apple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • systemd-journald vulnerability (24 Mar 2020)

    A memory leak has been discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.

  • Vulnerability in Keijiban Tsumik (24 Mar 2020)

    Keijiban Tsumiki provided by Mash room is a CGI to provide Bulletin Board System (BBS) functions. An OS command injection vulnerability has been discovered in Keijiban Tsumiki.

  • CVE - KB Correlation (24 Mar 2020)

    List of CVE ID and corresponding Knowledge Base ID’s as released by Microsoft during March 2020.

  • Multiple vulnerabilities in Vim (23 Mar 2020)

    It has been discovered that Vim incorrectly handled certain sources, files and inputs. An attacker could possibly use these vulnerabilities to cause a denial of service or execute arbitrary code.

  • runc security update (23 Mar 2020)

    The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. A volume mount race condition with shared mounts leads to information leak/integrity manipulation. An update for runc is now available for Red Hat Enterprise Linux 7 Extras.

  • tomcat6 security update (23 Mar 2020)

    Apache Tomcat AJP File Read/Inclusion vulnerability has been discovered. An update for tomcat6 is now available for Red Hat Enterprise Linux 6.

  • RCE vulnerabilities affecting Microsoft Windows and Windows Server (23 Mar 2020)

    Remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. A remote attacker can exploit these vulnerabilities to take control of an affected system.

  • Vulnerability Summary (23 Mar 2020)

    Summary of vulnerabilities for the week of Mar 16, 2020.

  • devtoolset-8-gcc security update (23 Mar 2020)

    The devtoolset-8-gcc packages provide the Red Hat Developer Toolset version of GNU Compiler Collection (GCC), as well as related libraries. The POWER9 "DARN" RNG intrinsic produces repeated output. An update for devtoolset-8-gcc is now available for Red Hat Developer Toolset 8 for Red Hat Enterprise Linux.

  • Tor security update (20 Mar 2020)

    A denial of service vulnerability (by triggering high CPU consumption) has been discovered in Tor, a connection-based low-latency anonymous communication system. For the stable distribution (buster), this problem has been fixed in version 0.3.5.10-1.

  • Machine-In-The-Middle vulnerability in lix (20 Mar 2020)

    All versions of lix are vulnerable to Machine-In-The-Middle. The package accepts downloads with http and follows location header redirects for package downloads. This allows for an attacker in a privileged network position to intercept a lix package installation and redirect the download to a malicious source.

  • Vulnerability in phpMyAdmin (20 Mar 2020)

    An SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results. The attack requires an attacker be able to insert specially-crafted data in to certain database tables, which when retrieved can trigger the XSS attack.

  • rails security update (20 Mar 2020)

    In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. It is recommended to upgrade the rails packages.

  • Unsafe Object Creation vulnerability in JSON (19 Mar 2020)

    An unsafe object creation vulnerability has been discovered in the json gem bundled with Ruby. When parsing certain JSON documents, the json gem (including the one bundled with Ruby) can be coerced into creating arbitrary objects in the target system.

  • Multiple vulnerabilities in Twisted (19 Mar 2020)

    It was discovered that Twisted incorrectly validated URLs or HTTP methods, incorrectly verified XMPP TLS certificates, incorrectly handled HTTP/2 connections and incorrectly handled certain content-length headers. A remote attacker could use these issues to perform header injection attacks, obtain sensitive information, lead to denial of service and perform HTTP request splitting attacks respectively.

  • Kernel memory disclosure with nested jails (19 Mar 2020)

    A missing NUL-termination check for the jail_set(2) configuration option "osrelease" may return more bytes when reading the jail configuration back with jail_get(2) than were originally set. For jails with a non-default setting of children.max > 0 ("nested jails") a superuser inside a jail can create a jail and may be able to read and take advantage of exposed kernel memory.

  • zsh security update (19 Mar 2020)

    The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. An insecure dropping of privileges when unsetting PRIVILEGED option vulnerability has been discovered in zsh. An update for zsh is now available for Red Hat Enterprise Linux 8.

  • Vulnerability in Systech Corporation's Equipment (19 Mar 2020)

    Cross-site Scripting vulnerability has been discovered in Systech Corporation's Equipment- NDS-5000 Terminal Server. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution.

  • Vulnerability in Insulet's Equipment (19 Mar 2020)

    Improper Access Control vulnerability has been discovered in Insulet's Equipment- Omnipod Insulin Management System. Successful exploitation of this vulnerability may allow an attacker to gain access to the affected products to intercept, modify, or interfere with the wireless RF (radio frequency) communications to or from the product. This may allow attackers to read sensitive data, change pump settings, or control insulin delivery.

  • Google releases security updates for Chrome (18 Mar 2020)

    Google has released Chrome version 80.0.3987.149 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Cisco releases security updates for SD-WAN Solution Software (18 Mar 2020)

    Cisco has released security updates to address multiple vulnerabilities in SD-WAN Solution software. An attacker could exploit these vulnerabilities to take control of an affected system.

  • Drupal releases security updates (18 Mar 2020)

    Drupal has released security updates to address vulnerabilities affecting Drupal 8.7.x and 8.8.x. An attacker could exploit these vulnerabilities to take control of an affected system.

  • APT36 Taps Coronavirus as ‘Golden Opportunity’ to Spread Crimson RAT (17 Mar 2020)

    A Pakistani-linked threat actor, APT36, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. The functionalities of the Crimson RAT include stealing credentials from victims’ browsers, capturing screenshots, collecting anti-virus software information, and listing the running processes, drives and directories from victim machines. The use of such data exfiltration capabilities are common for APT36 (also known as Transparent Tribe, ProjectM, Mythic Leopard, and TEMP.Lapis), active since 2016.

  • Multiple vulnerabilities in Delta Electronics' Equipment (17 Mar 2020)

    Multiple vulnerabilities such as Stack-based Buffer Overflow and Out-of-bounds Read have been discovered in Delta Electronics' Equipment- Delta Industrial Automation CNCSoft ScreenEditor. Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or crash the application.

  • Adobe releases security bulletin (17 Mar 2020)

    Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • Vulnerability in CMS Made Simple (16 Mar 2020)

    Remote Code Execution (RCE) vulnerability has been discovered in CMS Made Simple 2.2.13, it is vulnerable using crafted JPG extension files through the Filemanager.

  • Vulnerability Summary (16 Mar 2020)

    Summary of vulnerabilities for the week of Mar 09, 2020.

  • Multiple vulnerabilities in Trend Micro Worry-Free Business Security (16 Mar 2020)

    Multiple vulnerabilities have been discovered in Trend Micro Worry-Free Business Security. An attacker could exploit these vulnerabilities to take control of an affected system.

  • slirp security update (13 Mar 2020)

    It was discovered that there was a buffer overflow vulnerability in slirp, a SLIP/PPP emulator for using a dial up shell account. This was caused by the incorrect usage of return values from snprintf(3). It is recommended to upgrade the slirp packages.

  • Vulnerability in VMware (12 Mar 2020)

    VMware Workstation and Fusion contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.

  • Vulnerability in Microsoft Server Message Block (12 Mar 2020)

    A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.

  • Vulnerability in Rockwell Automation's Equipment (12 Mar 2020)

    Improper Access Control vulnerability has been discovered in Rockwell Automation's Equipment- Allen-Bradley Stratix 5950. Successful exploitation of this vulnerability could allow an attacker to write a modified image to the component.

  • Security update for Trend Micro Password Manager (12 Mar 2020)

    Trend Micro has released an updated version of Trend Micro Password Manager 5.0 (Windows) that resolves a DLL hijacking vulnerability in both the standalone version of the product and the versions packed with the latest version of Trend Micro Security (Consumer).

  • Vulnerability in FortiSIEM (12 Mar 2020)

    A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of FortiSIEM could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.

  • Multiple vulnerabilities in MELQIC IU1 series of Mitsubishi Electric Corporation (11 Mar 2020)

    Data collection analyzer MELQIC IU1 series provided by Mitsubishi Electric Corporation contain multiple vulnerabilities in TCP/IP function included in the firmware. By receiving a packet which is specially crafted by an attacker, the network functions of the products may be stopped or malware may be executed.

  • Vulnerability in Huawei products (11 Mar 2020)

    An out-of-bounds read vulnerability has been discovered in some Huawei products. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products.

  • Deserialization vulnerability in Apache ShardingSphere (11 Mar 2020)

    Apache ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type by using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE. An attacker can use untrusted data to fill in the DataSource Config after login the sharding-ui.

  • Vulnerability in TIBCO (11 Mar 2020)

    TIBCO Spotfire Server Script Trust Problem exposes remote code execution vulnerability. This vulnerability allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes.

  • Vulnerability in Intel Smart Sound Technology (10 Mar 2020)

    Improper access control vulnerability in the subsystem for Intel(R) Smart Sound Technology may allow an authenticated user to potentially enable escalation of privilege via local access.

  • Vulnerability in Puppet Server and PuppetDB (10 Mar 2020)

    Puppet Server and PuppetDB may leak sensitive information via metrics API. PE 2018.1.13 & 2019.4.0, Puppet Server 6.9.1 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default.

  • Multiple vulnerabilities in Siemens' Equipment (10 Mar 2020)

    Multiple vulnerabilities have been discovered in various Siemens' Equipment. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in Johnson Controls' Equipment (10 Mar 2020)

    Improper Restriction of XML External Entity Reference and Improper Input Validation vulnerabilities have been discovered in Johnson Controls' Equipment- Metasys and EntraPass. Successful exploitation of these vulnerabilities can allow a denial-of-service attack or disclosure of sensitive data and malicious code execution with system-level privileges respectively.

  • Multiple vulnerabilities in Rockwell Automation's Equipment (10 Mar 2020)

    Multiple vulnerabilities such as Use of Hard-coded Cryptographic Key, Use of a Broken or Risky Algorithm for Password Protection, Use of Client-Side Authentication and Cleartext Storage of Sensitive Information have been discovered in Rockwell Automation's Equipment- MicroLogix 1400 Controllers, MicroLogix 1100 Controllers, and RSLogix 500 Software. Successful exploitation of these vulnerabilities could allow an attacker to gain access to sensitive project file information including passwords.

  • Mozilla releases security update for Firefox and Firefox ESR (10 Mar 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Intel releases security updates (10 Mar 2020)

    Potential security vulnerabilities in Intel Graphics Drivers may allow escalation of privilege, denial of service and/or information disclosure. Intel has released software updates to mitigate these potential vulnerabilities.

  • Microsoft releases March 2020 security updates (10 Mar 2020)

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in Ramp Altimeter (10 Mar 2020)

    A Stored XSS vulnerability has been discovered in Ramp Altimeter that allows a malicious user to store arbitrary JavaScript payloads on the application server.

  • Vulnerability Summary (09 Mar 2020)

    Summary of vulnerabilities for the week of Mar 02, 2020.

  • Zoho releases security update for ManageEngine Desktop Central (07 Mar 2020)

    An unauthenticated remote code execution vulnerability was discovered in ManageEngine Desktop Central. This vulnerability could allow remote attackers to execute arbitrary code on affected installations of Desktop Central. Authentication is not required to exploit this vulnerability. It is recommended to update to the latest version.

  • Vulnerability in Apache Tomcat (06 Mar 2020)

    In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. An attacker may exploit this vulnerability to perform an HTTP request smuggling attack.

  • jackson-databind security update (06 Mar 2020)

    Multiple vulnerabilities have been discovered in jackson-databind source package. It is recommended to upgrade the jackson-databind packages.

  • NVIDIA Security Bulletin (05 Mar 2020)

    NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, escalation of privileges, or information disclosure.

  • Multiple vulnerabilities in WAGO's Equipment (05 Mar 2020)

    Multiple vulnerabilities such as Information Exposure Through Sent Data, Buffer Access with Incorrect Length Value, Missing Authentication for Critical Function, and Classic Buffer Overflow have been discovered in WAGO's Equipment- I/O-CHECK Series PFC100 and Series PFC200. Successful exploitation of these vulnerabilities could allow an attacker to change settings, delete the application, run remote code, cause a system crash, cause a denial-of-service condition, revert to factory settings, and overwrite MAC addresses.

  • python-waitress security update (05 Mar 2020)

    Waitress is a pure Python WSGI server which supports HTTP/1.0 and HTTP/1.1. Multiple vulnerabilities have been discovered in python-waitress. An update for python-waitress is now available for Red Hat OpenStack Platform 15 (Stein).

  • OpenShift Container Platform 4.2.21 openshift/installer security update (05 Mar 2020)

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. HTTP/1.1 headers with a space before the colon led to filter bypass or request smuggling. An update for ose-installer-artifacts-container and ose-installer-container is now available for Red Hat OpenShift Container Platform 4.2.

  • pdfresurrect security update (05 Mar 2020)

    It was discovered that there was an out-of-bounds write vulnerability in pdfresurrect, a tool for extracting or scrubbing versioning data from PDF documents. It is recommended to upgrade the pdfresurrect packages.

  • Vulnerability in Wing FTP Server (04 Mar 2020)

    A vulnerability in the handling of HTTP sessions within Wing FTP Server allows any local user to escalate privileges to root on Linux, MacOS, and Solaris. Exploitation is contingent on an already-established administrative session.

  • Vulnerability in Point to Point Protocol Daemon (04 Mar 2020)

    pppd (Point to Point Protocol Daemon) versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol (EAP) packet processing in eap_request and eap_response subroutines.

  • Vulnerability in Cisco Email Security Appliance (04 Mar 2020)

    A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device.

  • Drupal SVG Formatter security update (04 Mar 2020)

    Critical cross site scripting vulnerability has been discovered in Drupal SVG Formatter. This vulnerability is mitigated by the fact that an attacker must be able to upload SVG files. It is recommended to upgrade the SVG Formatter module for Drupal 8.x to SVG Formatter 8.x-1.12.

  • Multiple vulnerabilities in Netgear Products (04 Mar 2020)

    Netgear has released security updates to address multiple vulnerabilities affecting various Netgear products.

  • Cisco releases security updates (04 Mar 2020)

    Cisco has released security updates to address multiple vulnerabilities affecting various Cisco products.

  • Insufficient data validation in yubikey-val (03 Mar 2020)

    Insufficient data validation vulnerability has been discovered in the open-source project for YubiKey Validation Server. This issue potentially affects developers, partners, and customers who have used a YubiKey Validation Server to build a self-hosted one-time password (OTP) validation service. The default configuration of the service only exposes the verify API, which could allow an attacker to perform a denial of service, potentially preventing legitimate authentications.

  • Google releases security update for Chrome (03 Mar 2020)

    Google has released Chrome version 80.0.3987.132 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • libzypp security update (03 Mar 2020)

    It was discovered that there was an issue where incorrect default permissions on a HTTP cookie store could have allowed local attackers to read private credentials in libzypp, a package management library that powers applications. It is recommended to upgrade the libzypp packages.

  • qemu-kvm-ma security update (03 Mar 2020)

    The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. OOB heap access via an unexpected response of iSCSI Server vulnerability was discovered. An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

  • Vulnerability in Omron's Equipment (03 Mar 2020)

    Uncontrolled Resource Consumption vulnerability has been discovered in Omron's Equipment- PLC CJ Series. Successful exploitation of this vulnerability could cause a denial-of-service condition.

  • Vulnerability in Phoenix Contact's Equipment (03 Mar 2020)

    Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in Phoenix Contact's Equipment- Emalytics Controller ILC 2050 BI(L). Successful exploitation of this vulnerability could allow an attacker to change the device configuration and start or stop services.

  • Vulnerability in Emerson's Equipment (03 Mar 2020)

    Improper Access Control vulnerability has been discovered in Emerson's Equipment- ValveLink. Successful exploitation of this vulnerability could allow arbitrary code execution.

  • Ruby security update (03 Mar 2020)

    Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple vulnerabilities have been discovered in Ruby. An update for ruby is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

  • kernel security and enhancement update (03 Mar 2020)

    Multiple vulnerabilities have been discovered in kernel. An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support.

  • Red Hat build of Eclipse Vert.x 3.8.5 security update (03 Mar 2020)

    Multiple vulnerabilities have been discovered in Red Hat build of Eclipse Vert.x. An update is now available for Red Hat build of Eclipse Vert.x.

  • Vulnerability in Rake (03 Mar 2020)

    It has been discovered that Rake incorrectly handled certain files. An attacker could use this issue to possibly execute arbitrary commands.

  • Pixel update bulletin (02 Mar 2020)

    The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices (Google devices). For Google devices, security patch levels of 2020-03-05 or later address all issues in this bulletin and all issues in the March 2020 Android Security Bulletin.

  • Vulnerability Summary (02 Mar 2020)

    Summary of vulnerabilities for the week of Feb 24, 2020.

  • Android Security Bulletin (02 Mar 2020)

    The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-03-05 or later address all of these issues.

  • Information Disclosure vulnerability in Cisco wireless products (27 Feb 2020)

    A vulnerability in the implementation of the wireless egress packet processing of certain Broadcom Wi-Fi chipsets has been discovered. Multiple Cisco wireless products are affected by this vulnerability. This vulnerability could allow an unauthenticated, adjacent attacker to decrypt Wi-Fi frames without the knowledge of the Wireless Protected Access (WPA) or Wireless Protected Access 2 (WPA2) Pairwise Temporal Key (PTK) used to secure the Wi-Fi network.

  • Proftpd-dfsg security update (26 Feb 2020)

    An use-after-free flaw in the memory pool allocator in ProFTPD, a powerful modular FTP/SFTP/FTPS server, has been discovered. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code. It is recommended to upgrade proftpd-dfsg packages.

  • Rake security update (26 Feb 2020)

    There is an OS command injection vulnerability in Rake, a ruby make-like utility. It is recommended to upgrade rake packages.

  • Multiple vulnerabilities in Honeywell's Equipment (25 Feb 2020)

    Multiple vulnerabilities such as Cross-site Request Forgery, Improper Neutralization of HTTP Headers for Scripting Syntax, and Use of Obsolete Function have been discovered in Honeywell's Equipment- WIN-PAK. Successful exploitation of these vulnerabilities allows an attacker to perform remote code execution.

  • CVE - KB Correlation (25 Feb 2020)

    List of knowledge base article IDs associated with the CVEs for the security updates released by Microsoft for February 2020.

  • Google releases security update for Chrome (24 Feb 2020)

    Google has released Chrome version 80.0.3987.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • OpenSMTPD releases version 6.6.4p1 to address a critical vulnerability (24 Feb 2020)

    OpenSMTPD has released version 6.6.4p1 to address a critical vulnerability. A remote attacker could exploit this vulnerability to take control of an affected server.

  • python-pysaml2 security update (21 Feb 2020)

    It has been discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification. It is recommended to upgrade the python-pysaml2 packages.

  • ksh security update (20 Feb 2020)

    KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. Certain environment variables interpreted as arithmetic expressions on startup, lead to code injection vulnerability. An update for ksh is now available for Red Hat Enterprise Linux 8.

  • Multiple vulnerabilities in Auto-Maskin's Equipment (20 Feb 2020)

    Multiple vulnerabilities such as Cleartext Transmission of Sensitive Information, Origin Validation Error, Use of Hard-coded Credentials, Weak Password Recovery Mechanism for Forgotten Password, and Weak Password Requirements have been discovered in various Equipments- RP 210E Remote Panels, DCU 210E Control Units, and Marine Observer Pro (Android App). Successful exploitation of these vulnerabilities could allow a remote attacker to gain root access to the underlying operating system of the device and may allow read/write access.

  • Multiple vulnerabilities in Honeywell's Equipment (20 Feb 2020)

    Multiple vulnerabilities such as Authentication Bypass by Capture-replay and Path Traversal have been discovered in Honeywell's Equipment- NOTI-FIRE-NET Web Server (NWS-3). Successful exploitation of these vulnerabilities could result in an attacker bypassing web server authentication methods.

  • Vulnerability in Rockwell Automation's Equipment (20 Feb 2020)

    Deserialization of Untrusted Data vulnerability has been discovered in Rockwell Automation's Equipment- FactoryTalk Diagnostics. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM level privileges.

  • Vulnerability in B&R Industrial Automation GmbH's Equipment (20 Feb 2020)

    Improper Authorization vulnerability has been discovered in B&R Industrial Automation GmbH's Equipment- Automation Studio and Automation Runtime. Successful exploitation of this vulnerability may allow a remote attacker to modify the configuration of affected devices.

  • Adobe releases security updates for After Effects and Media Encoder (19 Feb 2020)

    Adobe has released an update for Adobe After Effects and Media Encoder. This update resolves a critical out-of-bounds write vulnerability that could lead to arbitrary code execution in the context of the current user.

  • Cisco releases security updates (19 Feb 2020)

    Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Google releases security updates for Chrome (18 Feb 2020)

    Google has released Chrome version 80.0.3987.116 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Vulnerability in Emerson's Equipment (18 Feb 2020)

    Heap-based Buffer Overflow vulnerability has been discovered in Emerson's Equipment- OpenEnterprise SCADA Server. Successful exploitation of this vulnerability could allow an attacker to execute code on an OpenEnterprise SCADA Server.

  • Vulnerability in Honeywell's Equipment (18 Feb 2020)

    Improper Privilege Management vulnerability has been discovered in Honeywell's Equipment- INNCOM INNControl 3. Successful exploitation of this vulnerability could allow an attacker to escalate user privileges within the INNControl application.

  • Vulnerability in Spacelabs' Equipment (18 Feb 2020)

    Improper Input Validation vulnerability has been discovered in Spacelabs' Equipment- Xhibit Telemetry Receiver. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system.

  • Multiple vulnerabilities in Interpeak's Equipment (18 Feb 2020)

    Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Injection, and Null Pointer Dereference have been discovered in various Equipments- OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River. Successful exploitation of these vulnerabilities could allow remote code execution.

  • Vulnerability in GE's Equipment (18 Feb 2020)

    Protection Mechanism Failure vulnerability has been discovered in GE's Equipment- Ultrasound Products. The affected GE Healthcare ultrasound devices utilize a method of software application implementation called “Kiosk Mode.” This Kiosk Mode is vulnerable to local breakouts, which could allow an attacker with physical access to gain access to the operating system of affected devices.

  • Vulnerability in IBM DB2 (18 Feb 2020)

    Db2 is vulnerable to denial of service. Db2 could allow an attacker to send specially crafted packets to the Db2 server to cause excessive memory usage and cause Db2 to terminate abnormally.

  • Vulnerability in ClamAV (18 Feb 2020)

    It has been discovered that ClamAV, an antivirus software, was susceptible to a denial of service attack by unauthenticated users via inefficient MIME parsing of especially crafted email files.

  • Multiple vulnerabilities in PHP7.3 (17 Feb 2020)

    Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.

  • Vulnerability Summary (17 Feb 2020)

    Summary of vulnerabilities for the week of Feb 10, 2020.

  • Multiple vulnerabilities in evince (14 Feb 2020)

    Multiple vulnerabilities such as command injection, disclosure of uninitialized memory and buffer overflow have been discovered in evince, a simple multi-page document viewer.

  • Vulnerability in FortiManager (13 Feb 2020)

    An Insufficient Verification of Data Authenticity vulnerability in FortiManager may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.

  • Vulnerability in Schneider Electric's Magelis HMI Panel Equipment (13 Feb 2020)

    Improper Check for Unusual or Exceptional Conditions vulnerability has been discovered in Schneider Electric's Equipment- Magelis HMI Panel. Successful exploitation of this vulnerability could allow a denial-of-service condition.

  • Multiple vulnerabilities in Schneider Electric's Modicon Equipment (13 Feb 2020)

    Improper Check for Unusual or Exceptional Conditions and Improper Access Control vulnerabilities have been discovered in Schneider Electric's Equipment- Modicon BMXNOR0200H. Successful exploitation of these vulnerabilities could allow remote code execution or cause a denial-of-service condition.

  • Vulnerability in Huawei Firewall Products (12 Feb 2020)

    An out-of-bound read vulnerability has been discovered in Huawei Firewall products that the IPSec module does not validate a field in a specific message. Attackers can exploit this vulnerability to send malformed message to cause out-of-bound read, compromising normal service.

  • Vulnerability in GlobalProtect (12 Feb 2020)

    A denial-of-service (DoS) vulnerability has been discovered in Palo Alto Networks GlobalProtect software running on Mac OS. This vulnerability allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.

  • Vulnerability in PAN-OS (12 Feb 2020)

    Missing XML validation vulnerability has been discovered in the PAN-OS web interface on Palo Alto Networks PAN-OS software. This vulnerability allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6.

  • libemail-address-list-perl security update (12 Feb 2020)

    Denial of service via an algorithmic complexity attack on email address parsing has been discovered in libemail-address-list-perl. It is recommended to upgrade the libemail-address-list-perl packages.

  • Red Hat JBoss Fuse/A-MQ 6.3 security update (12 Feb 2020)

    This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3 and includes bug fixes.

  • openjdk-8 security update (12 Feb 2020)

    Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes. It is recommended to upgrade the openjdk-8 packages.

  • Microsoft Exchange Server security update (11 Feb 2020)

    A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM. This security update addresses the vulnerability by correcting how Microsoft Exchange creates the keys during install.

  • Mozilla releases security updates for multiple products (11 Feb 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Adobe releases security updates for multiple products (11 Feb 2020)

    Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Intel releases security updates (11 Feb 2020)

    Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to gain escalation of privileges.

  • Microsoft releases February 2020 security updates (11 Feb 2020)

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in Digi International's Equipment (11 Feb 2020)

    Unrestricted Upload of File with Dangerous Type and Cross-site Scripting vulnerabilities have been discovered in Digi International's Equipment- ConnectPort LTS 32 MEI. Successful exploitation of these vulnerabilities could limit system availability.

  • Multiple vulnerabilities in Siemens' Equipment (11 Feb 2020)

    Multiple vulnerabilities have been discovered in multiple products of Siemens. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in Synergy Systems & Solutions' Equipment (11 Feb 2020)

    Improper Authentication and Improper Input Validation vulnerabilities have been discovered in Synergy Systems & Solutions' Equipment- HUSKY RTU. Successful exploitation of these vulnerabilities could allow an attacker to read sensitive information, execute arbitrary code, or cause a denial-of-service condition.

  • Vulnerability in spice-gtk (11 Feb 2020)

    The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Insufficient encoding checks for LZ can cause different integer/buffer overflows.

  • Multiple vulnerabilities in Yubico PIV Tool (11 Feb 2020)

    It has been discovered that libykpiv, a supporting library of the Yubico PIV Tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager.

  • Multiple vulnerabilities in libexif (11 Feb 2020)

    It has been discovered that libexif incorrectly handled certain files. An attacker could possibly exploit these vulnerabilities to access sensitive information, cause a denial of service or execute arbitrary code.

  • Vulnerability in Fortiguard products (10 Feb 2020)

    A system command injection vulnerability has been discovered in FortiAP. This vulnerability in FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.

  • Vulnerability Summary (10 Feb 2020)

    Summary of vulnerabilities for the week of Feb 03, 2020.

  • Multiple vulnerabilities in Qtbase (10 Feb 2020)

    It has been discovered that Qt incorrectly handled certain PPM images, text files and incorrectly searched for plugins and libraries in the current working directory. A remote attacker could exploit these vulnerabilities to cause a denial of service and execute arbitrary code on an affected system.

  • Vulnerability in libexif (10 Feb 2020)

    An out-of-bounds write vulnerability due to an integer overflow has been reported in libexif, a library to parse exif files. This flaw might be leveraged by remote attackers to cause denial of service, or potentially execute arbitrary code via crafted image files.

  • Multiple vulnerabilities in HPE Product (08 Feb 2020)

    It has been discovered that HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access multiple remote vulnerabilities including information disclosure, or denial of service.

  • Emotet evolves with new Wi-Fi Spreader (07 Feb 2020)

    A new loader type has been identified that takes advantage of the wlanAPI interface to enumerate all Wi-Fi networks in the area, and then attempts to spread to these networks, infecting all devices that it can access in the process.

  • Vulnerability in libxmlrpc3-java (06 Feb 2020)

    It has been reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library.

  • Cisco Discovery Protocol (CDP) enabled devices are vulnerable to denial-of-service and remote code execution (05 Feb 2020)

    CDP supported devices are vulnerable to heap overflow in Cisco IP Cameras (CVE-2020-3110), stack overflow in Cisco VoIP devices (CVE-2020-3111), a format string stack overflow vulnerability (CVE-2020-3118), stack overflow and arbitrary write (CVE-2020-3119), and a resource exhaustion denial-of-service vulnerability (CVE-2020-3120) in Cisco NX-OS switches and Cisco IOS XR Routers, among others. These vulnerabilities could allow an attacker on the local network to execute code or cause a denial of service.

  • Multiple vulnerabilities in CA Unified Infrastructure Management (05 Feb 2020)

    Multiple vulnerabilities have been discovered in CA Unified Infrastructure Management (Nimsoft / UIM) of CA Technologies, a Broadcom Company. These vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code or commands, read from or write to systems, or conduct denial of service attacks.

  • Vulnerability in AutomationDirect's Equipment (04 Feb 2020)

    Insufficiently Protected Credentials vulnerability has been discovered in AutomationDirect's Equipment- C-More Touch Panels EA9 Series. Successful exploitation of this vulnerability may allow an attacker to get account information such as usernames and passwords, obscure or manipulate process data, and lock out access to the device.

  • Vulnerability in Python-Django (04 Feb 2020)

    It has been discovered that Django incorrectly handled input in the PostgreSQL module. A remote attacker could possibly use this to perform SQL injection attacks.

  • GraphicsMagick vulnerabilities (04 Feb 2020)

    It has been discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

  • Multiple vulnerabilities in Symantec (03 Feb 2020)

    Symantec has released updates to address issues that were discovered in the Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Small Business Edition (SEP SBE) products.

  • Slow HTTP DoS attacks mitigation in Fortiguard products (03 Feb 2020)

    An Uncontrolled Resource Consumption vulnerability has been discovered in multiple products of Fortiguard. This vulnerability could allow an attacker to cause web service portal denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly.

  • Vulnerability Summary (03 Feb 2020)

    Summary of vulnerabilities for the week of Jan 27, 2020.

  • Vulnerability in Sudo (03 Feb 2020)

    Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account.