Multiple vulnerabilities such as Server-Side Forgery Request, and Arbitrary File Deletion
have been discovered in XStream. It is recommended to upgrade the libxstream-java packages.
CVE ID: CVE-2020-26258 (High), CVE-2020-26259 (Medium)
A Cross Site Request Forgery (CSRF) vulnerability has been discovered in McAfee Network
Security Management (NSM) which may allow an attacker to change the configuration of the
Network Security Manager via a carefully crafted HTTP request. The affected version are
McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55.
CVE ID: CVE-2020-7336 (Medium)
Multiple vulnerabilities identified in QNAP Products, a remote attacker may exploit some of
these vulnerabilities to trigger disclose sensitive information and data manipulation on the
targeted system. These issues do not affect in QNAP version QTS 4.5.1.1456 build 20201015
(and later), QuTS hero h4.5.1.1472 build 20201031 (and later) & QuTScloud c4.5.2.1379
build 20200730 (and later).
CVE ID: CVE-2018-19944 (Medium), CVE-2018-19941 (Medium), CVE-2018-19945 (High)
It has been discovered that OpenEMR, the most popular open source electronic health records
and medical practice management solution allows Cross-Site Request Forgery (CSRF) via
library/ajax and interface/super, as demonstrated by use of
interface/super/manage_site_files.php to upload a .php file. The affected version is OpenEMR
5.0.1.3.
CVE ID: CVE-2018-16795
It has been discovered that Green Packet WiMax DV-360 devices allow Command Injection, with
unauthenticated remote command execution, via a crafted payload to the HTTPS port, because
lighttpd listens on all network interfaces (including the external Internet) by default. The
affected version is Green Packet WiMax DV-360 2.10.14-g1.0.6.1.
CVE ID: CVE-2018-14067
It has been discovered that GDrayTek Vigor2960, wireless access point allows remote command
execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. The affected
version is GDrayTek Vigor2960 1.5.1.
CVE ID: CVE-2020-19664
It has been discovered that User-Friendly USVN, a web interface written in PHP used to
configure Subversion repositories allows remote code execution via shell metacharacters in
the number_start or number_end parameter to LastHundredRequest (aka
lasthundredrequestAction) in the Timeline. The affected versions are USVN before 1.0.9.
CVE ID: CVE-2020-17363
Command Injection vulnerability has been discovered in the CPE WAN Management Protocol
(CWMP) registration in Amino Communications. The vulnerability allows Man-in-the-Middle
attackers to execute arbitrary commands with root level privileges. The affected versions
are AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B.
CVE ID: CVE-2020-10209
It has been discovered that the Inventory module of the 1E Client doesn't handle an unquoted
path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow
remote authenticated users and local users to gain elevated privileges by placing a
malicious cryptbase.dll file in %WINDIR%\Temp\.
CVE ID: CVE-2020-27644
It has been discovered that Agentejo Cockpit allows NoSQL injection vulnerability via the
Controller/Auth.php newpassword function. The affected versions are Agentejo Cockpit before
0.11.2.
CVE ID: CVE-2020-35848
A vulnerability has been discovered in roundcube, a web-based IMAP email client where in a
cross-site scripting (XSS) via HTML or Plain text messages with malicious content is
possible. It is recommended to upgrade the roundcube packages.
CVE ID: CVE-2020-35730 (Medium)
It has been discovered that SPIP, a website engine for publishing, does not correctly
validate its input (couleur, display, display_navigation, display_outils, imessage, and
spip_ecran) which allows authenticated users to execute arbitrary code. It is recommended to
upgrade the spip packages.
CVE ID: CVE-2020-28984 (Critical)
HedgeDoc is a collaborative platform for writing and sharing markdown. It has been
discovered that an attacker can inject arbitrary `script` tags in HedgeDoc notes using
mermaid diagrams. The affected versions are HedgeDoc before version 1.7.1.
CVE ID: CVE-2020-26287 (High)
A Distributed Denial of Service(DDoS) vulnerability has been discovered in Citrix ADC. An
attacker or bots can overwhelm the Citrix ADC DTLS network throughput, potentially leading
to outbound bandwidth exhaustion.
It has been discovered that iSM client running on NEC Storage Manager or NEC Storage Manager
Express does not verify a server certificate properly, which allows a man-in-the-middle
attacker to eavesdrop on an encrypted communication or alter the communication via a crafted
certificate. The affected versions are iSM client versions from V5.1 prior to V12.1.
CVE ID: CVE-2020-5684
A vulnerability has been discovered in the HTTP package for Dart. If an attacker controls
the HTTP method and the App is using request directly, it's possible to achieve Carriage
Return and Line Feed (CRLF) injection in an HTTP request. The affected version are HTTP
package through 0.12.2 for Dart.
CVE ID: CVE-2020-35669
It has been discovered that BigProf Online Invoicing System fails to adequately sanitize
fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a
new group, resulting in Stored XSS. The affected versions are BigProf Online Invoicing
System before 4.0.
CVE ID: CVE-2020-35677
It has been discovered that Awstats, a web server log analyzer, is vulnerable to path
traversal attacks. A remote unauthenticated attacker can leverage that to perform arbitrary
code execution. It is recommended to upgrade the awstats packages.
CVE ID: CVE-2020-29600 (Critical), CVE-2020-35176 (Medium)
Multiple vulnerabilities have been discovered in QES, QTS and QuTS hero of QNAP. A remote
attacker can exploit some of these vulnerabilities to trigger remote code execution,
disclose sensitive information, cross-site scripting and bypass security restriction on the
targeted system.
CVE ID: CVE-2020-2499 (High), CVE-2016-6903 (High), CVE-2020-25847 (High),
CVE-2020-2503 (Critical), CVE-2020-2504 (Medium), CVE-2020-2505 (Low)
The update for a privilege escalation vulnerability via the ceph_volume_client Python
interface is available. The affected products are SUSE Linux Enterprise Module for
Basesystem 15-SP2 & SUSE Enterprise Storage 7.
CVE ID: CVE-2020-27781 (High)
Heap buffer overflow has been discovered in the TFTP protocol handler in cURL 7.19.4 to
7.65.3. An attacker can cause a Denial of Service (DoS) or arbitrary code execution if you
use cURL to transfer data to or from a Trivial File Transport Protocol (TFTP) server and set
the blksize (block size) option to a value below 504 (the default value is 512).
CVE ID: CVE-2019-5482 (Critical)
Multiple vulnerabilities have been discovered in Sympa, a mailing list manager, which can
result in local privilege escalation, Denial of Service or unauthorized access via the SOAP
API.
CVE ID: CVE-2020-9369 (High), CVE-2020-10936 (High), CVE-2020-26932 (Medium),
CVE-2020-29668 (Low)
The libpq package provides the PostgreSQL client library, which allows client programs to
connect to PostgreSQL servers. Multiple vulnerabilities have been discovered such as
reconnection can downgrade connection security settings and psql's \gset allows overwriting
specially treated variables in postgresql. An update for libpq is now available for Red Hat
Enterprise Linux 8.0 Update Services for SAP Solutions.
CVE ID: CVE-2020-25694 (High), CVE-2020-25696 (High)
A vulnerability has been discovered in the PushToWatch extension for MediaWiki. The primary
form do not implement an anti-CSRF (Cross-Site Request Forgery) token and therefore is
completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php. The
affected versions are MediaWiki through 1.35.1.
CVE ID: CVE-2020-35626
A potential Denial of Service vulnerability through malicious timestamp tags has been
discovered in PostSRSd, a Sender Rewriting Scheme (SRS) lookup table for Postfix in Debian
GNU/Linux OS. It is recommended to upgrade the postsrsd packages. CVE ID: CVE-2020-35573
A vulnerability has been discovered in influxdb, a scalable datastore for metrics, events,
and real-time analytics in Debian GNU/Linux OS. By using a JWT token with an empty shared
secret, one is able to bypass authentication in services/httpd/handler.go. It is recommended
to upgrade the influxdb packages. CVE ID: CVE-2019-20933 (Critical)
Multiple vulnerabilities have been discovered in the PEAR Archive_Tar package for handling
tar files in PHP. A remote attacker can execute arbitrary code or overwrite files. It is
recommended to upgrade the php-pear packages in Debian GNU/Linux OS. CVE ID: CVE-2020-28948 (High), CVE-2020-28949 (High)
Multiple vulnerabilities such as XML external entity (XXE), and Denial of Service have been
discovered in Apache Poi. A remote attacker can exploit these vulnerabilities to obtain
sensitive information, cause the application to enter into an infinite loop and an out of
memory exception. CVE ID: CVE-2019-12415 (Medium), CVE-2017-12626 (Medium)
Multiple vulnerabilities such as Heap-based Buffer Overflow, Out-of-bounds Read, and
Out-of-bounds Write have been discovered in Treck Inc.'s Equipment- TCP/IP. Successful
exploitation of this vulnerability may allow remote code execution and a Denial of Service
condition. The affected components of Treck TCP/IP stack Version 6.0.1.67 and prior are HTTP
Server, IPv6 & DHCPv6. The Treck TCP/IP stack may be known by other names such as Kasago
TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2, Kwiknet, or AMX.
CVE ID: CVE-2020-25066 (Critical), CVE-2020-27337 (Critical), CVE-2020-27338 (Medium)
Multiple vulnerabilities have been discovered in MediaWiki, a website engine for
collaborative work. The vulnerabilities can result in cross-site scripting or the disclosure
of hidden users. It is recommended to upgrade the mediawiki packages. CVE ID: CVE-2020-35475, CVE-2020-35477, CVE-2020-35479 (Medium), CVE-2020-35480
Multiple vulnerabilities have been discovered in curl, a command line tool for transferring
data with URL syntax and an easy-to-use client-side URL transfer library. It is recommended
to upgrade the curl packages. CVE ID: CVE-2020-8284 (Low), CVE-2020-8285 (High), CVE-2020-8286 (High)
Multiple vulnerabilities have been discovered in Red Hat OpenShift Container Storage.
Updated images are now available for Red Hat OpenShift Container Storage 4.6.0 on Red Hat
Enterprise Linux 8. The affected product is Red Hat OpenShift Container Storage 4
x86_64. CVE ID: CVE-2020-7720 (High), CVE-2020-8237 (High), CVE-2020-14040 (High),
CVE-2020-15586 (Medium), CVE-2020-16845 (High)
It has been discovered that ISC BIND is vulnerable to a Denial of Service, caused by an
assertion failure when attempting to verify a truncated response to a TSIG-signed request.
By sending a specially-crafted request, a remote authenticated attacker can exploit this
vulnerability to cause the server to exit. The affected products are AIX 7.1, 7.2 and VIOS
3.1.
CVE ID: CVE-2020-8622 (Medium)
It has been discovered that the audit forwarding mechanism for Terminal Access Controller
Access-Control System Plus (TACACS+) uses an unencrypted database variable to store
passwords. The system leaks sensitive information to authenticated users who have access to
the BIG-IP system.
It has been discovered that under certain conditions, Analytics, Visibility and Reporting
Daemon (AVRD) may generate a core file and restart on the BIG-IP system when processing
requests sent from mobile devices. This may allow an attacker to initiate a
denial-of-service (DoS) attack on the AVRD process on the BIG-IP system from a mobile device
in certain condition. CVE ID: CVE-2020-27728
Improper Authentication vulnerability has been discovered in Emerson's Equipment- Rosemount
X-STREAM Gas Analyzer. Successful exploitation of this vulnerability may allow an attacker
through a specially crafted URL to download files and obtain sensitive information. CVE ID: CVE-2020-27254 (High)
PTC Kepware LinkMaster is a Windows application linking data between OPC servers. An
Incorrect Default Permissions vulnerability has been discovered. Successful exploitation of
this vulnerability may allow a local attacker to globally overwrite the service
configuration to execute arbitrary code with NT SYSTEM privileges. The affected Kepware
LinkMaster versions are 3.0.94.0 and prior. CVE ID: CVE-2020-13535 (Critical)
Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow,
and Use After Free have been discovered in PTC's Equipment- Kepware KEPServerEX. Successful
exploitation of these vulnerabilities may lead to a server crashing, a denial-of-service
condition, data leakage or remote code execution. CVE ID: CVE-2020-27265 (Critical), CVE-2020-27263 (Critical), CVE-2020-27267 (High)
It has been discovered that when the BIG-IP ASM system processes requests with JSON payload,
an unusually large number of parameters may cause excessive CPU usage in the BIG-IP ASM bd
process. When this vulnerability is exploited, the BIG-IP ASM system may cause
denial-of-service condition. CVE ID: CVE-2020-27718
It has been discovered that BIG-IP APM virtual server processing PingAccess requests may
lead to a restart of the Traffic Management Microkernel (TMM) process. Traffic processing on
the BIG-IP system is disrupted while TMM restarts, leading to a failover event in a high
availability (HA) environment. CVE ID: CVE-2020-27723
A denial of service vulnerability has been discovered in some Huawei smartphones. Due to the
improper processing of received abnormal messages, remote attackers may exploit this
vulnerability to cause a Denial of Service (DoS) on the specific module. CVE ID: CVE-2020-9223
Netgear has released security updates to address vulnerabilities in multiple products. An
attacker may exploit some of these vulnerabilities to take control of an affected system.
IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java
Software Development Kit. Multiple vulnerabilities have been discovered in java-1.7.1-ibm.
The java-1.7.1-ibm security update is now available which upgrades IBM Java SE 7 to version
7R1 SR4-FP75. CVE ID: CVE-2020-14779 (Low), CVE-2020-14781 (Low), CVE-2020-14782 (Low),
CVE-2020-14796 (Low), CVE-2020-14797 (Low)
Memcached is a high-performance, distributed memory object caching system. A null-pointer
dereference vulnerability has been discovered in "lru mode" and "lru temp_ttl" causing
denial of service in Memcached. An update for Memcached is now available for Red Hat
OpenStack Platform 13 (Queens). The affected products are Red Hat OpenStack 13 x86_64 &
Red Hat OpenStack for IBM Power 13 ppc64le. CVE ID: CVE-2019-11596 (High)
Python-XStatic-Bootstrap-SCSS is the Bootstrap-SCSS JavaScript library packaged for
setuptools / pip. Multiple XSS vulnerabilities have been discovered in
python-XStatic-Bootstrap-SCSS. An update for python-XStatic-Bootstrap-SCSS is now available
for Red Hat OpenStack Platform 13 (Queens). CVE ID: CVE-2016-10735 (Medium), CVE-2018-14042 (Medium), CVE-2018-20676 (Medium),
CVE-2018-20677 (Medium), CVE-2019-8331 (Medium)
Python-X Static-jQuery is the jQuery javascript library packaged for Python's setup tools.
Prototype pollution in object's prototype leads to denial of service, remote code execution
or property injection in python-XStatic-jQuery. An update for python-XStatic-jQuery is now
available for Red Hat OpenStack Platform 13 (Queens). CVE ID: CVE-2019-11358 (Medium)
Multiple vulnerabilities have been discovered in Red Hat build of Thorntail. An update is
now available for Red Hat build of Thorntail. CVE ID: CVE-2020-14299 (Medium), CVE-2020-14338 (Medium), CVE-2020-14340,
CVE-2020-25638 (High), CVE-2020-25649 (High)
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR,
and Thunderbird. An attacker may exploit some of these vulnerabilities to take control of an
affected system.
Uncontrolled Resource Consumption vulnerability has been discovered in WAGO's Equipment-
750-88x and 750-352. Successful exploitation of this vulnerability may allow an attacker to
crash the device being accessed using a denial-of-service attack. CVE ID: CVE-2020-12516 (High)
A manual supply chain attack has been discovered in SolarWinds Orion Platform software. The
affected versions are SolarWinds Orion Platform software builds for versions 2019.4 HF 5 and
2020.2 with no hotfix or 2020.2 HF 1. The updates are available.
SQL Injection vulnerability has been discovered in NewPK via the title parameter to
admin\newpost.php. The affected version is NewPK 1.1. CVE ID: CVE-2020-20189
Apple has released security updates to address vulnerabilities in multiple products. An
attacker may exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that Envoy logs an incorrect downstream address because it considers
only the directly connected peer, not the information in the proxy protocol header. This
affects situations with tcp-proxy as the network filter (not HTTP filters). The affected
versions are Envoy before 1.16.1. CVE ID: CVE-2020-35470
A vulnerability has been discovered in LOGO! 8 BM (incl. SIPLUS variants). The password used
for authentication for the LOGO! Website and the LOGO! Access Tool is sent in a recoverable
format. An attacker with access to the network traffic could derive valid logins. The
affected versions are LOGO! 8 BM all versions below V8.3 CVE ID: CVE-2020-25235
It has been discovered that a malicious or poorly-implemented homeserver may inject
malformed events into a room by specifying a different room id. This can lead to a denial of
service in which future events will not be correctly sent to other servers over federation.
CVE ID: CVE-2020-26257
Multiple vulnerabilities such as Null Pointer Deference, and head-based buffer overflow have
been discovered in openexr, a set of tools to manipulate OpenEXR image files. It is
recommended to upgrade the openexr packages. CVE ID: CVE-2020-16588, CVE-2020-16589
Multiple vulnerabilities have been discovered in Medtronic's Equipment- MyCareLink (MCL)
Smart Model 25000 Patient Reader. Successful exploitation of these vulnerabilities together
may result in the attacker being able to modify or fabricate data from the implanted cardiac
device being uploaded to the CareLink Network and remotely execute code on the MCL Smart
Patient Reader device, which may allow control of a paired cardiac device. The exploitation
must be initiated within Bluetooth signal proximity of the vulnerable product. CVE ID: CVE-2020-27252 (High), CVE-2020-25187 (High), CVE-2020-25183 (High)
Cisco has released security updates to address vulnerabilities in multiple Cisco products.
An attacker may exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2020-3419 (Medium), CVE-2020-26085 (Critical)
Improper Input Validation vulnerability has been discovered in Host Engineering's Equipment-
ECOM100 Module- an Ethernet communications module for PLC systems. Successful exploitation
of this vulnerability may lead to a denial-of-service condition, forcing an operator to
manually restart the device. CVE ID: CVE-2020-25195 (High)
A denial-of-service (DoS) vulnerability has been discovered in Mitsubishi Electric's MELSEC
iQ-F series FX5U(C) CPU modules. CPU modules may allow malicious attacker to cause a DoS
condition on program execution and communication by sending specially crafted Address
Resolution Protocol (ARP) packets. CVE ID: CVE-2020-5665 (High)
It has been discovered that a cross-site scripting (XSS) vulnerability in SquirrelMail-
Webmail for nuts allows remote attackers to use malicious script content from HTML e-mail to
execute code and/or provoke a denial of service. CVE ID: CVE-2019-12970 (Medium)
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote
attacker may exploit some of these vulnerabilities to take control of an affected system.
Adobe has released security updates to address vulnerabilities in multiple products. An
attacker may exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2020-24447 (Critical), CVE-2020-24444, CVE-2020-24445 (Critical),
CVE-2020-24440 (Critical)
It has been discovered that LibTIFF decodes arbitrarily-sized JBIG into a buffer, ignoring
the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. An attacker may
be able to use specially crafted TIFF files to cause a denial of service (DoS) via
out-of-bounds writes. CVE ID: CVE-2018-18557 (High)
Multiple vulnerabilities such as out-of-bounds access, and race condition have been
discovered in Linux kernel. A locally logged-in attacker may gain unauthorized access to
resources or cause a denial-of-service (DoS) on a vulnerable system. CVE ID: CVE-2017-18344 (Medium), CVE-2017-10661 (High)
OpenSSL has released a security update to address a vulnerability affecting all versions
1.0.2 and 1.1.1 released before version 1.1.1i. An attacker may exploit this vulnerability
to cause a denial-of-service condition. CVE ID: CVE-2020-1971
FireEye has addressed an unauthorized access to their Red Team’s tools by a highly
sophisticated threat actor. Red Team tools are often used by cybersecurity organisations to
evaluate the security posture of enterprise systems. An unauthorized third-party users may
abuse these tools to take control of targeted systems.
Multiple vulnerabilities have been discovered in several vendors Equipment- uIP-Contiki-OS,
uIP-Contiki-NG, uIP, open-iscsi, picoTCP-NG, picoTCP, FNET, Nut/Net. Successful exploitation
of these vulnerabilities may allow attackers to corrupt memory, put devices into infinite
loops, access unauthorized data, and/or poison DNS cache.
SAP has released security updates to address vulnerabilities affecting multiple products. An
attacker may exploit some of these vulnerabilities to take control of an affected system.
Remote Code Execution vulnerability has been discovered in Apache Struts 2. A remote
attacker may exploit this vulnerability to take control of an affected system. The affected
versions are Struts 2.0.0 - Struts 2.5.25. It is recommended to upgrade to Struts 2.5.26 or
higher. CVE ID: CVE-2020-17530
Multiple vulnerabilities such as Unprotected Transport of Credentials, and Exposure of
Sensitive System Information to an Unauthorized Control Sphere have been discovered in GE
Imaging and Ultrasound Products of GE Healthcare. Successful exploitation of these
vulnerabilities may occur if an attacker gains access to the Healthcare Delivery
Organization’s (HDO) network. CVE ID: CVE-2020-25175 (Critical), CVE-2020-25179 (Critical)
Multiple vulnerabilities have been discovered in Schneider Electric's Equipment- Easergy
T300. The Easergy T300 is a modular platform for medium voltage and low voltage public
distribution network management. Successful exploitation of this vulnerability may allow an
attacker to obtain unauthorized access to the internal product LAN, which will result in
exposure of sensitive information, Denial of Service, and remote code execution. CVE ID: CVE-2020-7561 (Critical), CVE-2020-28215 (High), CVE-2020-28216 (High),
CVE-2020-28217 (Medium), CVE-2020-28218 (Medium)
Multiple vulnerabilities have been discovered in Schneider Electric's Equipment- Modicon
M221 Programmable Logic Controller. Modicon M221 is a Nano Programmable Logic Controller
(PLC) made to control basic automation for machines. Successful exploitation of these
vulnerabilities may allow an attacker to take control over the PLC and exposure of sensitive
information. CVE ID: CVE-2020-7565 (High), CVE-2020-7566 (High), CVE-2020-7567 (High),
CVE-2020-7568 (Low), CVE-2020-28214 (Low)
Multiple vulnerabilities have been identified in Android, a remote attacker may exploit some
of these vulnerabilities to trigger denial of service condition, elevation of privilege,
remote code execution and sensitive information disclosure on the targeted system. The
affected Android versions are 8.0, 8.1, 9, 10 & 11. Security patch levels of 2020-12-05
or later address all of these issues.
Multiple vulnerabilities have been discovered in GitLab. It is recommended to update
versions 13.6.2, 13.5.5 and 13.4.7 for GitLab Community Edition (CE) and Enterprise Edition
(EE). CVE ID: CVE-2020-26407 (Medium), CVE-2020-26408 (Medium), CVE-2020-13357 (Medium),
CVE-2020-26411 (Medium), CVE-2020-26409 (Medium)
Multiple vulnerabilities have been discovered in the IBM SDK, Java Technology Edition that
is shipped with IBM WebSphere Application Server. The affected products are WebSphere
Application Server Liberty version Continuous Delivery, WebSphere Application Server
versions 8.5 and 9.0. CVE ID: CVE-2020-14781 (Low), CVE-2020-14797 (Low)
It has been discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV
server may result in the execution of arbitrary code. In addition minidlna was susceptible
to the "CallStranger" UPnP vulnerability. It is recommended to upgrade the minidlna
packages. CVE ID: CVE-2020-12695 (High), CVE-2020-28926 (Critical)
Multiple vulnerabilities such as memory disclosure, and cache poisoning have been discovered
in Apache Traffic Server, a reverse and forward proxy server. It is recommended to upgrade
the trafficserver packages. CVE ID: CVE-2020-17508, CVE-2020-17509
It has been discovered that certain environment variables interpreted as arithmetic
expressions on startup leads to code injection vulnerability in ksh. An update for ksh is
now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. CVE ID: CVE-2019-14868 (High)
Multiple vulnerabilities have been discovered in salt. It is recommended to upgrade the salt
packages. CVE ID: CVE-2020-16846 (Critical), CVE-2020-17490 (Medium), CVE-2020-25592 (Critical)
Out-of-bounds Read vulnerability has been discovered in Mitsubishi Electric Corporation's
Equipment- GOT and Tension Controller. Successful exploitation of this vulnerability may
allow attackers to cause deterioration of communication performance or cause a
denial-of-service condition of the TCP communication functions of the products. CVE ID: CVE-2020-5675 (High)
Multiple vulnerabilities have been discovered in WECON's LeviStudioU Equipment. Successful
exploitation of these vulnerabilities may allow an attacker to execute code under the
privileges of the application and obtain sensitive information. CVE ID: CVE-2020-16243 (High), CVE-2020-25186 (Medium), CVE-2020-25199 (High)
A vulnerability has been discovered in CompactRIO-a real-time embedded industrial
controller. Incorrect permissions are set by default for an API entry-point of a specific
service, allowing a non-authenticated user to trigger a function that may reboot the device
remotely. The affected products are CompactRIO Driver versions prior to 20.5 CVE ID: CVE-2020-25191 (High)
A HTTP/2 Request header mix-up vulnerability has been discovered in Apache Tomcat. A remote
attacker may exploit this vulnerability to leak sensitive information. The affected versions
are Apache Tomcat 10.0.0-M1 to 10.0.0-M9, Apache Tomcat 9.0.0.M5 to 9.0.39 and Apache Tomcat
8.5.1 to 8.5.59. CVE ID: CVE-2020-17527
Multiple vulnerabilities have been discovered in golang-Go Toolset which provides the Go
programming language tools and libraries. An update for go-toolset-1.14-golang is now
available for Red Hat Software Collections. CVE ID: CVE-2020-28362 (High), CVE-2020-28366 (High), CVE-2020-28367 (High)
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on
the WildFly application runtime. Multiple vulnerabilities such as XML external entity, SQL
injection, and memory leak per HTTP session creation have been discovered in Red Hat JBoss
Enterprise Application Platform. An update is now available. CVE ID: CVE-2020-25649, CVE-2020-25638, CVE-2020-25644 (High)
A vulnerability has been discovered in Snapcraft- easily craft snaps in Ubuntu. An intended
access restriction may be bypassed in snaps built with Snapcraft. CVE ID: CVE-2020-27348 (Medium)
Google has released Chrome version 87.0.4280.88 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker may exploit to take control of an affected
system.
Apple has released security updates to address vulnerabilities in iCloud for Windows11.5. An
attacker may exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that Jupyter Notebook before version 6.1.5 has an Open redirect
vulnerability. A maliciously crafted link to a notebook server may redirect the browser to a
different website. It is recommended to upgrade the jupyter-notebook packages. CVE ID: CVE-2020-26215 (Medium)
Pimcore is an open source digital experience platform. It has been discovered that in
Pimcore before version 6.8.5, it is possible to modify and create website settings without
having the appropriate permissions. CVE ID: CVE-2020-26246 (High)
An SQL injection vulnerability has been discovered in Gym Management System in
manage_user.php file, GET parameter 'id' is vulnerable. CVE ID: CVE-2020-29288 (Critical)
It has been discovered that an improper buffer restrictions vulnerability in BIOS firmware
for some Intel(R) Processors may allow a privileged user to potentially enable escalation of
privilege via local access. An attacker may exploit the improper input validation in BIOS
firmware to potentially create a denial of service by way of local access. The affected
products are BIG-IP i850, i2000, i4000 series. CVE ID: CVE-2020-0591 (Medium)
Multiple vulnerabilities have been discovered in HPE HP-UX Web Server Suite running Apache
on HP-UX 11iv3. These vulnerabilities may be remotely exploited to execute code, cause
denial of service, bypass access control restrictions, disclose sensitive information, add
or modify data, cause memory corruption, or redirect a URL to an untrusted URL.
Brotli is a compression algorithm developed by Google and works best for text compression. A
buffer overflow vulnerability has been discovered in Brotli. It is recommended to upgrade
the Brotli packages. CVE ID: CVE-2020-8927 (Medium)
Multiple vulnerabilities have been discovered in various FortiGate products. An attacker may
exploit these vulnerabilities to trigger sensitive information disclosure, cross-site
scripting and bypass security restriction on the targeted system. CVE ID: CVE-2020-15937 (Medium), CVE-2019-15126 (Low), CVE-2020-9295 (Medium)
Multiple vulnerabilities such as heap-buffer-overflow, and out-of-bounds write have been
discovered in pdfresurrect-a tool for analyzing and manipulating revisions to PDF documents.
It is recommended to upgrade the pdfresurrect packages. CVE ID: CVE-2019-14934 (High), CVE-2020-20740 (High)
Node.js is a software development platform for building fast and scalable network
applications in the JavaScript programming language. Multiple vulnerabilities have been
discovered in nodejs. An update for rh-nodejs12-nodejs is now available for Red Hat Software
Collections. CVE ID: CVE-2020-7774 (High), CVE-2020-8277 (High), CVE-2020-15366 (Medium)
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application
platform solution designed for on-premise or private cloud deployments. A vulnerability has
been discovered in kubernetes whose compromised nodes can escalate to cluster level
privileges. Red Hat OpenShift Container Platform release 4.5.21 has released multiple bug
fix and security update. CVE ID: CVE-2020-8559 (Medium)
PHP is a HTML-embedded scripting language commonly used with the Apache HTTP Server.
Multiple vulnerabilities have been discovered in rh-php73-php. An update for rh-php73-php is
now available for Red Hat Software Collections.
Mozilla has released security updates to address stack overflow due to incorrect parsing of
SMTP server response codes vulnerability in Thunderbird. CVE ID: CVE-2020-26970 (High)
Multiple vulnerabilities have been discovered in Werkzeug- collection of utilities for WSGI
applications (Python 2.x). An attacker may use these issues for phishing attacks and to
access sensitive information. CVE ID: CVE-2019-14806 (High), CVE-2020-28724 (Medium)
It has been discovered that the wcsnrtombs function in musl libc has multiple bugs in
handling of destination buffer size when limiting the input character count, which can lead
to infinite loop with no forward progress or writing past the end of the destination
buffers. It is recommended to upgrade the musl packages. CVE ID: CVE-2020-28928
Xerox has released security updates for DocuShare 6.6.1, 7.0, and 7.5 to address a
vulnerability which can allow an unauthenticated attacker to obtain sensitive information.
CVE ID: CVE-2020-27177
A vulnerability has been discovered in VIPS - an image processing system, version before
8.8.2. An uninitialized variable may cause the leakage of remote server path or stack
address. It is recommended to upgrade the vips packages. CVE ID: CVE-2020-20739
SQL injection vulnerability has been discovered in hibernate-core of Red Hat Single Sign-On
7.4 standalone server when both hibernate.use_sql_comments and JPQL String literals are
used. A security update is now available for Red Hat Single Sign-On 7.4. CVE ID: CVE-2020-25638
It has been discovered that x11vnc, a VNC server allows remote access to an existing X
session. x11vnc creates shared memory segments with 0777 mode. A local attacker may exploit
this vulnerability for information disclosure, denial of service or interfer with the VNC
session of another user on the host. It is recommended to upgrade the x11vnc packages.
CVE ID: CVE-2020-29074 (High)
The lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. Multiple
vulnerabilities such as XSS injection, and javascript escaping have been discovered in lxml.
It is recommended to upgrade the lxml packages. CVE ID: CVE-2018-19787 (Medium), CVE-2020-27783
FreeRDP is a RDP client for Windows Terminal Services. It has been discovered that FreeRDP
incorrectly handled certain memory operations. A remote attacker can use these
vulnerabilities to cause FreeRDP to crash, resulting in a Denial of Service, or possibly
execute arbitrary code.
It has been discovered that ADMX, a web base module in Ericsson BSCS iX, a enterprise
billing software, is vulnerable to stored XSS via the name or description field to a
solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. This vulnerability
potentially allows full account takeover, or exploiting admins' browsers by using the beef
framework. CVE ID: CVE-2020-29145
A vulnerability has been discovered in BigBlueButton, a complete web conferencing system. A
brute-force attack may occur because an unlimited number of codes can be entered for a
meeting which is protected by an access code. The affected versions are BigBlueButton
through 2.2.29. CVE ID: CVE-2020-29042
It has been discovered that Poppler, a PDF rendering library, incorrectly handled certain
files. If a user or automated system are tricked into opening a crafted PDF file, an
attacker can cause a Denial of Service. CVE ID: CVE-2020-27778, CVE-2018-21009 (High), CVE-2019-10871 (Medium), CVE-2019-9959
(Medium), CVE-2019-13283 (High)
It has been discovered that arbitrary PHP code execution vulnerability is possible if Drupal
is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. To
mitigate this issue, prevent untrusted users from uploading .tar, .tar.gz,.bz2 or .tlz
files. CVE ID: CVE-2020-28948, CVE-2020-28949
A race condition vulnerability has been discovered in the way the spice-vdagentd daemon
handled new client connections. This flaw may allow an unprivileged local guest user to
become the active agent for spice-vdagentd, possibly resulting in a Denial of Service or
information leakage from the host. CVE ID: CVE-2020-25653
It has been discovered that osCommerce has XSS vulnerability via the authenticated user
entering the XSS payload into the title section of newsletters. The affected version is
osCommerce 2.3.4.1. CVE ID: CVE-2020-29070
It has been discovered that atftp's FTP server in Ubuntu 16.04 do not properly handler
certain input. An attacker can use this to to cause a denial of service or possibly execute
arbitrary code. CVE ID: CVE-2019-11365 (Critical), CVE-2019-11366 (Medium)
It has been discovered that igraph in Ubuntu mishandled certain malformed XML. An attacker
may use this vulnerability to cause a Denial of Service. CVE ID: CVE-2018-20349 (Medium)
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System
(DNS) protocols. Multiple vulnerabilities have been discovered in BIND. An update for BIND
is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. CVE ID: CVE-2020-8622, CVE-2020-8623, CVE-2020-8624
The Fuji V-Server Lite, all versions prior to 3.3.24.0 is vulnerable to an out-of-bounds
write which may allow an attacker to remotely execute arbitrary code. CVE ID: CVE-2020-25171 (High)
Multiple vulnerabilities have been discovered in Rockwell Automation's Equipment-
FactoryTalk Linx Version 6.11 and prior. Successful exploitation of these vulnerabilities
may allow a Denial-of-Service condition, remote code execution, or leak information that can
be used to bypass Address Space Layout Randomization (ASLR). CVE ID: CVE-2020-27253 (High), CVE-2020-27251 (Critical), CVE-2020-27255 (Medium)
It has been discovered that PDFResurrect incorrectly handled certain memory operations
during PDF summary generation. An attacker can use this to cause out-of-bounds writes,
resulting in a denial of service or arbitrary code execution. CVE ID: CVE-2020-9549 (High)
It has been discovered that IBM Resilient may allow a remote attacker to execute arbitrary
code on the system, caused by formula injection due to improper input validation. The
affected product is Resilient OnPrem version IBM Security SOAR. CVE ID: CVE-2020-4633 (Medium)
It has been discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle
snap client connections. An attacker can possibly use this to expose sensitive information.
CVE ID: CVE-2020-16123
Multiple vulnerabilities have been discovered in Ubuntu 16.04 libextractor-library used to
extract metadata from files. An attacker can possibly use these vulnerabilities to cause a
denial of service.
A command injection vulnerability has been discovered in VMware products. A malicious actor
with network access to the administrative configurator on port 8443 and a valid password for
the configurator admin account can take control of an affected system. CVE ID: CVE-2020-4006 (Critical)
Use-after-free vulnerability has been discovered in fs/block_dev.c in Linux kernel. This
vulnerability allows local users to gain privileges or cause a denial of service by
leveraging improper access to a certain error field. CVE ID: CVE-2020-15436
It has been discovered that Gitea does not prevent a git protocol path which specifies a TCP
port number and also contains newlines (with URL encoding) in ParseRemoteAddr in
modules/auth/repo_form.go. The affected versions are Gitea 0.9.99 through 1.12.x before
1.12.6. CVE ID: CVE-2020-28991
It has been discovered that Cephx authentication protocol does not verify Ceph clients
correctly and is therefore vulnerable to replay attacks in Nautilus. This vulnerability
allows an attacker with access to the Ceph cluster network to authenticate with the Ceph
service via a packet sniffer and perform actions allowed by the Ceph service. The affected
versions are Cephx authentication protocol before 15.2.6 and before 14.2.14. CVE ID: CVE-2020-25660
Multiple heap buffer overflow vulnerabilities have been discovered in CImg, a C++ toolkit to
load, save, process and display images. It is recommended to upgrade the cimg
packages. CVE ID: CVE-2020-25693
Multiple vulnerabilities have been discovered in Zabbix, a network monitoring solution. An
attacker may remotely execute code on the zabbix server, and redirect to external links
through the zabbix web frontend. It is recommended to upgrade the Zabbix packages. CVE ID: CVE-2016-10742 (Medium), CVE-2020-11800 (Critical)
It has been discovered that svm_predict_values in svm.cpp in Libsvm allows attackers to
cause a Denial of Service via a crafted model Support Vector Machine (SVM) with a large
value in the _n_support array. The affected version is Libsvm v324. CVE ID: CVE-2020-28975
It has been discovered that UNIX Symbolic Link (Symlink) following in TP-Link Archer
firmware allows an unauthenticated actor, with physical access and network access, to read
sensitive files and write to a limited set of files after plugging a crafted USB drive into
the router. CVE ID: CVE-2020-5797
A CSV injection vulnerability has been discovered in the Admin portal for Netskope which
allows an unauthenticated user to inject malicious payload in admin's portal thus leads to
compromise admin's system. The affected version is Netskope 75.0. CVE ID: CVE-2020-28845
Multiple vulnerabilities have been discovered in VMware ESXi, Workstation and Fusion. A
remote attacker can exploit some of these vulnerabilities to trigger remote code execution
& elevation of privilege . The updates are available to remediate these vulnerabilities
in affected VMware products. CVE ID: CVE-2020-4004 (Critical), CVE-2020-4005 (High)
It has been discovered that c-ares incorrectly handled certain DNS requests. An attacker can
possibly use this vulnerability to cause a Denial of Service. CVE ID: CVE-2020-8277
HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation
of user-supplied input. A remote unauthenticated attacker can exploit this vulnerability
using a specially-crafted email message to hang the client. The affected versions are HCL
Notes 9, 10 and 11. CVE ID: CVE-2020-14258
Multiple vulnerabilities have been discovered in jupyter-notebook. It is recommended to
upgrade the jupyter-notebook packages. CVE ID: CVE-2018-8768 (High), CVE-2018-19351 (Medium), CVE-2018-21030 (Medium)
A vulnerability has been discovered in BIG-IP platforms that may allow attackers to obtain
TCP sequence numbers from the BIG-IP system that can be reused in future connections with
the same source and destination port and IP numbers. CVE ID: CVE-2020-5947
Uncontrolled Resource Consumption vulnerability has been discovered in Mitsubishi Electric's
Equipment- MELSEC iQ-R series. Successful exploitation of this vulnerability can cause a
denial-of-service condition for the affected product. CVE ID: CVE-2020-5668 (High)
Command injection vulnerability has been discovered in Huawei FusionCompute product. An
authenticated, remote attacker may craft specific request to exploit this vulnerability. Due
to insufficient verification, this may be exploited to cause the attackers to obtain higher
privilege. CVE ID: CVE-2020-9116
It has been discovered that IBM Power9 processors can allow a local user to obtain sensitive
information from the data in the L1 cache under extenuating circumstances. The affected
products are AIX 7.1, 7.2 and VIOS 3.1. CVE ID: CVE-2020-4788 (Medium)
A remote code execution vulnerability has been identified in Drupal, a remote user can
exploit this vulnerability on the targeted system. The affected versions are Drupal 7, 8.8
or earlier, 8.9, 9.0. CVE ID: CVE-2020-13671
Multiple vulnerabilities have been discovered in VMware SD-WAN Orchestrator. An attacker can
exploit some of these vulnerabilities to take control of an affected system. CVE ID: CVE-2020-3984 (High), CVE-2020-3985 (High), CVE-2020-4000 (Medium),
CVE-2020-4001, CVE-2020-4002 (High), CVE-2020-4003 (Medium)
Cisco has released security updates to address vulnerabilities in multiple Cisco products.
An attacker can exploit some of these vulnerabilities to take control of an affected system.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR,
and Thunderbird. An attacker can exploit some of these vulnerabilities to take control of an
affected system.
Google has released Chrome version 87.0.4280.66 for Windows and Linux, and 87.0.4280.67 for
Mac. These versions address vulnerabilities which an attacker can exploit to take control of
an affected system.
Apple has released security updates to address vulnerabilities in iTunes 12.11 for Windows.
An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2020-10002, CVE-2020-27912, CVE-2020-27917, CVE-2020-27911,
CVE-2020-27918, CVE-2020-27895
Stack-based Buffer Overflow vulnerability has been discovered in Real Time Automation's
Equipment- 499ES EtherNet/IP (ENIP) Adaptor Source Code. Successful exploitation of the
vulnerability can cause a Denial-of-Service condition and remote code execution. CVE ID: CVE-2020-25159 (Critical)
Multiple vulnerabilities have been discovered in Paradox's Equipment- IP150. Successful
exploitation of these vulnerabilities can allow an attacker to remotely execute arbitrary
code, which may result in the termination of the physical security system. CVE ID: CVE-2020-25189 (Critical), CVE-2020-25185 (High)
Improper Authorization vulnerability has been discovered in Johnson Controls' Equipment-
American Dynamics victor Web Client, Software House C•CURE Web Client. Successful
exploitation of this vulnerability can allow an unauthenticated attacker on the network to
create and sign their own JSON web token and use it to execute an HTTP API method without
the need for valid authentication/authorization. CVE ID: CVE-2020-9049 (High)
It has been discovered that Net-SNMP has improper privilege management in EXTEND MIB which
may lead to privileged commands execution. An update for net-snmp is now available for Red
Hat Enterprise Linux 6. CVE ID: CVE-2020-15862 (High)
Two vulnerabilities in the certificate list syntax verification and in the handling of CSN
normalization have been discovered in OpenLDAP, a free implementation of the Lightweight
Directory Access Protocol. An unauthenticated remote attacker can take advantage of these
vulnerabilities to cause a denial of service via specially crafted packets. It is
recommended to upgrade the OpenLDAP packages. CVE ID: CVE-2020-25709, CVE-2020-25710
Multiple vulnerabilities have been discovered in OpenShift Container Platform 3.11
jenkins-2-plugins. The affected products are Red Hat OpenShift Container Platform 3.11
x86_64 and Platform for Power 3.11 ppc64le. An update for jenkins-2-plugins is now
available. CVE ID: CVE-2020-2252 (Medium), CVE-2020-2254 (Medium), CVE-2020-2255 (Medium)
Cisco has released security updates to address vulnerabilities in multiple Cisco products.
An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2020-27130 (Critical), CVE-2020-27125 (High), CVE-2020-27131 (High),
CVE-2020-26070 (High)
A potential vulnerability has been discovered in Micro Focus IDOL Admin. This vulnerability
can be exploited to perform Persistent XSS attack to get sensitive information like cookies
and credentials from the user's browser session. The affected versions are all Micro Focus
IDOL versions prior to version 12.7. CVE ID: CVE-2020-25833 (Medium)
It has been discovered that certain SAST CiConfiguration information can be viewed by
unauthorized users in GitLab EE. This information can be exposed through GraphQL to
non-members of public projects with repository visibility restricted as well as guest
members on private projects. CVE ID: CVE-2020-26406 (Medium)
It has been discovered that an attacker can inject malicious web code into the PrestaShop
users' web browsers by creating a malicious link. The affected version is PrestaShop 4.0.0
and this vulnerability has been fixed in PrestaShop version 4.2.0. CVE ID: CVE-2020-26225 (High)
A vulnerability has been discovered in libvncserver, an API to write one's own VNC server.
Due to some missing checks, a divide by zero can happen which can result in a Denial of
Service. It is recommended to upgrade the libvncserver packages. CVE ID: CVE-2020-25708
It has been discovered that the update functionality of the Discover Media infotainment
system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute
arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause
attacker-controlled files to be written to the infotainment system and executed as root.
CVE ID: CVE-2020-28656
It has been discovered that the WPBakery plugin for WordPress allows XSS because it calls
kses_remove_filters to disable the standard WordPress XSS protection mechanism for the
Author and Contributor roles. The affected versions are WPBakery plugin before 6.4.1. CVE ID: CVE-2020-28650 (Medium)
It has been discovered that libproxy, a library for automatic proxy configuration
management, is vulnerable to a buffer overflow vulnerability when receiving a large PAC file
from a server without a Content-Length header in the response. It is recommended to upgrade
the libproxy packages. CVE ID: CVE-2020-26154 (Critical)
Apple has released security updates to address vulnerabilities in multiple products. An
attacker can exploit some of these vulnerabilities to take control of an affected system.
A vulnerability has been discovered in Mitsubishi Electric product MELSEC iQ-R series CPU
modules. Successful exploitation of this vulnerability can cause a denial-of-service
condition for the affected products. CVE ID: CVE-2020-5666 (Medium)
The BD Alaris PC Unit and BD Alaris Systems Manager are vulnerable to a network session
authentication vulnerability. An attacker can perform a denial-of-service attack on the BD
Alaris PC Unit by modifying the configuration headers of data in transit which lead to a
drop in the wireless capability of the BD Alaris PC Unit. The affected versions are BD
Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier & BD Alaris Systems Manager,
Versions 4.33 and earlier. CVE ID: CVE-2020-25165 (Medium)
An ACL bypass vulnerability has been discovered in pacemaker, a cluster resource manager. An
attacker having a local account on the cluster and in the haclient group can use IPC
communication with various daemons directly to perform certain malicious tasks. It is
recommended to upgrade the pacemaker packages. CVE ID: CVE-2020-25654
A reflected cross-site scripting (XSS) vulnerability has been discovered in the TranzWare
Payment Gateway. A remote unauthenticated attacker can execute an arbitrary HTML code via
crafted url. CVE ID: CVE-2020-28415
Multiple vulnerabilities such as Improper Authorization, Information Exposure, OS Command
Injection, Improper Input Validation, Stack-based Buffer Overflow, Improper Check for
Unusual or Exceptional Conditions, and Information Exposure Through Log Files have been
discovered in Palo Alto PAN-OS. A remote user can exploit some of these vulnerabilities to
trigger remote code execution, obtain sensitive information and bypass security restriction
on the targeted system. CVE ID: CVE-2020-2050 (High), CVE-2020-2022 (High), CVE-2020-2000 (High),
CVE-2020-1999 (Medium), CVE-2020-2048 (Low)
It has been discovered that Xen 4.14 and earlier version don't restrict access to
power/energy monitoring interfaces which should be restricted to privileged software. The
interfaces are accessible to all guests.
Multiple vulnerabilities have been identified in Google Chrome, a remote attacker can
exploit some of these vulnerabilities to trigger remote code execution on the targeted
system. The affected Google Chrome Desktop versions are prior to 86.0.4240.198. CVE ID: CVE-2020-16013 (High), CVE-2020-16017 (High)
Improper Privilege Management vulnerability has been discovered in Schneider Electric's
Equipment- EcoStruxure Operator Terminal Expert. Successful exploitation of this
vulnerability may allow unauthorized command execution by a local user of the Windows
engineering workstation, which may result in loss of availability, confidentiality, and
integrity of the workstation where EcoStruxure Operator Terminal Expert runtime is
installed. CVE ID: CVE-2020-7544 (High)
Multiple vulnerabilities such as improper restriction of operations within the bounds of a
memory buffer, out-of-bounds write and out-of-bounds read have been discovered in Schneider
Electric's Equipment- Interactive Graphical SCADA System (IGSS). Successful exploitation of
these vulnerabilities may result in remote code execution.
Multiple vulnerabilities such as Improper Privilege Management, and OS Command Injection
have been discovered in Citrix Virtual Apps and Desktops which if exploited, result in
escalation of privilege, and remote compromise of a Windows Virtual Desktop. CVE ID: CVE-2020-8269, CVE-2020-8270
A vulnerability has been discovered in Apache OpenOffice scripting events which allows an
attacker to construct documents containing hyperlinks pointing to an executable on the
target users file system. These hyperlinks can be triggered unconditionally. CVE ID: CVE-2020-13958 (Low)
A Cross Site Scripting (XSS) vulnerability has been discovered in the Avaya Equinox
Conferencing web portal which may allow authenticated users to perform XSS attacks. The
affected versions are Avaya Equinox Conferencing 9.0 to 9.1.9. It is recommended to upgrade
to 9.1.10 or later. CVE ID: CVE-2020-7033 (Medium)
It has been discovered that NVIDIA GeForce NOW application software on Windows contains a
vulnerability in its open-source software dependency in which the OpenSSL library is
vulnerable to binary planting attacks by a local user, which may lead to code execution or
escalation of privileges. The affected versions are GeForce NOW Application all versions
prior to 2.0.25.119. CVE ID: CVE‑2020‑5992 (High)
Multiple vulnerabilities such as infinite loop in the tarfile module via crafted TAR
archive, and DoS via inefficiency in IPv{4,6}Interface classes have been discovered in
python3. An update for python3 is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2019-20907 (High), CVE-2020-14422 (Medium)
It has been discovered that mishandling of Transfer-Encoding header allows for HTTP request
smuggling in tomcat. An update for tomcat is now available for Red Hat Enterprise Linux 7.
CVE ID: CVE-2020-1935 (Medium)
Intel has released security updates to address vulnerabilities in multiple products. An
attacker can exploit these vulnerabilities to gain escalation of privileges.
SAP has released security updates to address vulnerabilities affecting multiple products. An
attacker can exploit some of these vulnerabilities to take control of an affected system.
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote
attacker can exploit some of these vulnerabilities to take control of an affected system.
Adobe has released security updates to address vulnerabilities in multiple products. An
attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2020-24441, CVE-2020-24442, CVE-2020-24443
A vulnerability has been discovered in the ingress packet processing function of Cisco IOS
XR Software for Cisco ASR 9000 Series Aggregation Services Routers that can allow an
unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected
device.
Multiple vulnerabilities have been discovered in Siemens' Equipment- UMC Stack, SIMATIC
S7-300 and S7-400 CPUs, and SCALANCE W 1750D. Successful exploitation of these
vulnerabilities can allow an attacker to cause a partial denial-of-service condition,
credential disclosure, or remote code execution. CVE ID: CVE-2020-7581 (Medium), CVE-2020-7587 (Medium), CVE-2020-7588 (Medium),
CVE-2020-15791 (Medium), CVE-2016-2031 (Critical)
Improper Check for Unusual or Exceptional Conditions vulnerability has been discovered in
Schneider Electric's Equipment- PLC Simulator for EcoStruxure Control Expert. Successful
exploitation of this vulnerability can cause a denial-of-service condition, which can result
in a failure of the EcoStruxture Control Expert Simulator. CVE ID: CVE-2020-7538 (High)
Multiple vulnerabilities such as Cross-site Scripting, and Incorrect Authorization have been
discovered in OSIsoft's Equipment- PI Vision 2020. Successful exploitation of these
vulnerabilities may allow a remote attacker with write access to the PI ProcessBook files to
inject code that is imported into PI Vision, or disclose information to a user with
insufficient privileges. CVE ID: CVE-2020-25163 (High), CVE-2020-25167 (Medium)
Numeric Errors vulnerability has been discovered in OSIsoft's Equipment- PI Interface.
Successful exploitation of this vulnerability can allow an attacker-controlled OPC XML-DA
Server to respond with a crafted XML message and exploit the PI Interface for OPC XML-DA,
resulting in code execution. CVE ID: CVE-2013-0006 (High)
The podman tool manages pods, container images, and containers. It is part of the libpod
library, which is for applications that use container pods. Container pods is a concept in
Kubernetes. Multiple vulnerabilities have been discovered in podman. An update for podman is
now available for Red Hat Enterprise Linux 7 Extras. CVE ID: CVE-2020-14040 (High), CVE-2020-14370 (Medium)
Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may
allow an authenticated user to potentially enable escalation of privilege via local access.
It is recommended to update the Intel Unite App to version 4.2.12212 or later. CVE ID: CVE-2020-12331 (High)
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR,
and Thunderbird. An attacker can exploit some of these vulnerabilities to take control of an
affected system. CVE ID: CVE-2020-26950 (Critical)
Multiple vulnerabilities such as stored XSS and remote code execution have been discovered
in moin, a Python clone of WikiWiki. It is recommended to upgrade the moin packages. CVE ID: CVE-2020-15275, CVE-2020-25074
It has been discovered that lack of input validation while handling ACL rulesets can cause
write ACL violations in Joomla!. The affected products are Joomla! CMS versions 1.7.0 -
3.9.22. It is recommended to upgrade to Joomla! version 3.9.23.
It has been discovered that a boundary check in libexif, a library to parse EXIF files, can
be optimised away by the compiler, resulting in a potential buffer overflow. It is
recommended to upgrade the libexif packages. CVE ID: CVE-2020-0452
It has been discovered that the conferencing component on Mitel ShoreTel devices can allow
an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to
insufficient validation for the time_zone object in the HOME_MEETING& page. CVE ID: CVE-2020-28351
It has been discovered that an inaccurate frame deduplication process in ChirpStack Network
Server allows a malicious gateway to perform uplink Denial of Service via malformed
frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. CVE ID: CVE-2020-28349
It has been discovered that there are two heap overflow vulnerabilities in raptor2, a set of
parsers for RDF files which is used, amongst others, in LibreOffice. It is recommended to
upgrade raptor2 packages. CVE ID: CVE-2017-18926
It has been discovered that there is a denial of service vulnerability in the MIT Kerberos
network authentication system, krb5. The lack of a limit in the ASN.1 decoder can lead to
infinite recursion and allow an attacker to overrun the stack and cause the process to
crash. It is recommended to upgrade the krb5 packages. CVE ID: CVE-2020-28196
It has been discovered that the server component of Apache Guacamole, a remote desktop
gateway, does not properly validate data received from RDP servers. This can result in
information disclosure or even the execution of arbitrary code. It is recommended to upgrade
the guacamole-server packages. CVE ID: CVE-2020-9497 (Medium), CVE-2020-9498 (Medium)
Apple has released security updates to address vulnerabilities in multiple products. An
attacker can exploit some of these vulnerabilities to take control of an affected system.
A vulnerability has been discovered in sddm packages, a modern display manager for X11. A
local attacker can take advantage of a race condition when creating the Xauthority file to
escalate privileges. It is recommended to upgrade the sddm packages. CVE ID: CVE-2020-28049
A vulnerability has been discovered in the GNOME Display Manager which if not detecting any
users may make GDM launch initial system setup and thereby permitting the creation of new
users with sudo capabilities. It is recommended to upgrade the gdm3 packages. CVE ID: CVE-2020-16125
A vulnerability has been discovered in the bouncycastle crypto library where attackers can
obtain sensitive information due to observable differences in its response to invalid input.
It is recommended to upgrade the bouncycastle packages. CVE ID: CVE-2020-26939
It has been discovered that a vulnerability in the interprocess communication (IPC) channel
of Cisco AnyConnect Secure Mobility Client Software may allow an authenticated, local
attacker to cause a targeted AnyConnect user to execute a malicious script. CVE ID: CVE-2020-3556 (High)
Multiple vulnerabilities have been discovered in Oracle Java SE, Java SE, and Eclipse OpenJ9
of DB2 Recovery Expert. The affected products are DB2 Recovery Expert for LUW 5.5, 5.5 IF 1,
5.5 IF 2, and 5.5.0.1. It is recommended to upgrade to DB2 Recovery Expert LUW 5.5.0.1 IF0.
Cisco has released security updates to address vulnerabilities in multiple Cisco products.
An attacker can exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in Linux kernel. An update for kernel is now
available for Red Hat Enterprise Linux 8. CVE ID: CVE-2020-24490, CVE-2020-25661, CVE-2020-25662
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite,
InfluxDB & OpenTSDB. Multiple vulnerabilities such as XSS, arbitrary file read, and
information disclosure have been discovered in grafana. An update for grafana is now
available for Red Hat Enterprise Linux 8.
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and
authorization solution for both traditional and cloud-based enterprise environments.
Multiple vulnerabilities have been discovered in idm:DL1 and idm:client modules. An update
for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8.
The tcpdump packages contain the tcpdump utility for monitoring network traffic. Multiple
vulnerabilities such as SMB data printing mishandled, Out of bounds read/write, Buffer
over-read, Access to uninitialized buffer, and Resource exhaustion have been discovered in
tcpdump. The affected products are Red Hat Enterprise Linux for x86_64 8 x86_64, Red Hat
Enterprise Linux for IBM z Systems 8 s390x, Red Hat Enterprise Linux for Power, little
endian 8 ppc64le and Red Hat Enterprise Linux for ARM 64 8 aarch64.
SQLite is a C library that implements an SQL database engine. Multiple vulnerabilities have
been discovered in sqlite. An update for sqlite is now available for Red Hat Enterprise
Linux 8.
GNOME is the default desktop environment of Red Hat Enterprise Linux. Multiple
vulnerabilities have been discovered in GNOME. An update for GNOME is now available for Red
Hat Enterprise Linux 8.
An exposure of sensitive information to an unauthorized actor vulnerability has been
discovered in FortiMail. This vulnerability may allow a remote, unauthenticated attacker to
obtain potentially sensitive software-version information by reading a JavaScript file. The
affected products are FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and
below, and FortiMail versions 6.4.1 and below. CVE ID: CVE-2020-15933
Multiple vulnerabilities have been discovered in wordpress. It is recommended to upgrade the
wordpress packages. CVE ID: CVE-2020-28040 (Medium), CVE-2020-28039 (Critical), CVE-2020-28038 (Medium),
CVE-2020-28037 (Critical), CVE-2020-28036 (Critical), CVE-2020-28035 (Critical),
CVE-2020-28034 (Medium), CVE-2020-28033 (High), CVE-2020-28032 (Critical)
Multiple vulnerabilities such as Deserialization of Untrusted Data, Access to Critical
Private Variable via Public Method, and Information Exposure of Sensitive Information to an
Unauthorized Actor have been discovered in ARC Informatique's Equipment- PcVue. Successful
exploitation of these vulnerabilities can allow an attacker to execute arbitrary code,
expose sensitive data, and prevent legitimate users from connecting to PcVue services.
CVE ID: CVE-2020-26867 (Critical), CVE-2020-26868 (High), CVE-2020-26869 (High)
Multiple vulnerabilities such as Improper Input Validation, and Cleartext Transmission of
Sensitive Information have been discovered in NEXCOM's Equipment- NIO 50. Successful
exploitation of these vulnerabilities can allow an attacker to view sensitive information
and cause a denial-of-service condition due to improper input validation. CVE ID: CVE-2020-25151 (Medium), CVE-2020-25155 (Medium)
Uncontrolled Resource Consumption vulnerability has been discovered in WAGO's Equipment-
750-88x and 750-352. Successful exploitation of this vulnerability can allow an attacker to
crash the device being accessed using a denial-of-service attack. CVE ID: CVE-2020-12516 (High)
Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader.
An attacker can exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that vulnerabilities exists in multiple products of BIG-IP. An
attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been identified in Android, a remote attacker can exploit some
of these vulnerabilities to trigger denial of service condition, elevation of privilege,
remote code execution and sensitive information disclosure on the targeted system. The
affected versions are Android 8.0, 8.1, 9, 10 &11.
Google has released Chrome version 86.0.4240.183 for Windows, Mac, and Linux which will roll
out over the coming days/weeks. This version addresses vulnerabilities which an attacker can
exploit to take control of an affected system. CVE ID: CVE-2020-16004 (High), CVE-2020-16005 (High), CVE-2020-16006 (High),
CVE-2020-16007 (High), CVE-2020-16008 (High), CVE-2020-16009 (High), CVE-2020-16011 (High)
A critical remote code execution vulnerability CVE-2020-14750 has been discovered in Oracle
WebLogic Server. A remote attacker can exploit this vulnerability to take control of an
affected system. The affected products and versions are Oracle WebLogic Server, versions
10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0. CVE ID: CVE-2020-14750 (Critical)
The QtSvg module contains classes for displaying the contents of SVG files. The malformed
SVG images are able to cause a segmentation fault in qtsvg-opensource-src. It is recommended
to upgrade the qtsvg-opensource-src packages. CVE ID: CVE-2018-19869 (Medium)
Multiple vulnerabilities have been discovered in the Linux kernel that may lead to the
execution of arbitrary code, privilege escalation, denial of service or information leaks.
It is recommended to upgrade the linux packages.
Multiple vulnerabilities have been discovered in cimg, a powerful image processing library.
It is recommended to upgrade the cimg packages. CVE ID: CVE-2018-7588 (High), CVE-2018-7589 (High), CVE-2018-7637 (High),
CVE-2018-7638 (High), CVE-2018-7639 (High), CVE-2018-7640 (High), CVE-2018-7641 (High),
CVE-2019-1010174 (Critical)
Multiple vulnerabilities such as Stack-based Buffer Overflow, and Improper Restriction of
XML External Entity Reference have been discovered in WECON's Equipment- LeviStudioU.
Successful exploitation of these vulnerabilities may allow an attacker to execute code under
the privileges of the application and obtain sensitive information. CVE ID: CVE-2020-16243 (High), CVE-2020-25186 (Medium)
Multiple vulnerabilities such as Improper Restriction of Operations within the Bounds of a
Memory Buffer, Session Fixation, NULL Pointer Dereference, Improper Access Control, Argument
Injection, Resource Management Errors, and Uncontrolled Resource Consumption have been
discovered in Mitsubishi Electric's Equipment- MELSEC iQ-R, Q and L Series. Successful
exploitation of these vulnerabilities by malicious attackers may result in network functions
entering a denial-of-service condition or allow malware execution, and could cause a
denial-of-service condition in the Ethernet port on the CPU module. CVE ID: CVE-2020-5653 (Critical), CVE-2020-5654 (High), CVE-2020-5655 (High),
CVE-2020-5656 (Critical), CVE-2020-5657 (High), CVE-2020-5658 (Medium), CVE-2020-5652 (High)
Multiple vulnerabilities have been discovered in Samba. An attacker could exploit these
vulnerabilities to take control of an affected system. The affected version are Samba 3.6.0,
Samba 4.0 and later. CVE ID: CVE-2020-14318 (Medium), CVE-2020-14323 (Medium), CVE-2020-14383 (Medium)
Authentication Bypass by Capture-replay and Command Injection vulnerabilities have been
discovered in JUUKO Industrial Radio Remote Control. Successful exploitation of these
vulnerabilities can allow attackers to replay commands, control the device, view commands,
and/or stop the device from running. CVE ID: CVE-2018-17932 (High), CVE-2018-19025 (High)
It has been discovered that WebSphere Application Server Admin Console can allow a remote
attacker to traverse directories on the system. An attacker can send a specially-crafted URL
request containing "dot dot" sequences (/../) to view arbitrary files on the system. The
affected versions are WebSphere Application Server 7.0, 8.0, 8.5, and 9.0. CVE ID: CVE-2020-4782 (Medium)
Red Hat Satellite is a systems management tool for Linux-based infrastructure which allows
for provisioning, remote management, and monitoring of multiple Linux deployments with a
single centralized tool. Multiple vulnerabilities have been discovered in Red Hat Satellite.
An update is now available for Red Hat Satellite 6.8 for RHEL 7.
The MariaDB is a community-developed, commercially supported fork of the MySQL Relational
Database Management System (RDBMS). Multiple vulnerabilties have been discovered in MariaDB.
An attacker can use these vulnerabilities to cause a hang or frequently repeatable crash
(denial of service). CVE ID: CVE-2020-13249, CVE-2020-15180, CVE-2020-2752, CVE-2020-2760, CVE-2020-2812,
CVE-2020-2814
Multiple vulnerabilities have been discovered in OpenJDK. An update for java-1.8.0-openjdk
is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2020-14779 (Low), CVE-2020-14781 (Low), CVE-2020-14782 (Low),
CVE-2020-14792 (Medium), CVE-2020-14796 (Low), CVE-2020-14797 (Low), CVE-2020-14803 (Medium)
Vulnerability has been discovered in the Java SE, Java SE Embedded product of Oracle Java SE
JAXP. This vulnerability allows unauthenticated attacker with network access via multiple
protocols to compromise Java SE, Java SE Embedded. The affected versions are Java SE: 7u261,
8u251, 11.0.7, 14.0.1, and Java SE Embedded: 8u251. CVE ID: CVE-2020-14621 (Medium)
kpatch-patch is a kernel live patch module which is automatically loaded by the RPM
post-install script to modify the code of a running kernel. It has been discovered that the
metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute
to be flagged as corrupt, and memory corruption in net/packet/af_packet.c leads to elevation
of privilege. An update is now available for Red Hat Enterprise Linux 8. CVE ID: CVE-2020-14385, CVE-2020-14386
Multiple vulnerabilities have been discovered in NTPv4 that affect AIX. An attacker can
exploit some of these vulnerabilities to consume all available memory resources, cause the
daemon to crash or system time change or result in a denial of service condition. The
affected products are AIX 7.1, 7.2 and VIOS 3.1 CVE ID: CVE-2020-15025 (Medium), CVE-2020-13817 (High), CVE-2020-11868 (Medium)
Fastd is a fast and secure tunnelling daemon. A receive buffer handling vulnerability has
been discovered which allows a denial of service, when receiving packets with an invalid
type code. It is recommended to upgrade the fastd packages. CVE ID: CVE-2020-27638
Multiple vulnerabilities have been discovered in phpmyadmin which can result in sensitive
information leak, XSS attack through the transformation feature & inject malicious SQL
in to a query. CVE ID: CVE-2019-19617 (Critical), CVE-2020-26934 (Medium), CVE-2020-26935
Multiple vulnerabilities have been discovered in OpenJDK Java runtime, which can result in
denial of service, information disclosure, bypass of access/sandbox restrictions or the
acceptance of untrusted certificates. It is recommended to upgrade the openjdk-11 packages.
CVE ID: CVE-2020-14779 (Low), CVE-2020-14781, CVE-2020-14782 (Low), CVE-2020-14792
(Medium), CVE-2020-14796 (Low), CVE-2020-14797 (Low), CVE-2020-14798 (Low), CVE-2020-14803
(Medium)
FreeType is a popular software development library used to render text onto bitmaps, and
provides support for other font-related operations. It has been discovered that a heap-based
buffer overflow vulnerability occurs while handling the embedded PNG bitmaps in FreeType.
Opening malformed fonts may result in denial of service or the execution of arbitrary code.
CVE ID: CVE-2020-15999
It has been discovered that FruityWifi has an unsafe Sudo configuration [(ALL : ALL)
NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege
escalation, allowing an attacker to gain complete persistent access to the local system. The
affected versions are FruityWifi through 2.4. CVE ID: CVE-2020-24848
Microsoft has released a security update to address vulnerabilities in Edge
(Chromium-based). An attacker can exploit some of these vulnerabilities to take control of
an affected system.
Multiple vulnerabilities such as cross site scripting and information disclosure have been
discovered in VMware Horizon Server and VMware Horizon Client for Windows respectively.
Successful exploitation of this issue may allow an attacker to inject malicious script which
will be executed.The affected versions are Horizon Server 7.x, 8.x and Horizon Client for
Windows 5.x and prior. CVE ID: CVE-2020-3997 (Medium), CVE-2020-3998 (Low)
NVIDIA has released a software security update for NVIDIA GeForce Experience, all versions
prior to 3.20.5.70 software. This update addresses vulnerabilities that may lead to denial
of service, escalation of privileges, code execution, or information disclosure. CVE ID: CVE‑2020‑5977 (High), CVE‑2020‑5978 (Low), CVE‑2020‑5990 (High)
B. Braun Medical Inc., develops, manufactures, and markets innovative medical products and
services. Multiple vulnerabilities have been discovered in OnlineSuite versions AP 3.0 and
earlier products. Successful exploitation of these vulnerabilities can allow an attacker to
escalate privileges, download and upload arbitrary files, and perform remote code execution.
Multiple vulnerabilities have been discovered in netty-3.9 - Asynchronous event-driven
network application framework. A remote attacker can use these vulnerabilities to extract
sensitive information. CVE ID: CVE-2019-16869 (High), CVE-2019-20444 (Critical), CVE-2019-20445 (Critical),
CVE-2020-7238 (High)
It has been discovered that libetpan - Mail Framework for C Language, incorrectly handled
STARTTLS when using IMAP, SMTP and POP3. A remote attacker can possibly use this
vulnerability to perform a response injection attack. CVE ID: CVE-2020-15953 (High)
It has been discovered that pip did not properly sanitize the filename during pip install. A
remote attacker can possible use this vulnerability to read and write arbitrary files on the
host filesystem as root, resulting in a directory traversal attack. CVE ID: CVE-2019-20916 (High)
It has been discovered that mod_auth_mellon incorrectly handled cookies, and requests. An
attacker can possibly use these vulnerabilities to cause a Cross-Site Session Transfer
attack, redirect a user to a malicious URL, or access sensitive information. CVE ID: CVE-2017-6807 (Medium), CVE-2019-3877 (Medium), CVE-2019-3878 (High)
It has been discovered that the FileImporter extension in MediaWiki do not properly
attribute various user actions to a specific user's IP address. This results in an inability
to properly audit and attribute various user actions performed via the FileImporter
extension. The affected versions are FileImporter extension in MediaWiki through 1.35.0.
CVE ID: CVE-2020-27621
Cisco has released security updates to address vulnerabilities affecting multiple products.
A remote attacker can exploit some of these vulnerabilities to take control of an affected
system.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR,
and Thunderbird. An attacker can exploit some of these vulnerabilities to take control of an
affected system.
The double-free vulnerability occur when free() is called more than once with the same
memory address as an argument. Double-free vulnerability has been discovered in BlueZ, a
suite of Bluetooth tools, utilities and daemons. A remote attacker can potentially cause a
denial of service or code execution, during service discovery, due to a redundant disconnect
MGMT event. CVE ID: CVE-2020-27153 (High)
Multiple vulnerabilities have been discovered in Tomcat. An attacker can possibly use these
vulnerabilities to cause denial of service or execute arbitrary code. CVE ID: CVE-2020-11996 (High), CVE-2020-13934 (High), CVE-2020-13935 (High),
CVE-2020-9484 (High)
Pam-python enables PAM modules to be written in Python. It has been discovered that
Pam-python mishandled certain environment variables. A local attacker can potentially use
this vulnerability to execute programs as root. CVE ID: CVE-2019-16729 (High)
Google has released Chrome version 86.0.4240.111 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker can exploit to take control of an affected
system. CVE ID: CVE-2020-16000 (High), CVE-2020-16001 (High), CVE-2020-16002 (High),
CVE-2020-15999 (High), CVE-2020-16003 (Medium)
Grunt is a JavaScript task runner/build system/maintainer tool. It has been discovered that
Grunt did not properly load yaml files. An attacker can possibly use this vulnerability to
execute arbitrary code. CVE ID: CVE-2020-7729 (High)
Oracle has released its Critical Patch Update for October 2020 to address 402
vulnerabilities across multiple products. A remote attacker can exploit some of these
vulnerabilities to take control of an affected system.
Multiple vulnerabilities in VMware ESXi, Workstation, Fusion and NSX-T were privately
reported to VMware. Updates are available to remediate these vulnerabilities in affected
VMware products. A remote attacker can exploit one of these vulnerabilities to take control
of an affected system. CVE ID: CVE-2020-3981 (High), CVE-2020-3982 (Medium), CVE-2020-3992 (Critical),
CVE-2020-3993 (High), CVE-2020-3994 (High), CVE-2020-3995 (High)
Multiple critical vulnerabilities have been discovered in various Adobe products. An
attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2020-24420, CVE-2020-24424, CVE-2020-24421, CVE-2020-9747,
CVE-2020-24416, CVE-2020-24409, CVE-2020-24414, CVE-2020-24410, CVE-2020-24411,
CVE-2020-24425, CVE-2020-9748, CVE-2020-9749, CVE-2020-9750, CVE-2020-24418, CVE-2020-24419,
CVE-2020-24423
Classic Buffer Overflow vulnerability has been discovered in Rockwell Automation's
Equipment- 1794-AENT Flex I/O Series B. Successful exploitation of these vulnerabilities can
crash the device being accessed, resulting in a buffer overflow condition that may allow
remote code execution. CVE ID: CVE-2020-6083 (High), CVE-2020-6084 (High), CVE-2020-6085 (High),
CVE-2020-6086 (High), CVE-2020-6087 (High)
Multiple vulnerabilities such as Stack-based Buffer Overflow and Improper Restriction of XML
External Entity Reference have been discovered in WECON's Equipment- LeviStudioU. Successful
exploitation of these vulnerabilities can allows an attacker to execute code under the
privileges of the application and obtain sensitive information. CVE ID: CVE-2020-16243 (High), CVE-2020-25186 (Medium)
Protection Mechanism Failure vulnerability has been discovered in Capsule Technologies'
Equipment- SmartLinx Neuron 2. Successful exploitation of this vulnerability can provide an
attacker with full control of a trusted device on a hospital’s internal network. CVE ID: CVE-2019-5024 (High)
Multiple vulnerabilities in Advanced Virtualization for RHEL 8.1.1 module provides the
user-space component for running virtual machines that use KVM in environments managed by
Red Hat products virt:8.1 and virt-devel:8.1 modules. The updates are now available for
Advanced Virtualization for RHEL 8.1.1. CVE ID: CVE-2020-14364 (Medium), CVE-2020-1983 (Medium)
Multiple vulnerabilities have been discovered in Bluetooth L2CAP & A2MP implementation
and in Bluetooth HCI event packet parser in the Linux kernel. A physically proximate remote
attacker can use this to cause a denial of service (system crash) or possibly execute
arbitrary code or expose sensitive information. CVE ID: CVE-2020-12351, CVE-2020-12352, CVE-2020-24490
It has been discovered that FlightGear can write arbitrary files if received a special nasal
script. A remote attacker can exploit this with a crafted file to execute arbitrary code.
CVE ID: CVE-2016-9956 (High)
Multiple vulnerabilities have been discovered in the Linux kernel that may lead to the
execution of arbitrary code, privilege escalation, denial of service or information leaks.
It is recommend to upgrade linux packages. CVE ID: CVE-2020-12351, CVE-2020-12352, CVE-2020-25211, CVE-2020-25643,
CVE-2020-25645
Multiple vulnerabilities have been discovered in python. An update for rh-python36-python,
rh-python36-python-pip, and rh-python36-python-virtualenv is now available for Red Hat
Software Collections. CVE ID: CVE-2019-16935 (Medium), CVE-2019-18348 (Medium), CVE-2019-20907 (High),
CVE-2019-20916 (High), CVE-2020-8492 (Medium), CVE-2020-14422 (Medium), CVE-2020-26116
(High)
Juniper Networks has released security updates to address vulnerabilities affecting multiple
products. An attacker can exploit some of these vulnerabilities to take control of an
affected system.
A remote code execution vulnerability exists in Microsoft Windows Codecs Library handles
objects in memory. An attacker who successfully exploited the vulnerability can execute
arbitrary code. CVE ID: CVE-2020-17022
SQL Injection vulnerability has been discovered in Advantech R-SeeNet Versions 1.5.1 through
2.4.10 . Successful exploitation of this vulnerability can allow remote attackers to
retrieve sensitive information from the R-SeeNet database. CVE ID: CVE-2020-25157 (High)
A remote code execution vulnerability exists in Visual Studio Code when a user is tricked
into opening a malicious 'package.json' file. An attacker who successfully exploited the
vulnerability can run arbitrary code in the context of the current user. CVE ID: CVE-2020-17023
Adobe has released security updates to address vulnerabilities affecting Magento Commerce
and Magento Open Source. An attacker can exploit some of these vulnerabilities to take
control of an affected system. CVE ID: CVE-2020-24407(Critical), CVE-2020-24400 (Critical),
CVE-2020-24402(Important), CVE-2020-24401 (Important) , CVE-2020-24404 (Important) ,
CVE-2020-24406(Moderate), CVE-2020-24408 (Important), CVE-2020-24405 (Important),
CVE-2020-24403 (Important)
Advantech WebAccess/SCADA Versions 9.0 and prior, a browser-based SCADA software package may
allow an attacker to control or influence a path used in an operation on the filesystem and
remotely execute code as an administrator. CVE ID: CVE-2020-25161 (High)
Multiple vulnerabilities have been discovered in Wibu-Systems AG's Equipment- CodeMeter
versions prior to 7.10a, 6.81 & 6.90 . Successful exploitation of these vulnerabilities
can allow an attacker to alter and forge a license file, cause a denial-of-service
condition, potentially attain remote code execution, read heap data, and prevent normal
operation of third-party software dependent on the CodeMeter. CVE ID: CVE-2020-14509 (Critical), CVE-2020-14517 (Critical), CVE-2020-14519 (High),
CVE-2020-14513 (High), CVE-2020-14515 (High), CVE-2020-16233 (High)
It has been discovered that the Juniper Device Manager (JDM) container, used by the
disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores
password hashes in the world-readable file /etc/passwd. This may allow an attacker to steal
password hashes stored on the system. The affected Juniper Networks Junos OS on NFX350 are
19.4 versions prior to 19.4R3 & 20.1 versions prior to 20.1R1-S4, 20.1R2. CVE ID: CVE-2020-1669 (Medium)
SAP has released security updates to address vulnerabilities affecting multiple products. An
attacker can exploit some of these vulnerabilities to take control of an affected system.
The product BIG-IP version 11.x,12.x,13.x,14.x,15.x & 16.x, OpenSSH Client sessions is
vulnerable to a man-in-the-middle attack. CVE ID: CVE-2020-14145 (Medium)
Out-of-bounds Read vulnerability has been discovered in LCDS' Equipment- LAquis SCADA.
Successful exploitation of this vulnerability can allow an attacker to execute code under
the privileges of the application. CVE ID: CVE-2020-25188 (High)
Untrusted Search Path vulnerability has been discovered in Flexera's Equipment-
InstallShield. Successful exploitation of this vulnerability can allow execution of a
malicious DLL. CVE ID: CVE-2016-2542 (High)
Stack-based Buffer Overflow vulnerability has been discovered in Fieldcomm Group's
Equipment- HARP-IP Developer kit Release 1.0.0.0 and hipserver Release 3.6.1. Successful
exploitation of this vulnerability can crash the device being accessed or a buffer overflow
condition may allow remote code execution. CVE ID: CVE-2020-16209 (Critical)
Multiple vulnerabilities have been discovered in multiple products of Siemens. A remote
attacker can exploit some of these vulnerabilities to take control of an affected system.
A remote code execution vulnerability exists when the Windows TCP/IP stack improperly
handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this
vulnerability can gain the ability to execute code on the target server or client. CVE ID: CVE-2020-16898
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote
attacker can exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in OpenShift Container Platform 4.4.27
openshift-jenkins-2-container which can lead to information disclosure & cross-site
scripting. An update for openshift-jenkins-2-container is now available. CVE ID: CVE-2020-2231(Medium), CVE-2020-2230(Medium), CVE-2020-2229 (Medium),
CVE-2019-17638 (Critical)
A vulnerability has been discovered in dom4j - Flexible XML framework for Java. If
incorrectly handled reading XML data. A remote attacker can exploit this with a crafted XML
file to expose sensitive data or possibly execute arbitrary code. CVE ID: CVE-2020-10683 (Critical)
Adobe has released security updates for Adobe Flash Player for Windows, macOS,Linux and
Chrome OS. These updates address a critical vulnerability in Adobe Flash Player. Successful
exploitation can lead to an exploitable crash,potentially resulting in arbitrary code
execution in the context of the current user. CVE ID: CVE-2020-9746 (High)
A vulnerability has been discovered in the kernel of Red Hat Enterprise Linux Server 7. An
update for kernel is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.
CVE ID: CVE-2019-19527 (Medium)
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on
the WildFly application runtime. Multiple Vulnerabilities have been discovered in Red Hat
JBoss Enterprise Application Platform 7.3.3 which allows Denial of Service, Provide
Misleading Information, Access Confidential Data. CVE ID: CVE-2020-14299 (Critical), CVE-2020-14338 ( Medium ), CVE-2020-14340 ,
CVE-2020-1954 (Medium).
A Vulnerability has been discovered in Siemens SIMATIC S7-300 S7-400 CPUs, which can allows
to access confidential data. The authentication protocol between a client and a PLC via port
102/tcp insufficiently protects the transmitted password. This can allow an attacker to
intercept the network traffic to obtain valid PLC credentials. CVE ID: CVE-2020-15791(Medium)
Improper Authentication vulnerability has been discovered in Hitachi ABB Power Grids'
Equipment- XMC20 Multiservice-Multiplexer. Successful exploitation of this vulnerability can
allow an attacker to remotely take control of the product. CVE ID: CVE-2018-10933 (Critical)
In Apache Tomcat HTTP/2 Request mix-up, it has been discovered that if an HTTP/2 client
exceeded the agreed maximum number of concurrent streams for a connection (in violation of
the HTTP/2 protocol), it is possible that a subsequent request made on that connection could
contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than
the intended headers. This could lead to users seeing responses for unexpected
resources. CVE ID: CVE-2020-13943
Multiple vulnerabilities have been discovered in the SUSE Linux Enterprise 15 SP2 kernel.
The updates have been issued for various security and bug fixes. CVE ID: CVE-2020-26088 (Medium), CVE-2020-25284 (Medium), CVE-2020-14390 (Medium),
CVE-2020-14385 (Medium), CVE-2020-2521, CVE-2020-0432 (High), CVE-2020-0431 (High),
CVE-2020-0427 (Medium), CVE-2020-0404 (High).
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure
vulnerability through log files. Security update has been released to fix this
vulnerability. CVE ID: CVE-2020-15095 (Medium)
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker
being able to compute the pre-master secret in connections which have used a Diffie-Hellman
(DH) based ciphersuite. Successful exploitation may allow an attacker to eavesdrop on all
encrypted communications sent over that TLS connection. Security updates has been released
to fixed this in OpenSSL. CVE ID: CVE-2020-1968 (Low)
A vulnerability has been discovered in httpcomponents-client, a Java library for building
HTTP-aware applications that can misinterpret a malformed authority component in request
URIs passed to the library as java.net.URI object and pick the wrong target host for request
execution. CVE ID: CVE-2020-13956
A vulnerability has been discovered in Eclipse Web Tools Platform, a component of the
Eclipse IDE, XML and DTD files referring to external entities. It can be exploited to send
the contents of local files to a remote server when edited or validated, even when external
entity resolution is disabled in the user preferences. CVE ID: CVE-2019-17637 (High)
A potential Cross-Site Scripting (XSS) vulnerability has been discovered in rails, a ruby
based MVC framework. Views that allow the user to control the default value of the `t` and
`translate` helpers can be susceptible to XSS attacks. When an HTML-unsafe string is passed
as the default for a missing translation key named html or ending in _html, the default
string is incorrectly marked as HTML-safe and not escaped. CVE ID: CVE-2020-15169 (Medium)
A vulnerability has been discovered in IBM DB2 for Linux, UNIX and Windows (includes DB2
Connect Server) which can allow an unauthenticated attacker to cause a denial of service due
to a hang in the execution of a terminate command. CVE ID: CVE-2020-4420 (High)
Multiple vulnerabilities have been discovered in MOXA's Equipment- NPort IAW5000A-I/O Series
Serial Device Servers. Successful exploitation of these vulnerabilities can allow an
attacker to gain access to and hijack a session, allow an attacker with user privileges to
perform requests with administrative privileges, allow the use of weak passwords, allow
credentials of third-party services to be transmitted in cleartext, allow the use of brute
force to bypass authentication on an SSH/Telnet session and allow access to sensitive
information without proper authorization. CVE ID: CVE-2020-25198 (High), CVE-2020-25194 (High), CVE-2020-25153 (Critical),
CVE-2020-25190 (High), CVE-2020-25196 (Critical), CVE-2020-25192 (Medium)
Johnson Controls has confirmed an arbitrary file deletion vulnerability with all versions of
victor Web Client. The vulnerability can allow a remote unauthenticated attacker to delete
arbitrary files on the system or render the system unusable by conducting a Denial of
Service attack. CVE ID: CVE-2020-9048 (High)
An uncontrolled resource consumption vulnerability has been discovered in Mitsubishi
Electric's MELSEC iQ-R Series equipment when it gets some specially crafted packets from an
attacker. Successful exploitation of this vulnerability could result in a denial-of-service
condition. CVE ID: CVE-2020-16850
Go Toolset provides the Go programming language tools and libraries. An update for
go-toolset-1.13 and go-toolset-1.13-golang is now available for Red Hat Developer Tools
which fixes multiple vulnerabilities. CVE ID: CVE-2020-16845 (High), CVE-2020-15586 (Medium), CVE-2020-14040 (High)
Red Hat AMQ Interconnect is a component of the AMQ 7 product family. Red Hat AMQ
Interconnect 1.9.0 has released packages available for A-MQ Interconnect that includes
security and bug fixes, and enhancements. CVE ID: CVE-2020-11023 (Medium) , CVE-2020-11022 (Medium), CVE-2020-7656 (Medium)
Multiple vulnerabilities have been discovered in golang-go.crypto package. It is recommended
to upgrade to latest release. CVE ID: CVE-2020-9283 (High) , CVE-2019-11841 (Medium), CVE-2019-11840 (Medium)
Apache ActiveMQ, a Java message broker, uses LocateRegistry.createRegistry() to create the
JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to
the registry without authentication and call the rebind method to rebind jmxrmi to something
else. If an attacker creates another server to proxy the original, and bound that, he
effectively becomes a man in the middle and is able to intercept the credentials when an
user connects. It is recommended to upgrade the activemq packages. CVE ID: CVE-2020-13920 (Medium)
Multiple vulnerabilities have been identified in IBM Security Access Manager and IBM
Security Verify Access products which can allow an attacker to obtain sensitive information
using timing side channel attacks which can lead to further attacks against the
system. CVE ID: CVE-2020-4699, CVE-2020-4661, CVE-2020-4660
The update for hexchat fixes a vulnerability that implies a directory traversal possibility
if a user can be convinced to connect to a server with a hostname with ".." in its
name. CVE ID: CVE-2016-2087 (High)
Multiple vulnerabilities like NullPointerException in - DerValue.equals(DerValue),
NegativeArraySizeException in - sun.security.util.DerInputStream.getUnalignedBitString(),
Less Affine Transformations etc. have been discovered in Java-1_7_0-openjdk . The update for
java-1_7_0-openjdk fixes the issues. CVE ID: CVE-2020-14621 (Medium), CVE-2020-14593 (High), CVE-2020-14583 (High),
CVE-2020-14581 (Low), CVE-2020-14579 (Low), CVE-2020-14578 (Low), CVE-2020-14577 (Low)
Cross-Site Scripting vulnerability has been discovered in the web-based management interface
of Cisco Firepower Management Center that could allow an authenticated, remote attacker to
conduct a cross-site scripting (XSS) attack against a user of the web-based management
interface of an affected device. CVE ID: CVE-2020-3320 (Medium)
Sympa, a modern mailing list manager, allows privilege escalation through setuid wrappers
which can allow a local attacker to obtain root access. It is recommended to upgrade the
sympa packages. CVE ID: CVE-2020-10936 (High)
Multiple vulnerabilities such as such as OOB access, denial of service, buffer overflow and
out-of-bounds read/write have been discovered in Qemu. It is recommended to upgrade the qemu
packages. CVE ID: CVE-2020-24352 , CVE-2020-16092 (Low) , CVE-2020-15863 (High) ,
CVE-2020-14364 (Medium)
Multiple vulnerabilities such as Remote Code Execution, Denial of Service, and Disclosure of
Sensitive Information have been identified in Integrated Lights-Out 4 (iLO 4) firmware for
Moonshot and Edgeline cartridges and blades, and Moonshot iLO Chassis Manager
firmware. CVE ID: CVE-2020-11914 (Medium), CVE-2020-11912 (Medium), CVE-2020-11911 (Medium),
CVE-2020-11907 (Medium), CVE-2020-11906 (Medium), CVE-2020-11900 (High), CVE-2020-11898
(Critical), CVE-2020-11896 (Critical)
An unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP)
prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via
execution and from a compromised folder. This issue may result in files not being encrypted
when a policy is triggered. CVE ID: CVE-2020-7316 (Medium)
Multiple vulnerabilities have been discovered in Thunderbird, which may lead to the
execution of arbitrary code or denial of service. CVE ID: CVE-2020-15678 (High), CVE-2020-15677 (Medium), CVE-2020-15676 (Medium),
CVE-2020-15673 (High)
A vulnerability has been discovered in tigernvc, a Virtual Network Computing client and
server implementation. The viewer implementation mishandles TLS certificate exceptions,
storing the certificates as authorities, meaning that the owner of a certificate can
impersonate any server after a client has added an exception. CVE ID: CVE-2020-26117
It has been discovered that Spice incorrectly handled QUIC image decoding. A remote attacker
can use this to cause Spice to crash, resulting in a denial of service or possibly execute
arbitrary code. CVE ID: CVE-2020-14355
A vulnerability has been discovered in PHP, a server-side, HTML-embedded scripting language.
When PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This
may lead to cookies with prefixes like __Host confused with cookies that decode to such
prefix, thus leading to an attacker being able to forge a cookie which is supposed to be
secure. CVE ID: CVE-2020-7070 (Medium)
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
Multiple vulnerabilities such as amplification of an incoming query into a large number of
queries directed to a target and infinite loop via malformed DNS answers received from
upstream servers have been detected. An update for unbound is now available for Red Hat
Enterprise Linux 7.7. CVE ID: CVE-2020-12663 (High) , CVE-2020-12662 (High)
Multiple vulnerabilities have been identified in Red Hat Container Native Virtualization 2.4
for RHEL 8 x86_64 & 7 x86_64. Red Hat OpenShift Virtualization release 2.4.2 is
available with updates to packages and images that fix all bugs and add enhancements. CVE ID: CVE-2019-11756 (High), CVE-2019-17006, CVE-2019-17023 (Medium),
CVE-2020-12402 (Medium), CVE-2020-12825 (High), CVE-2020-14352 (High), CVE-2020-14365
(High), CVE-2020-15586 (Medium), CVE-2020-16845 (High)
Multiple vulnerabilities such as NULL profile dereference in dbi_profile ,memory corruption
and stack corruption have been discovered in Perl-DBI. It is recommended to update the
Perl-DBI packages. CVE ID: CVE-2019-20919 (Medium) , CVE-2013-7491 (Medium) , CVE-2013-7490 (Medium)
Multiple vulnerabilities have been discovered in OpenSSH and OpenSSL shipped with IBM
Security Access Manager Appliance. OpenSSH & OpenSSL can allow a remote attacker to
obtain sensitive information. Affected Products and Versions are IBM Security Access Manage
7.0 & 8.0. CVE ID: CVE-2019-1559 (Medium) , CVE-2018-15473 (Medium)
It has been discovered that OpenConnect has a buffer overflow when a malicious server uses
HTTP chunked encoding with crafted chunk sizes. An attacker can use it to provoke a Denial
of Service attack. CVE ID: CVE-2019-16239 (Critical)
Multiple vulnerabilities have been discovered in Apache Tika. It can have excessive memory
usage by using a crafted or corrupt PSD file. An attacker can use it to cause a Denial of
Service attack. CVE ID: CVE-2020-1951 (Medium), CVE-2020-1950 (Medium)
It has been discovered that OpenDMARC is prone to a signature-bypass vulnerability with
multiple "From:" addresses. An attacker can use it to bypass spam and abuse filters. CVE ID: CVE-2019-16378 (Critical)
Multiple vulnerabilities have been discovered in Android devices. Security patches have been
issued. The most severe of these issues is a high security vulnerability in the System
component that can enable a remote attacker using a specially crafted transmission to gain
access to additional permissions.
Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped
with IBM WebSphere Service Registry and Repository. Affected products and versions are
WebSphere Service Registry and Repository V8.5 & V9.0 and WebSphere Application Server
V8.5.5 & V8.0. CVE ID: CVE-2020-4629 (Low), CVE-2020-4576
MariaDB is a multi-user, multi-threaded SQL database server. Multiple vulnerabilities have
been identified in rh-mariadb102-mariadb and rh-mariadb102-galera. An update for
rh-mariadb102-mariadb and rh-mariadb102-galera has been rolled out for Red Hat Software
Collections.
The jackson-databind package provides general data-binding functionality for Jackson, which
works on top of Jackson core streaming API. FasterXML jackson-databind 2.x before 2.9.10.6
mishandles the interaction between serialization gadgets and typing, related to
com.pastdev.httpcomponents.configuration.JndiConfiguration. An update for
rh-maven35-jackson-databind has been rolled out for Red Hat Software Collections. CVE ID: CVE-2020-24750 (High)
An update for cockpit-ovirt, imgbased, redhat-release-virtualization-host, and
redhat-virtualization-host has been rolled out for Red Hat Virtualization 4 for Red Hat
Enterprise Linux 8. This update has been rated as having a security impact of Important by
Red Hat Product Security. CVE ID: CVE-2020-14364 (Medium), CVE-2020-10713 (High)
The urllib3 is a powerful, user-friendly HTTP client for Python. It has been discovered that
urllib3 incorrectly handled certain character sequences. A remote attacker can possibly use
this issue to perform Carriage Return Line Feed (CRLF) injection. CVE ID: CVE-2020-26137
It has been discovered that Yaws does not properly sanitize XML input and mishandled certain
input when running CGI scripts. A remote attacker can use these vulnerabilities to execute
an XML External Entity (XXE) injection attack and to execute arbitrary commands
respectively. CVE ID: CVE-2020-24916 (Critical), CVE-2020-24379 (Critical)
A vulnerability has been identified in Brotli a lossless compression algorithm and format,
if incorrectly handled certain inputs an attacker can possibly use this issue to cause a
crash. CVE ID: CVE-2020-8927 (Medium)
Rack-cors provides support for Cross-Origin Resource Sharing (CORS) for Rack compatible web
applications. It has been discovered that rack-cors does not properly handle relative file
paths. An attacker can use this vulnerability to access arbitrary files. CVE ID: CVE-2019-18978 (Medium)
The Cyrus IMAP Server can execute arbitrary code via a crafted HTTP PUT operation for an
event with a long iCalendar property name and allow users to create any mailbox with
administrative privileges. An attacker can use these vulnerabilities to cause a crash or
possibly execute arbitrary code and obtain sensitive information respectively. CVE ID: CVE-2019-19783 (Medium), CVE-2019-11356 (Critical)
A potential security vulnerability has been identified in HPE IP Console Switch G2 4x1Ex32.
The vulnerability can be remotely exploited to allow Stored XSS, code injection. CVE ID: CVE-2020-24627, CVE-2020-24628
Multiple vulnerabilities have been discovered in the Xen hypervisor, which can result in
denial of service, guest-to-host privilege escalation or information leaks. CVE ID: CVE-2020-25595 (High), CVE-2020-25596 (Medium), CVE-2020-25597 (Medium),
CVE-2020-25599 (High), CVE-2020-25600 (Medium), CVE-2020-25601 (Medium), CVE-2020-25602
(Medium), CVE-2020-25603 (High), CVE-2020-25604 (Medium).
It has been discovered that SNMP Trap Translator (SNMPTT) does not drop privileges as
configured and does not properly escape shell commands in certain functions. A remote
attacker, by sending a malicious crafted SNMP trap, can possibly execute arbitrary shell
code with the privileges of the process or cause a Denial of Service condition. CVE ID: CVE-2020-24361 (Critical)
Multiple vulnerabilities such as Buffer Access with Incorrect Length Value, Inadequate
Encryption Strength, Origin Validation Error, Improper Input Validation, Improper
Verification of Cryptographic Signature and Improper Resource Shutdown or Release have been
discovered in Wibu-Systems AG’s CodeMeter Equipment. Successful exploitation of these
vulnerabilities can allow an attacker to alter and forge a license file, cause a
denial-of-service condition, potentially attain remote code execution, read heap data, and
prevent normal operation of third-party software dependent on the CodeMeter. CVE ID: CVE-2020-14509 (Critical), CVE-2020-14519 (High), CVE-2020-14517 (Critical),
CVE-2020-16233 (High), CVE-2020-14513 (High), CVE-2020-14515 (High)
An information exposure vulnerability has been Identified in IBM WebSphere Application
Server shipped with IBM Security Access Manager for Enterprise Single Sign-On. The affected
versions are IBM Security Access Manager for Enterprise Single Sign-On 8.2.0, 8.2.1, 8.2.2.
CVE ID: CVE-2020-4576 (Medium)
It has been discovered that an incomplete cleanup from specific special register read
operations in some Intel(R) Processors may allow an authenticated user to potentially enable
information disclosure via local access. CVE ID: CVE-2020-0543 (Medium)
Multiple Vulnerabilities such as SQL Injection, Cross-site Request Forgery and Command
Injection have been discovered in MB connect line’s Equipment- mymbCONNECT24, mbCONNECT24.
Successful exploitation of these vulnerabilities can allow a remote attacker to gain
unauthorized access to arbitrary information or allow remote code execution. CVE ID: CVE-2020-24569, CVE-2020-24568, CVE-2020-24570
ruby-gon is a ruby library to send data to JavaScript from a Ruby application. It has been
discovered that Gon gem does not properly escape certain input. An attacker can use this
vulnerability to execute a cross-site scripting (XSS) attack. CVE ID: CVE-2020-25739 (Medium)
It has been discovered that crafted custom field name may be used to inject HTML into
bug_actiongroup_page in MantisBT. The affected versions are MantisBT before 2.24.3. CVE ID: CVE-2020-25830
It has been discovered that the Netlogon protocol implemented by Samba incorrectly handled
the authentication scheme. A remote attacker can use this issue to forge an authentication
token and steal the credentials of the domain admin. CVE ID: CVE-2020-1472 (Critical)
libapreq2 is a safe, standards-compliant, high-performance library used for parsing HTTP
cookies, query-strings and POST data. It has been discovered that libapreq2 did not properly
sanitize the Content-Type field in certain, crafted HTTP requests. An attacker can use this
vulnerability to cause libapreq2 to crash. CVE ID: CVE-2019-12412
Kramdown is a fast, pure-Ruby Markdown-superset converter for ruby library. It has been
discovered that kramdown insecurely handled certain crafted input. An attacker can use this
vulnerability to read restricted files or execute arbitrary code. CVE ID: CVE-2020-14001 (Critical)
It has been discovered that WebSphere Application Server is vulnerable to an information
disclosure vulnerability. IBM WebSphere Application Server traditional can allow a remote
attacker to obtain sensitive information with a specially-crafted sequence of serialized
objects. The affected versions are WebSphere Application Server 7.0, 8.0, 8.5, and
9.0. CVE ID: CVE-2020-4576
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application
platform solution designed for on-premise or private cloud deployments. Birthday attack
against 64-bit block ciphers has been discovered in SSL/TLS. An update for
openshift-enterprise-console-container is now available for Red Hat OpenShift Container
Platform 4.5. CVE ID: CVE-2016-2183 (High)
A potential HTTP request smuggling vulnerability has been discovered in WEBrick. This may
lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may
allow the attacker to “smuggle” a request. CVE ID: CVE-2020-25613
The cloud-init packages provide a set of init scripts for cloud instances. Multiple
vulnerabilities have been discovered in cloud-init. An update for cloud-init is now
available for Red Hat Enterprise Linux 7. CVE ID: CVE-2020-8631 (Medium), CVE-2020-8632 (Medium), CVE-2018-10896 (High)
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and
DHCP (Dynamic Host Configuration Protocol) server. A memory leak vulnerability has been
discovered in the create_helper() function in /src/helper.c. An update for dnsmasq is now
available for Red Hat Enterprise Linux 7. CVE ID: CVE-2019-14834 (Low)
Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide
fast access to the graphics frame buffer and audio device. Multiple vulnerabilities have
been discovered in SDL. An update for SDL is now available for Red Hat Enterprise Linux 7.
Multiple vulnerabilities such as Path Traversal, Uncontrolled Resource Consumption,
Information Exposure, Improper Authentication, and Information Disclosure have been
discovered in B&R Industrial Automation GmbH's Equipment- SiteManager and GateManager.
Successful exploitation of these vulnerabilities can allow for arbitrary information
disclosure, manipulation, and a denial-of-service condition. CVE ID: CVE-2020-11641 (High), CVE-2020-11642 (High), CVE-2020-11643 (Medium),
CVE-2020-11644 (Medium), CVE-2020-11645 (Medium), CVE-2020-11646 (Medium)
The libexif packages provide a library for extracting extra information from image files.
Multiple vulnerabilities have been discovered in libexif. An update for libexif is now
available for Red Hat Enterprise Linux 7. CVE ID: CVE-2019-9278 (High), CVE-2020-0093 (Medium), CVE-2020-13113 (High),
CVE-2020-13114 (High), CVE-2020-0182 (Medium), CVE-2020-12767 (Medium)
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the
Apache license. Multiple vulnerabilities have been discovered in freerdp. An update for
freerdp is now available for Red Hat Enterprise Linux 7.
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with
MySQL. Multiple vulnerabilities such as Optimizer unspecified, C API unspecified, DML
unspecified, and Stored Procedure unspecified have been discovered in mysql of MariaDB. An
update for mariadb is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2019-2974 (Medium), CVE-2020-2752 (Medium), CVE-2020-2780 (Medium),
CVE-2020-2812 (Medium), CVE-2020-2574 (Medium)
libxslt is a library for transforming XML files into other textual formats using the
standard XSLT stylesheet transformation mechanism. It has been discovered that xsltCheckRead
and xsltCheckWrite routines security bypass by crafted URL and use after free vulnerability
exits in xsltCopyText in transform.c can lead to information disclosure. An update for
libxslt is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2019-11068 (Critical), CVE-2019-18197 (High)
The libvirt library contains a C API for managing and interacting with the virtualization
capabilities of Linux and other operating systems. Multiple vulnerabilities such as
potential DoS by holding a monitor job while querying QEMU guest-agent, and potential denial
of service via active pool without target path have been discovered in libvirt. An update
for libvirt is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2019-20485 (Medium), CVE-2020-10703 (Medium)
The exiv2 packages provide a command line utility which can display and manipulate image
metadata such as EXIF, LPTC, and JPEG comments. An out-of-bounds read vulnerability in
CiffDirectory::readDirectory due to lack of size check has been discovered in exiv2. An
update for exiv2 is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2019-17402 (Medium)
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In
User Service (RADIUS) server, designed to allow centralized authentication and authorization
for a network. Multiple vulnerabilities such as privilege escalation, Information leak, and
DoS have been discovered in freeradius. An update for freeradius is now available for Red
Hat Enterprise Linux 7.
GLib provides the core application building blocks for libraries and applications written in
C. It has been discovered that file_copy_fallback in gio/gfile.c in GNOME GLib does not
properly restrict file permissions while a copy operation is in progress and missing
authorization allows local attacker to access the input bus of another user. An update for
glib2 and ibus is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2019-12450 (Critical), CVE-2019-14822 (High)
Subversion (SVN) is a concurrent version control system which enables one or more users to
collaborate in developing and maintaining a hierarchy of files and directories while keeping
a history of all changes. A remotely triggerable DoS vulnerability has been discovered in
svnserve 'get-deleted-rev'. An update for subversion is now available for Red Hat Enterprise
Linux 7. CVE ID: CVE-2018-11782 (Medium)
It has been discovered that libuv incorrectly handled certain paths. An attacker can
possibly use this vulnerability to cause a crash or execute arbitrary code. CVE ID: CVE-2020-8252
It has been discovered that IBM Cloud Private is vulnerable to Kubernetes vulnerabilities.
The affected versions are IBM Cloud Private 3.2.1 CD and 3.2.2 CD. CVE ID: CVE-2020-8557 (Medium), CVE-2020-8559 (Medium)
Multiple vulnerabilities have been discovered in the Perl5 Database Interface (DBI). An
attacker can trigger a denial-of-service (DoS) and possibly execute arbitrary code. It is
recommended to upgrade the libdbi-perl packages. CVE ID: CVE-2019-20919 (Medium), CVE-2020-14392 (Medium), CVE-2020-14393 (High)
Multiple vulnerabilities have been discovered in the Linux kernel that may lead to privilege
escalation, denial of service, or information leak. It is recommended to upgrade the
linux-4.19 packages.
Multiple vulnerabilities have been discovered in qt4-x11, the legacy version of the Qt
toolkit. It is recommended to upgrade the qt4-x11 packages. CVE ID: CVE-2018-15518 (High), CVE-2018-19869 (Medium), CVE-2018-19870 (High),
CVE-2018-19871 (Medium), CVE-2018-19872 (Medium), CVE-2018-19873 (Critical), CVE-2020-17507
(Medium)
libpgf is a Progressive Graphics File (PGF) library. It has been discovered that libPGF
lacked proper validation when opening a specially crafted PGF file. An attacker can possibly
use this vulnerability to cause a denial of service. CVE ID: CVE-2015-6673 (Critical)
Teeworlds is an online multi-player platform 2D shooter. It has been discovered that
Teeworlds server does not properly handle certain network traffic. A remote, unauthenticated
attacker can use this vulnerability to cause Teeworlds server to crash. CVE ID: CVE-2020-12066 (High)
It has been discovered that Squid incorrectly handled certain Content-Length headers,
incorrectly validated certain data and incorrectly handled certain Cache Digest response
messages sent by trusted peers. A remote attacker can possibly use these vulnerabilities to
perform an HTTP request smuggling and splitting attack, resulting in cache poisoning and
causes Squid to consume resources, resulting in a denial of service. CVE ID: CVE-2020-15049 (High), CVE-2020-15810 (Medium), CVE-2020-15811 (Medium),
CVE-2020-24606 (High)
It has been discovered that DPDK incorrectly handled vhost crypto. An attacker inside a
guest can use these issues to perform multiple attacks, including denial of service attacks,
obtaining sensitive information from the host, and possibly executing arbitrary code on the
host. CVE ID: CVE-2020-14374, CVE-2020-14375, CVE-2020-14376, CVE-2020-14377,
CVE-2020-14378
It has been discovered that the LibVNCClient vendored in SSVNC incorrectly handled certain
packet lengths. A remote attacker can possibly use this issue to obtain sensitive
information, cause a denial of service, or execute arbitrary code. CVE ID: CVE-2018-20020 (Critical), CVE-2018-20021 (High), CVE-2018-20022 (High),
CVE-2018-2024 (High)
Multiple vulnerabilities have been discovered in iTALC. A remote attacker can exploit these
vulnerabilities to expose and obtain sensitive information, cause a denial of service, or
execute arbitrary code. CVE ID: CVE-2019-15681 (High), CVE-2018-15127 (Critial), CVE-2018-20019 (Critical),
CVE-2018-20020 (Critical), CVE-2018-20021 (High), CVE-2018-20022 (High), CVE-2018-20023
(High), CVE-2018-20024 (High), CVE-2018-20748 (Critical), CVE-2018-20749 (Critical),
CVE-2018-20750 (Critical), CVE-2018-7225 (Critical), CVE-2019-15681 (High)
Multiple vulnerabilities have been discovered in yaws, a high performance HTTP 1.1 webserver
written in Erlang. Reject external resource requests in DAV in order to avoid XML External
Entity (XXE) attacks and Sanitize CGI executable in order to avoid command injection via CGI
requests. It is recommended to upgrade the yaws package. CVE ID: CVE-2020-24379 (Critical), CVE-2020-24916 (Critical)
A vulnerability was discovered in lua5.3, a simple, extensible, embeddable programming
language whereby a negation overflow and segmentation fault can be triggered in getlocal and
setlocal. It is recommended to upgrade the lua5.3 packages. CVE ID: CVE-2020-24370 (Medium)
It has been discovered that a cross-site scripting (XSS) vulnerability in ruby-gon, a Ruby
library to send/convert data to Javascript from a Ruby application. It is recommended to
upgrade the ruby-gon packages. CVE ID: CVE-2020-25739
Buffer Copy Without Checking Size of Input vulnerability has been discovered in Yokogawa's
Equipment- Main equipment. Successful exploitation of this vulnerability can terminate the
program abnormally. CVE ID: CVE-2020-16232 (Low)
Multiple vulnerabilities have been discovered in MediaWiki, a website engine for
collaborative work. It has been discovered that SpecialUserRights can leak whether a user
existed or not, multiple code paths lacked HTML sanitisation allowing for cross-site
scripting and TOTP validation applied insufficient rate limiting against brute force
attempts. It is recommended to upgrade the mediawiki package. CVE ID: CVE-2020-25813, CVE-2020-25814, CVE-2020-25827, CVE-2020-25828
It has ben discovered that certain Diffie-Hellman ciphersuites in the TLS specification and
implemented by OpenSSL contained a flaw. A remote attacker can possibly use this
vulnerability to eavesdrop on encrypted communications. It is recommended to upgrade the
openssl1.0 packages. CVE ID: CVE-2020-1968 (Low)
It has been discovered that libquicktime incorrectly handled certain malformed MP4 files. If
a user is tricked into opening a specially crafted MP4 file, a remote attacker can use this
issue to cause libquicktime to crash, resulting in a denial of service. CVE ID: CVE-2017-9122 (Medium), CVE-2017-9123 (Medium), CVE-2017-9124 (Medium),
CVE-2017-9125 (Medium), CVE-2017-9126 (Medium), CVE-2017-9127 (Medium), CVE-2017-9128
(Medium)
It has been discovered that MiniUPnPd does not properly validate callback addresses,
incorrectly handled unpopulated user XML input, empty description when port mapping, and do
not properly parse certain PCP requests. A remote attacker can possibly use this issue to
expose sensitive information and cause MiniUPnPd to crash, resulting in a denial of service.
CVE ID: CVE-2019-12107 (High), CVE-2019-12108 (High), CVE-2019-12109 (High),
CVE-2019-12110 (High), CVE-2019-12111 (High)
Alien is part of a new generation of Android banking trojans which have integrated
remote-access features into their codebases to steal user credentials from 226 different
applications. The malware is distributed via phishing sites & SMS, for example malicious
page tricking the victims into downloading fake software updates or fake Corona apps and
can be purchased as a Malware-as-a-Service (MaaS) on hacker forums on the dark web.
Multiple vulnerabilities such as Improper Access Control, and Relative Path Traversal have
been discovered in 3S-Smart Software Solutions' Equipment- CoDeSys. Successful exploitation
of these vulnerabilities can allow an attacker to gain unauthorized access and obtain
administrative privileges. CVE ID: CVE-2012-6068 (Critical), CVE-2012-6069 (Critical)
Cisco has released security updates to address vulnerabilities affecting multiple products.
An unauthenticated, remote attacker can exploit some of these vulnerabilities to take
control of an affected system.
It has been discovered that discovered that atftpd incorrectly handled certain malformed
packets, and not properly lock the thread list mutex. A remote attacker can send a specially
crafted packet to cause atftpd to crash, resulting in a denial of service or an attacker can
send a large number of tftpd packets simultaneously when running atftpd in daemon mode to
cause atftpd to crash, resulting in a denial of service. CVE ID: CVE-2019-11365 (Critical), CVE-2019-11366 (Medium)
It has been discovered that PackageKit incorrectly handled certain methods and local deb
packages. A local attacker can use this vulnerability to learn the MIME type of any file on
the system or to install untrusted packages, contrary to expectations. CVE ID: CVE-2020-16121, CVE-2020-16122
It has been discovered that Aptdaemon incorrectly handled the Locale property. A local
attacker can use this vulnerability to test for the presence of local files. CVE ID: CVE-2020-15703
It has been discovered that DAViCal Andrew's Web Libraries (AWL) do not properly manage
session keys. An attacker can possibly use this vulnerability to impersonate a session.
CVE ID: CVE-2020-11728 (High)
Insufficient logging, and improper neutralization of input vulnerability have been
discovered in FortiGate and FortiNAC repectively. The affected products are FortiGate
versions 6.2.4 and below, FortiGate version 6.4.0, and FortiNAC version 8.7.2 and below. It
is recommended to upgrade to FortiGate 6.4.1 or above and FortiNAC 8.7.3 or above. CVE ID: CVE-2020-12818, CVE-2020-12816 (High)
RDFLib is a pure Python package for working with RDF. It has been discovered that RDFLib did
not properly load modules on the command-line. An attacker can possibly use this
vulnerability to cause RDFLib to execute arbitrary code. CVE ID: CVE-2019-7653 (Critical)
A DLL hijacking vulnerability has been discovered in Eaton. An attacker can execute
arbitrary code by replacing the vci11un6.DLL and cinpl.DLL when application tries to load
the DLLs to perform normal operations. The affected product is 9000x programing and
configuration software version 2.0.38 and prior. CVE ID: CVE-2020-6654 (High)
It has been discovered that a race condition arises in Xen when migrating timers of x86 HVM
guests between its vCPU-s, the locking model used allows for a second vCPU of the same guest
also operating on the timers to release a lock that it do n't acquire. The most likely
effect of the issue is a hang or crash of the hypervisor, i.e. a Denial of Service (DoS).
CVE ID: CVE-2020-25604
It has been discovered that the BusyBox wget applet incorrectly validated SSL certificates.
A remote attacker can possibly use this issue to intercept secure communications. CVE ID: CVE-2018-1000500 (High)
It has been discovered that FreeType before 2.6.1 has a buffer over-read in skip_comment in
psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face
operation. An attacker may be able to use a maliciously crafted file to create a buffer
overflow and potentially expose small amounts of memory from the PostScript process. CVE ID: CVE-2015-9382 (Medium)
It has been discovered that the LTSP Display Manager (ldm) incorrectly handled user logins
from unsupported shells. A local attacker can possibly use this issue to gain root
privileges. CVE ID: CVE-2019-20373 (High)
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR.
An attacker can exploit some of these vulnerabilities to take control of an affected
system. CVE ID: CVE-2020-15677 (Medium), CVE-2020-15676 (Medium), CVE-2020-15678 (Medium),
CVE-2020-15673 (High), CVE-2020-15675 (High), CVE-2020-15674 (High)
Cross-site Scripting vulnerability has been discovered in General Electric's Equipment-
Reason S20 managed Ethernet Switch. Successful exploitation of these vulnerabilities can
allow unauthorized accounts manipulation and allow for remote code execution. GE recommends
that S20 users upgrade to firmware Version 07A06 or higher to fix this vulnerability. CVE ID: CVE-2020-16242 (Medium), CVE-2020-16246 (Medium)
Multiple vulnerabilities such as Authorization Bypass Through User-controlled Key, and Use
of a One-Way Hash Without a Salt have been discovered in GE Digital's Equipment- APM
Classic, a tool to analyze and process data. Successful exploitation of these
vulnerabilities can allow access to sensitive information. CVE ID: CVE-2020-16240 (High), CVE-2020-16244 (High)
Multiple vulnerabilities have been discovered in DB2 Query Management Facility, Query
Management Facility Classic Edition, and Query Management Facility Enterprise Edition. An
unauthenticated attacker can obtain sensitive information, cause low confidentiality impact,
low integrity impact, no availability impact and can cause a denial of service resulting in
a low availability impact using unknown attack vectors. CVE ID: CVE-2020-14583 (High), CVE-2020-14593 (High), CVE-2020-14621 (Medium),
CVE-2020-14556 (Medium), CVE-2020-14581 (Low), CVE-2020-14579 (Low), CVE-2020-14578 (Low),
CVE-2020-14577 (Low), CVE-2019-17639 (Medium)
TNEF is a tool to unpack MIME application/ms-tnef attachments. It has been discovered that
TNEF incorrectly handled filenames. If a user is tricked into opening a specially crafted
email attachment, an attacker can possibly use this issue to write arbitrary files to the
filesystem or cause TNEF crash, resulting in a denial of service. CVE ID: CVE-2019-18849 (Medium)
An improper neutralization of input vulnerability has been discovered in FortiAnalyzer and
FortiTester, which may allow a remote authenticated attacker to inject script related HTML
tags via the Storage Connectors Name Parameter and IPv4/IPv6 address fields respectively.
The affected products are FortiAnalyzer versions 6.2.5 , 6.4.1 and below. FortiTester
versions 3.8.0; 3.7.0 and below. CVE ID: CVE-2020-12815, CVE-2020-12817
Google has released Chrome version 85.0.4183.121 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker can exploit to take control of an affected
system. CVE ID: CVE-2020-15960 (High), CVE-2020-15961 (High), CVE-2020-15962 (High),
CVE-2020-15963 (High), CVE-2020-15965 (High), CVE-2020-15966 (Medium), CVE-2020-15964 (Low)
It has been discovered that MISP can perform an unwanted action because of a POST operation
on a form that is not linked to the login page. The affected versions are MISP before
2.4.132. CVE ID: CVE-2020-25766 (Medium)
LibOFX is a client-side implementation of Open Financial Exchange specification. It has been
discovered that LibOFX does not properly check for errors in certain situations, leading to
a NULL pointer dereference. A remote attacker can use this issue to cause a denial of
service attack. CVE ID: CVE-2019-9656 (High)
noVNC is a HTML5 VNC client - daemon and programs. It has been discovered that noVNC does
not properly manage certain messages, resulting in the remote VNC server injecting arbitrary
HTML into the noVNC web page. An attacker can use this issue to conduct cross-site scripting
(XSS) attacks. CVE ID: CVE-2017-18635 (Medium)
mysql module before v3.3.0 & pgsql module of the InspIRCd IRC daemon contains
vulnerability. When combined with the sqlauth or sqloper modules these vulnerabilities can
be used to remotely crash an InspIRCd server by any user able to connect to a server. It is
recommended to upgrade the InspIRCd packages. CVE ID: CVE-2019-20917 (Medium), CVE-2020-25269 (Medium)
Researchers have reported a new Android malware that targets victim's personal device data,
browser credentials and Telegram messaging application files. The Android malware collects
all two-factor authentication (2FA) security codes sent to devices, sniffs out Telegram
credentials and launches Google account phishing attacks. The malware may be used to launch
attacks on critical sector organisations.
Multiple vulnerabilities such as SQL Injection, Cross-site Request Forgery, Command
Injection have been discovered in MB connect line's Equipment- mymbCONNECT24, mbCONNECT24.
Successful exploitation of these vulnerabilities can allow a remote attacker to gain
unauthorized access to arbitrary information or allow remote code execution. CVE ID: CVE-2020-24569 (High), CVE-2020-24568 (High), CVE-2020-24570 (High)
It has been discovered that Exim SpamAssassin does not properly handle configuration
strings. An attacker can possibly use this issue to execute arbitrary code. CVE ID: CVE-2019-19920 (High)
It has been discovered that ModSecurity v3 enabled global regular expression matching which
can result in denial of service. It is recommended to upgrade the modsecurity
packages. CVE ID: CVE-2020-15598
It has been discovered that Apache ZooKeeper as used by IBM QRadar SIEM is vulnerable due to
the failure to check permissions by the getACL() command to information disclosure. A remote
attacker by sending a specially-crafted request, can exploit this vulnerability to obtain
sensitive information. CVE ID: CVE-2019-0201 (Medium)
It has been discovered that Parallels Remote Application Server (RAS) has a Business Logic
Error causing remote code execution. This may allow an authenticated user to tamper with
requests between Parallels Clients and backend servers resulting in unintended access to any
server in the Parallels RAS Farm or other servers in the same internal domain. In addition,
authenticated user may be able to launch and execute applications not made available via
Parallels RAS filtering in the environment. CVE ID: CVE-2020-15860 (Critical)
It has been discovered that Email-Address-List does not properly parse email addresses
during email-ingestion. A remote attacker can use this issue to cause an algorithmic
complexity attack, resulting in a denial of service. CVE ID: CVE-2018-18898 (High)
It has been discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle
memory under certain error conditions in the Bluez 5 module. An attacker can use this issue
to cause PulseAudio to crash, resulting in a denial of service, or possibly execute
arbitrary code. CVE ID: CVE-2020-15710
A RFD Protection Bypass via jsessionid vulnerability has been discovered in Spring Framework
of VMware. The affected versions are Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 -
5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions. CVE ID: CVE-2020-5421 (High)
Multiple vulnerabilities such as Buffer Access with Incorrect Length Value, Inadequate
Encryption Strength, Origin Validation Error, Improper Input Validation, Improper
Verification of Cryptographic Signature, and Improper Resource Shutdown or Release have been
discovered in Wibu-Systems AG's Equipment- CodeMeter. Successful exploitation of these
vulnerabilities can allow an attacker to alter and forge a license file, cause a
denial-of-service condition, potentially attain remote code execution, read heap data, and
prevent normal operation of third-party software dependent on the CodeMeter. CVE ID: CVE-2020-14509 (Critical), CVE-2020-14517 (Critical), CVE-2020-14519 (High),
CVE-2020-14513 (High), CVE-2020-14515 (High), CVE-2020-16233 (High)
Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in
Advantech's Equipment- WebAccess Node. Successful exploitation of this vulnerability can
allow an attacker to escalate their privileges. CVE ID: CVE-2020-16202 (High)
Multiple vulnerabilities such as Cross-site Request Forgery, Improper Neutralization of
Script in Attributes in a Web Page, Protection Mechanism Failure, Algorithm Downgrade, and
Configuration have been discovered in Philips' Equipment- Clinical Collaboration Platform.
Successful exploitation of these vulnerabilities can allow an attacker to trick a user into
executing unauthorized actions or provide the attacker with identifying information that can
be used for subsequent attacks. CVE ID: CVE-2020-14506 (Low), CVE-2020-14525 (Low), CVE-2020-16198 (Medium),
CVE-2020-16200 (Medium), CVE-2020-16247 (Medium)
Multiple vulnerabilities such as HTML Injection, denial of service, and escalation of
privileges have been discovered in Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP
appliance. CVE ID: CVE-2020-8245, CVE-2020-8246, CVE-2020-8247
It has been discovered xawtv can be made to expose sensitive information and escalateuser
privileges if it received specially crafted input. A local attacker can possibly use this
issue to open and write to arbitrary files and escalate privileges. CVE ID: CVE-2020-13696 (Medium)
It has been discovered that Perl DBI module incorrectly handled certain inputs and file. An
attacker could possibly use this issue to execute arbitrary code and expose sensitive
information respectively. CVE ID: CVE-2013-7490 (Medium), CVE-2014-10401 (Medium)
Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization
has been dicovered in Python. A remote attacker may be able to use a specially crafted URL
to locate cookies or authentication data and send that information to a different host than
when parsed correctly. The affected versions are Python 2.7.x through 2.7.16 and 3.x through
3.7.2. CVE ID: CVE-2019-9636 (Critical)
An incomplete SSL server certification validation vulnerability has been discovered in the
Trend Micro Security 2019 (v15) consumer family of products, which can allow an attacker to
combine this vulnerability with another attack to trick an affected client into downloading
a malicious update instead of the expected one. It is recommended to upgarde to the latest
versions of Trend Micro Security 2020 (version 16) and the newly release 2021 (version 17).
CVE ID: CVE-2020-15604 (Low), CVE-2020-24560 (Low)
Apple has released security updates to address vulnerabilities in multiple products. An
attacker can exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities such as Information disclosure, Access bypass, and Cross-site
scripting have been discovered in Drupal core. CVE ID: CVE-2020-13670, CVE-2020-13667, CVE-2020-13669, CVE-2020-13668,
CVE-2020-13666
It has been discovered that StoreBackup do not properly manage lock files. A local attacker
can use this vulnerability to cause a denial of service or escalate privileges and run
arbitrary code. This vulnerability can be mitigated by updating the system. CVE ID: CVE-2020-7040 (High)
An improper neutralization of input during web page generation has been discovered in the
SSL VPN portal of FortiOS which may allow a remote authenticated attacker to perform a
stored cross site scripting attack (XSS). The affected versions are FortiOS version 6.2.1
and below, 6.0.8 and below and 5.6.12 and below. CVE ID: CVE-2019-15706 (Medium)
It has been discovered that MCabber, a small Jabber (XMPP) console client does not properly
manage roster pushes. An attacker could possibly use this vulnerability to remotely perform
man-in-the-middle attacks. CVE ID: CVE-2016-9928 (High)
It has been discovered that websocket-extensions do not properly parse special headers. A
remote attacker can use this vulnerability to cause regex backtracking, resulting in a
denial of service. CVE ID: CVE-2020-7663 (High)
A command injection vulnerability has been discovered in Trend Micro ServerProtect for Linux
can allow an attacker to execute arbitrary code on an affected system. The affected version
is ServerProtect for Linux (SPLX) 3.0. It is recommended to update to the latest
builds. CVE ID: CVE-2020-24561
LuaJIT is a Just in time compiler for Lua programming language version 5.1. It has been
discovered that an out-of-bounds read vulnerability existed in LuaJIT. An attacker can use
this vulnerability to cause a denial of service (application crash) or possibly expose
sensitive information. CVE ID: CVE-2020-15890 (High)
It has been discovered that GUPnP incorrectly handled certain subscription requests. A
remote attacker with specially crafted network traffic can possibly use this issue to
exfiltrate data or use GUPnP to perform DDoS attacks. CVE ID: CVE-2020-12695 (High)
bsdiff is used to generate or apply a patch between two binary files. It has been discovered
that bsdiff mishandled certain input. If a user were tricked into opening a malicious file,
an attacker could cause bsdiff to crash or potentially execute arbitrary code. CVE ID: CVE-2014-9862 (High)
It has been discovered that MilkyTracker, music creation tool, did not properly handle
certain input. And if a user is tricked into opening a malicious file, an attacker can cause
MilkyTracker to crash or potentially execute arbitrary code. CVE ID: CVE-2019-14464 (Medium), CVE-2019-14496 (High), CVE-2019-14497 (High)
Multiple vulnerabilities have been discovered in various Video Over IP (Internet Protocol)
encoder devices, also known as IPTV/H.264/H.265 video encoders. These vulnerabilities allow
an unauthenticated remote attacker to execute arbitrary code and perform other unauthorized
actions on a vulnerable system. CVE ID: CVE-2020-24214, CVE-2020-24215, CVE-2020-24216, CVE-2020-24217,
CVE-2020-24218, CVE-2020-24219
Multiple vulnerabilities such as Use of Hard-coded Cryptographic Key, Cross-site Scripting,
Improper Access Control, and Incorrect Permission Assignment for Critical Resource have been
discovered in ENTTEC's Equipment- Datagate Mk2, Storm 24, Pixelator, E-Streamer Mk2.
Successful exploitation of these vulnerabilities could allow an attacker to gain
unauthorized SSH/SCP access to devices, inject malicious code, run commands with root
privileges, and read, write, and execute files in system directories as any user. CVE ID: CVE-2019-12774 (Medium), CVE-2019-12775 (High), CVE-2019-12776 (High),
CVE-2019-12777 (High)
Out-of-bounds read vulnerability has been discovered in Adobe Media Encoder that could lead
to information disclosure in the context of the current user. The affected versions are
Adobe Media Encoder 14.3.2 and earlier versions. It ie recommended to upgrade to Adobe Media
Encoder 14.4. CVE ID: CVE-2020-9739, CVE-2020-9744, CVE-2020-9745
It has been discovered that GitLab is vulnerable to an OAuth authorization scope change
without user consent in the middle of the authorization flow. The affected versions are
GitLab before version 13.3.4. CVE ID: CVE-2020-13300 (Critical)
Multiple vulnerabilities such as privilege escalation, out-of-bounds read, denial of
service, and information disclosure have been discovered in VMware Workstation, Fusion and
Horizon Client. CVE ID: CVE-2020-3980 (Medium), CVE-2020-3986 (Medium), CVE-2020-3987 (Medium),
CVE-2020-3988 (Medium), CVE-2020-3989 (Low), CVE-2020-3990 (Low)
Path Traversal vulnerability has been discovered in Web Mail User Interface in McAfee Email
Gateway (MEG). This vulnerability allows remote attackers to traverse the file system to
access files or directories that are outside of the restricted directory. The affected
versions are McAfee Email Gateway (MEG) prior to 7.6.406 Hotfix (HF) 1264651. It is
recommended to upgrade to Email Gateway 7.6.406 HF 1264651. CVE ID: CVE-2020-7268 (Medium)
MySQL is a multi-user, multi-threaded SQL database server. Multiple vulnerabilities have
been discovered in mysql packages. An update for the mysql:8.0 module is now available for
Red Hat Enterprise Linux 8.
It has been discovered that cryptsetup incorrectly handled certain inputs. An attacker could
possibly use this issue to execute arbitrary code. CVE ID: CVE-2020-14382
A vulnerability has been discovered in the Private Internet Access (PIA) VPN Client for
Linux which allows remote attackers to bypass an intended VPN kill switch mechanism and read
sensitive information via intercepting network traffic. The affected versions are PIA VPN
Client for Linux 1.5 through 2.3+. CVE ID: CVE-2020-15590
Dovecot is an IMAP server for Linux and other UNIX-like systems. Multiple vulnerabilities
such as Resource exhaustion via deeply nested MIME parts, Out of bound reads in dovecot NTLM
implementation, and Crash due to assert in RPA implementation have been discovered in
dovecot. An update for dovecot is now available for Red Hat Enterprise Linux 8.1 Extended
Update Support. CVE ID: CVE-2020-12100 (High), CVE-2020-12673 (High), CVE-2020-12674 (High)
It has been discovered that there was a directory traversal attack in pip, the Python
package installer. When an URL is given in an install command, as a Content-Disposition
header is permitted to have ../ components in their filename, arbitrary local files (eg.
/root/.ssh/authorized_keys) can be overidden. It is recommended to upgrade the python-pip
packages. CVE ID: CVE-2019-20916 (High)
A flaw has been discovered in Apache httpd in versions prior to 2.4.46. A specially crafted
Cache-Digest header triggers negative argument to memmove() can lead to a crash and denial
of service. Configuring the HTTP/2 feature via "H2Push off" will mitigate this
vulnerability. CVE ID: CVE-2020-9490 (High)
Administrators with QRadar Risk Manager appliances in their deployment are being alerted to
changes in Configuration Source Manager due to the approaching end of life of Adobe Flash.
Due to removal of Adobe Flash, the Configuration Source Management (CSM) functionality is
integrated in to the Configuration Monitor. The updated Configuration Monitor interface is
available to administrators who upgrade their QRadar deployment in upcoming fix pack
releases.
It has been discovered that the X.Org X Server incorrectly handled the input extension
protocol, XkbSelectEvents function, XRecordRegisterClients function, XkbSetNames function,
and incorrectly initialized memory. A local attacker could possibly use this issue to
escalate privileges and obtain sensitive information. CVE ID: CVE-2020-14346, CVE-2020-14347, CVE-2020-14361, CVE-2020-14362,
CVE-2020-14345
Permissive Cross-domain Policy with Untrusted Domains vulnerability has been discovered in
HMS Networks' Equipment- Ewon Flexy and Cosy. Successful exploitation of this vulnerability
could allow attackers to retrieve limited confidential information. CVE ID: CVE-2020-16230 (Low)
Stack-based Buffer Overflow vulnerability has been discovered in FATEK Automation's
Equipment- PLC WinProladder. Successful exploitation of this vulnerability could crash the
device being accessed; a buffer overflow condition may cause a denial-of-service event and
remote code execution. CVE ID: CVE-2020-10597 (High)
It has been discovered that in all fix pack levels of IBM Db2 V11.1, and V11.5 editions
running on all platforms of IBM Java SDK a vulnerability related to the Kerberos component
could allow an unauthenticated attacker to obtain sensitive information resulting in a high
confidentiality impact using unknown attack vectors. CVE ID: CVE-2019-2949 (Medium)
Multiple vulnerabilities such as Improper Neutralization of Formula Elements in a CSV File,
Cross-site Scripting, Improper Authentication, Improper Check for Certificate Revocation,
Improper Handling of Length Parameter Inconsistency, Improper Validation of Syntactic
Correctness of Input, Improper Input Validation, and Exposure of Resource to Wrong Sphere
have been discovered in Philips' Equipment- Patient Information Center iX (PICiX);
PerformanceBridge Focal Point; IntelliVue Patient Monitors MX100, MX400-MX850, and MP2-MP90;
and IntelliVue X2, and X3. Successful exploitation of these vulnerabilities could result in
unauthorized access, interrupted monitoring, and collection of access information and/or
patient data. CVE ID: CVE-2020-16214 (Medium), CVE-2020-16218 (Low), CVE-2020-16222 (Medium),
CVE-2020-16228 (Medium), CVE-2020-16224 (Medium), CVE-2020-16220 (Low), CVE-2020-16216
(Medium), and CVE-2020-16212 (Medium)
A buffer overflow vulnerability has been discovered in PAN-OS, which allows an
unauthenticated attacker to disrupt system processes and potentially execute arbitrary code
with root privileges by sending a malicious request to the Captive Portal or Multi-Factor
Authentication interface. The affected versions are All versions of PAN-OS 8.0, PAN-OS 8.1
versions earlier than PAN-OS 8.1.15, PAN-OS 9.0 versions earlier than PAN-OS 9.0.9, and
PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. CVE ID: CVE-2020-2040 (Critical)
SQL Injection vulnerability has been discovered in AVEVA™ Enterprise Data ManagementWebv2019
and all prior versions formerly known as eDNAWeb. Successful exploitation of this
vulnerability could allow a remote attacker to execute arbitrary SQL commands on the
affected device.
Multiple vulnerabilities have been discovered such as Privilege Escalation, DLL Search Order
Hijacking & DLL Injection in McAfee Agent for Windows, and Privilege Escalation in
McAfee Agent for MAC. The affected versions are McAfee Agent for Windows and MAC Prior to
5.6.6. CVE ID: CVE-2020-7311 (High), CVE-2020-7312 (High), CVE-2020-7315 (Medium), and
CVE-2020-7314 (High)
A race condition vulnerability has been discovered in the Twilio Authy 2-Factor
Authentication Application, which allows a user to potentially approve/deny an access
request prior to unlocking the application with a pin on older Android devices, effectively
bypassing the PIN requirement. The affected products are Twilio Authy App below
24.3.7. CVE ID: CVE-2020-24655
An arbitrary code execution vulnerability has been discovered in grunt before 1.3.0, a
Javascript task runner. This vulnerability occured due to the unsafe loading of YAML
documents. CVE ID: CVE-2020-7729 (High)
It has been discovered that GnuTLS could be made to crash or run programs if it received
specially crafted network traffic. CVE ID: CVE-2020-24659 (Medium)
It has been discovered that multiple devices supporting both Bluetooth BR/EDR and LE using
Cross-Transport Key Derivation (CTKD) for pairing could allow a remote attacker to conduct a
man-in-the-middle attack. If a device is within wireless range of a vulnerable Bluetooth
device and becomes paired or bonded on a transport and CTKD is used to derive a key which
then overwrites a pre-existing key of greater strength, an attacker could exploit this
vulnerability to conduct a man-in-the-middle attack between devices previously bonded to
gain access to restricted profiles or services. CVE ID: CVE-2020-15802
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote
attacker could exploit some of these vulnerabilities to take control of an affected system.
The Android Security Bulletin contains details of security vulnerabilities affecting Android
devices. Security patch levels of 2020-09-05 or later address all of these issues.
Google has released Chrome version 85.0.4183.102 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system. CVE ID: CVE-2020-6573, CVE-2020-6574, CVE-2020-6575, CVE-2020-6576, CVE-2020-15959
Adobe has released security updates to address vulnerabilities in Adobe Experience Manager,
Adobe Framemaker and Adobe InDesign. An attacker could exploit some of these vulnerabilities
to take control of an affected system.
Multiple vulnerabilities have been discovered in multiple products of Siemens. A remote
attacker could exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that the AF_PACKET implementation in the Linux kernel did not
properly perform bounds checking in some situations. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary code. CVE ID: CVE-2020-14386 (High)
Multiple vulnerabilities such as Information disclosure, Cross-site scripting, and Improper
masking of secrets have been discovered in jenkins plugin. An update for jenkins-2-plugins
is now available for Red Hat OpenShift Container Platform 4.4. CVE ID: CVE-2020-2181 (Medium), CVE-2020-2182 (Medium), CVE-2020-2190 (Medium),
CVE-2020-2224 (Medium), CVE-2020-2225 (Medium), CVE-2020-2226 (Medium)
An ASP.NET cookie prefix spoofing vulnerability has been discovered in .NET Core. An update
for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. CVE ID: CVE-2020-1045
Go Toolset provides the Go programming language tools and libraries. Go is alternatively
known as golang. Multiple vulnerabilities have been discovered in golang. An update for the
go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. CVE ID: CVE-2020-14040 (High), CVE-2020-15586 (Medium), CVE-2020-16845 (High)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Multiple vulnerabilities have been discovered in php package. An update for the php:7.3
module is now available for Red Hat Enterprise Linux 8.
The librepo library provides a C and Python API to download repository metadata. It has been
discovered that a missing path validation in repomd.xml may lead to directory traversal. An
update for librepo is now available for Red Hat Enterprise Linux 8. CVE ID: CVE-2020-14352 (High)
A cross site scripting vulnerability has been discovered in IBM WebSphere Application Server
shipped with IBM Security Access Manager for Enterprise Single Sign-On. The affected
products are IBM Security Access Manager for Enterprise Single Sign-On 8.2.1, 8.2.2. CVE ID: CVE-2020-4575 (Medium)
Multiple vulnerabilities such as Buffer Access with Incorrect Length Value, Inadequate
Encryption Strength, Origin Validation Error, Improper Input Validation, Improper
Verification of Cryptographic Signature, and Improper Resource Shutdown or Release have been
discovered in Wibu-Systems AG's Equipment- CodeMeter. Successful exploitation of these
vulnerabilities could allow an attacker to alter and forge a license file, cause a
denial-of-service condition, potentially attain remote code execution, read heap data, and
prevent normal operation of third-party software dependent on the CodeMeter. CVE ID: CVE-2020-14513 (High), CVE-2020-14519 (High), CVE-2020-14509 (Critical),
CVE-2020-14517 (Critical), CVE-2020-16233 (High), CVE-2020-14515 (High)
A vulnerability has been discovered in the sized-chunks crate for Rust. In the InlineArray
implementation, an unaligned reference may be generated for a type that has a large
alignment requirement. CVE ID: CVE-2020-25796
Multiple vulnerabilities have been discovered in netty, a Java NIO client/server socket
framework. The affected version of Netty is 1:4.1.7-2+deb9u2. It is recommended to upgrade
the netty packages. CVE ID: CVE-2019-20444 (Critical), CVE-2019-20445 (Critical), CVE-2020-7238 (High),
and CVE-2020-11612 (Critical)
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with
security in mind. Multiple vulnerabilities have been discovered in dovecot. An update for
dovecot is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2020-12674 (High), CVE-2020-12673 (High), CVE-2020-12100 (High)
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher,
and HTTP data objects. It has been discovered that HTTP Request Smuggling and HTTP Request
Splitting could result in cache poisoning in squid. An update for the squid:4 module is now
available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.0 Update Services for
SAP Solutions, and Red Hat Enterprise Linux 8.1 Extended Update Support. CVE ID: CVE-2020-15810, CVE-2020-15811
Red Hat Data Grid is a distributed, in-memory datastore. It has been discovered that
compression/decompression codecs don't enforce limits on buffer allocation sizes in netty
and improper validation of certificate with host mismatch in SMTP appender in log4j. CVE ID: CVE-2020-11612 (Critical) and CVE-2020-9488 (Low)
It has been discovered that asyncpg allows a malicious PostgreSQL server to trigger a crash
or execute arbitrary code (on a database client) via a crafted server response, because of
access to an uninitialized pointer in the array data decoder. The affected versions are
asyncpg before 0.21.0. It is recommended to upgrade the asyncpg packages. CVE ID: CVE-2020-17446 (Critical)
A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS
functionality of Accusoft ImageGear. A specially crafted malformed file can cause a memory
corruption. An attacker can provide a malicious file to trigger this vulnerability. The
affected version is Accusoft ImageGear 19.7.
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application
platform solution designed for on-premise or private cloud deployments. It has been
discovered a Node disk DOS vulnerability exists while writing to container /etc/hosts. An
update for openshift is now available for Red Hat OpenShift Container Platform 4.4.
Predictable Exact Value from Previous Values vulnerability has been discovered in Mitsubishi
Electric's various equipments. Successful exploitation of this vulnerability could be used
to hijack TCP sessions and allow remote command execution.
Red Hat JBoss Enterprise Application Platform (EAP) CD20 is a platform for Java applications
based on the WildFly application runtime. Multiple vulnerabilities have been discovered in
JBoss EAP Continuous Delivery 20.
It has been discovered that Python-RSA incorrectly handled certain ciphertexts. An attacker
could possibly use this issue to obtain sensitive information.
Multiple vulnerabilities have been discovered in Apache HTTPD server. The apache2 packages
are affected by these vulnerabilities. It is recommended to upgrade the apache2 packages.
It has been discovered that Shadankun Server Security Type is vulnerable to Denial of
Service because newly detected attack source IP addresses can not be added as blocking
targets for a certain time. The affected versions are Attack blocking Kun server security
type Target product version 1.5.3 and earlier.
Git is a distributed revision control system with a decentralized architecture. As opposed
to centralized version control systems with a client-server model, Git ensures that each
working copy of a Git repository is an exact copy with complete revision history. This not
only allows the user to work on and contribute to projects without the need to have
permission to push the changes to their official repositories, but also makes it possible
for the user to work with no network connection. An update for git is now available for Red
Hat Enterprise Linux 7.7 Extended Update Support.
It has been discovered that flask-cors allows ../ directory traversal to access private
resources because resource matching does not ensure that pathnames are in a canonical
format. The affected versions are flask-cors before 3.0.9.
It has been observed an improper authentication vulnerability in Bitdefender Endpoinit
Security Tools for Windows and Endpoint Security SDK allows an unprivileged local attacker
to escalate privileges or tamper with the product’s security settings. This vulnerability
affects Bitdefender Endpoinit Security Tools for Windows versions prior to 6.6.18.261;
Endpoint Security SDK versions prior to 6.6.18.261.
Kleopatra is a certificate manager and a universal crypto GUI. It has been discovered that
the Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote
attackers to execute arbitrary code because openpgp4fpr and URLs are supported without safe
handling of command-line options. The Qt platformpluginpath command-line option can be used
to load an arbitrary DLL.
Multiple vulnerabilities have been discovered in the Distance Vector Multicast Routing
Protocol (DVMRP) feature of Cisco IOS XR Software. These vulnerabilities could allow an
unauthenticated, remote attacker to exhaust process memory of an affected device.
It has been discovered that Lilypond, a program for typesetting sheet music, do not restrict
the inclusion of Postscript and SVG commands when operating in safe mode, which can result
in the execution of arbitrary code when rendering a typesheet file with embedded Postscript
code. It is recommended to upgrade the lilypond packages.
Multiple vulnerabilities have been discovered in OpenEXR image library, which could result
in denial of service and potentially the execution of arbitrary code when processing
malformed EXR image files. It is recommended to upgrade the openexr packages.
A heap-based buffer overflow vulnerability has been discovered in MuPDF, a lightweight PDF
viewer, which may result in denial of service or the execution of arbitrary code if a
malformed PDF file is opened.It is recommended to upgrade the mupdf packages.
Multiple vulnerabilities such as Remote Code Execution (RCE) and Cross-Site Scripting(XSS)
have been discovered in the management screen of baserCMS 4.3.6 and earlier. It is
recommended to upgrade to the new version 4.3.7 or apply patch.
It has been discovered that Squid incorrectly validated certain data and incorrectly handled
certain Cache Digest response messages sent by trusted peers. A remote attacker could
possibly use these vulnerabilities to perform an HTTP request smuggling attack, resulting in
cache poisoning or cause Squid to consume resources, resulting in denial of service.
Multiple vulnerabilities in BIND, a DNS server implementation, have been discovered. These
vulnerabilities affected the bind9 packages. It is recommended to upgrade the bind9
packages.
Multiple vulnerabilities such as Authentication Bypass Using an Alternate Path or Channel,
Improper Restriction of Excessive Authentication Attempts, Improper Authentication, Missing
Authorization, Execution with Unnecessary Privileges, Unrestricted Upload of File with
Dangerous Type, Path Traversal, Improper Authorization, Cross-site Scripting, Use of
Unmaintained Third-Party Components, Insufficiently Protected Credentials, and Hidden
Functionality have been discovered in OpenClinic GA Equipment. Successful exploitation of
these vulnerabilities could allow an attacker to bypass authentication, discover restricted
information, view/manipulate restricted database information, and/or execute malicious code.
Multiple vulnerabilities such as Reflected Cross-site Scripting, Stored Cross-site
Scripting, Cross-site Request Forgery, Hidden Functionality, and Use of Unmaintained
Third-Party Components have been discovered in Red Lion's Equipment- N-Tron 702-W /
702M12-W. Successful exploitation of these vulnerabilities could allow an attacker to gain
unauthorized access to sensitive information, execute system commands, and perform actions
in the context of an attacked user.
Cisco has released security updates to address vulnerabilities affecting multiple products.
An unauthenticated, remote attacker could exploit some of these vulnerabilities to take
control of an affected system.
An Improper access control vulnerability has been discovered in NITORI App. A remote
attacker may lead a user to access an arbitrary website via the vulnerable App. As a result,
the user may become a victim of a phishing attack. The affected versions are NITORI App for
Android versions 6.0.4 and earlier, and NITORI App for iOS versions 6.0.2 and earlier. It is
recommended to update the App to the latest version.
It has been discovered that libmysofa incorrectly handled certain input files. An attacker
could possibly use this vulnerability to cause a denial of service or other unspecified
impact.
It has been discovered that the Lua module for Nginx, a high-performance web and reverse
proxy server, is prone to a HTTP request smuggling vulnerability. It is recommended to
upgrade the nginx packages.
Multiple vulnerabilities have been discovered in BIG-IP products. An attacker could exploit
these vulnerabilities to take control of an affected system.
A vulnerability has been discovered in Nova live migration. This vulnerability occurs while
performing soft reboot of an instance which has previously undergone live migration. The
affected versions are Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0.
It has been discovered that a ZTE product is impacted by the cryptographic vulnerability.
The encryption algorithm is not properly used, so remote attackers could use this
vulnerability to account credential enumeration attack or brute-force attack for password
guessing. The affected versions is ZXIPTV-WEB-PV5.09.08.04. It is recommended to upgrade to
ZXIPTV-WEB-PV5.09.08.04P3 or later.
Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC)
prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially
crafted input in the policy discovery section. It is recommended to upgrade to MACC 8.3.1.
It has been discovered that lack of escaping in mod_latestactions allows XSS attacks in
Joomla!. The affected versions are Joomla! CMS versions 3.9.0 to 3.9.20. It is recommended
to upgrade to version 3.9.21.
Google has released Chrome version 85.0.4183.83 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR,
and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of
an affected system.
Multiple vulnerabilities such as Remote Unauthorized Access and Cross-Site Scripting have
been discovered in the Aruba Intelligent Edge Switches web management interface. Successful
exploitation of these vulnerabilities could result in unauthorized administrative access to
the switch.
Stack-based Buffer Overflow vulnerability has been discovered in WECON's Equipment-
LeviStudioU. Successful exploitation of this vulnerability could allow an attacker to
execute code under the privileges of the application.
Inadequate Encryption Strength vulnerability has been discovered in Emerson's Equipment-
OpenEnterprise SCADA Software. Successful exploitation of this vulnerability could allow an
attacker access to credentials held by OpenEnterprise used for accessing field devices and
external systems.
Path Traversal vulnerability has been discovered in Advantech's Equipment- iView. Successful
exploitation of this vulnerability could allow an attacker to read/modify information,
execute arbitrary code, limit system availability, and/or crash the application.
The kernel packages contain the Linux kernel, the core of any Linux operating system. Null
pointer dereference in search_keyring and heap-based buffer overflow in
lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c have been
discovered in kernel. An update for kernel is now available for Red Hat Enterprise Linux 6.
It has been discovered that Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale
OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A
remote unauthenticated malicious attacker may potentially exploit this vulnerability to
cause a process restart.
Multiple vulnerabilities have been identified in Citrix Hypervisor that may, in certain
configurations, allow privileged code in an HVM guest VM to execute code in the control
domain, potentially compromising the host. These vulnerabilities affect all currently
supported versions of Citrix XenServer up to and including Citrix Hypervisor 8.2 LTSR.
A directory traversal vulnerability has been discovered in Icinga Web 2, a web interface for
Icinga, which could result in the disclosure of files readable by the process. It is
recommended to upgrade the icingaweb2 packages.
Several vulnerabilities have been discovered in libjackson-json-java, a Java JSON processor.
It is recommended to upgrade the libjackson-json-java packages.
It has been discovered that in inetutils-telnetd, an implementation of a telnet daemon,
arbitrary remote code execution might have been possible via short writes or urgent data. It
is recommended to upgrade the inetutils-telnetd packages.
It has been discovered that wolfSSL incorrectly implements the TLS 1.3 client state machine.
An attacker in a privileged position can read or modify communications between clients using
the wolfSSL library and TLS 1.3 servers.
Multiple vulnerabilities have been discovered in sqlite3, a C library that implements an SQL
database engine. It is recommended to upgrade the sqlite3 packages.
It has been discovered that an ansi escape sequence injection exists in software-properties,
a manager for apt repository sources. An attacker could manipulate the screen of a user
prompted to install an additional repository (PPA). It is recommended to upgrade the
software-properties packages.
Several memory leaks were discovered in proftpd-dfsg, a versatile, virtual-hosting FTP
daemon, when mod_facl or mod_sftp is used which could lead to memory exhaustion and a
denial-of-service. It is recommended to upgrade the proftpd-dfsg packages.
A vulnerability has been discovered in Foxit Studio Photo that could expose the application
to Out-of-Bounds Write Information Disclosure vulnerability and crash if users were using
PSD File tampered. The affected versions are Foxit Studio Photo 3.6.6.927 and earlier.
Multiple vulnerabilities such as partial denial of service vulnerability in VMware ESXi and
vCenter Server and Stored Cross-Site Scripting (XSS) vulnerability affecting VMware App
Volumes have been discovered in VMware. The affected versions are ESXi 6.5, 6.7 and 7.0,
vCenter Server 6.5, 6.7 and 7.0, Cloud Foundation (ESXi and vCenter) 3.x.x and 4.x.x, App
Volumes 2.x and 4.
Multiple vulnerabilities such as Improper Handling of Length Parameter Inconsistency,
Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound,
Improper Null Termination, and Improper Access Control have been discovered in Treck Inc's
Equipment- TCP/IP. Successful exploitation of these vulnerabilities may allow remote code
execution or exposure of sensitive information.
Multiple vulnerabilities such as Improper Input Validation, Improper Access Control, and
Improper Authentication have been discovered in Philips' Equipment- SureSigns VS4.
Successful exploitation of these vulnerabilities could allow an attacker access to
administrative controls and system configurations, which could allow changes to system
configuration items causing patient data to be sent to a remote destination.
Multiple cross-site scripting vulnerabilities have been discovered in Exment. The affected
versions are Exment versions below v3.6.0. It is recommended to upgrade to versions above
v3.6.0.
Cisco has released security updates to address vulnerabilities affecting multiple products.
An unauthenticated, remote attacker could exploit some of these vulnerabilities to take
control of an affected system.
It has been discovered that websocket-extensions ruby module allows Denial of Service (DoS)
via Regex Backtracking. The extension parser may take quadratic time when parsing a header
containing an unclosed string parameter value whose content is a repeating two-byte sequence
of a backslash and some other character. This could be abused by an attacker to conduct
Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload
with the Sec-WebSocket-Extensions header. It is recommended to upgrade the
ruby-websocket-extensions packages.
Multiple vulnerabilities have been discovered in QEMU. An attacker inside a guest or a
remote attacker could possibly use these vulnerabilities to leak host memory to obtain
sensitive information, cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code.
It has been discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY
option. This could result in data being sent to the wrong destination, possibly exposing
sensitive information.
It has been discovered that the build triggers in quay can disclose robot account names and
existence of private repos within namespaces. An update is now available for Red Hat Quay
3.3.
It has been discovered that IBM Content Navigator is vulnerable to improper input
validation. A malicious administrator could bypass the user interface and send requests to
the IBM Content Navigator server with illegal characters that could be stored in the IBM
Content Navigator database. The affected versions are IBM Content Navigator 3.0.7 and 3.0.8.
It has been discovered that the Kommbox component in Rangee GmbH RangeeOS could allow a
local authenticated attacker to escape from the restricted environment and execute arbitrary
code due to unrestricted context menus being accessible. The affected version is RangeeOS
8.0.4.
Google has released Chrome version 84.0.4147.135 for Windows, Mac, and Linux. This version
addresses a vulnerability that an attacker could exploit to take control of an affected
system.
Multiple vulnerabilities such as Privilege Escalation, Whitelist Bypass, and Persistancy
have been discovered in voidtools Everything service. An attacker could take advantage of
these vulnerabilities to achieve privilege escalation, persistence and possible whitelist
bypass by using the technique of implanting an arbitrary unsigned dynamic link library which
is executed by a signed service that runs as NT AUTHORITY\SYSTEM. All Everything versions
prior to 1.4.1.990 that include the Everything service feature are affected by these
vulnerabilities.
Stored XSS vulnerability has been discovered in jenkins-2-plugins of matrix project and DoS
in python RSA. An update for jenkins-2-plugins and python-rsa is now available for Red Hat
OpenShift Container Platform 4.5.
It has been discovered that GNOME Shell incorrectly handled the login screen password
dialog. Sensitive information could possibly be exposed during user logout.
It has been discovered that the bcache subsystem in the Linux kernel did not properly
release a lock in some error conditions and the USB testing driver in the Linux kernel did
not properly deallocate memory on disconnect events. A local attacker could possibly use
these vulnerabilities to cause a denial of service.
It has been discovered that Ark did not properly sanitize zip archive files before
performing extraction. An attacker could use this vulnerability to construct a malicious zip
archive that, when opened, would create files outside the extraction directory.
Red Hat Ceph Storage is a scalable, open, software-defined storage platform. A HTTP header
injection via CORS ExposeHeader tag has been discovered in radosgw of ceph. An update is now
available for Red Hat Ceph Storage 3.3 on Ubuntu 16.04.
Dell EMC ECS contains remediation for an Exposure of Resource Vulnerability that could be
exploited by malicious users to compromise the affected system. The affected version is Dell
EMC ECS versions prior to 3.5.
LibVNCServer is a C library that enables you to implement VNC server functionality into own
programs. A websocket decoding buffer overflow vulnerability has been discovered in
libvncserver. An update for libvncserver is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.
It has been discovered that Oniguruma incorrectly handled certain regular expressions. An
attacker could possibly use this issue to cause a denial of service, obtain sensitive
information or other unspecified impact.
Multiple vulnerabilities such as out-of-bounds read, heap buffer overflow, and NULL pointer
dereference have been discovered in the epson2 and epsonds backends of SANE, a library for
scanners. A malicious remote device could exploit these to trigger information disclosure,
denial of service and possibly remote code execution. The affected versions are SANE
Backends before 1.0.30. It is recommended to upgrade the sane-backends packages.
An issue has been discovered in the PostgreSQL database system where an uncontrolled search
path could allow users to run arbitrary SQL functions with elevated priviledges when a
superuser runs certain `CREATE EXTENSION' statements. It is recommended to upgrade the
posgresql-9.6 packages.
It has been discovered that Software Properties incorrectly filtered certain escape
sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary
PPA, a remote attacker could possibly manipulate the screen.
It has been discovered that when using Apache Shiro, a specially crafted HTTP request may
cause an authentication bypass. The affected version is Apache Shiro 1.6.0.
It has been discovered that in libEtPan, a mail library, a STARTTLS response injection
affects IMAP, SMTP, and POP3. It is recommended to upgrade the libetpan packages.
It has been discovered that the DataImportHandler of lucene-solr, has a feature in which the
whole DIH configuration can come from a request's dataConfig parameter. The debug mode of
the DIH admin screen uses this to allow convenient debugging / development of a DIH config.
Since a DIH config can contain scripts, this parameter is a security risk. It is recommended
to upgrade the lucene-solr packages.
It has been discovered that a malicious JavaScript code was able to execute arbitrary Java
code on htmlunit. It is recommended to upgrade the htmlunit packages.
madlib-object-utils is a small set of utility functions for working with objects. It has
been discovered that madlib-object-utils package is vulnerable to Prototype Pollution via
setValue. It is recommended to upgrade madlib-object-utils to version 0.1.7 or higher.
It has been discovered that Cloud Foundry CAPI (Cloud Controller), when used in a deployment
where an app domain is also the system domain, is vulnerable to developers maliciously or
accidentally claiming certain sensitive routes, potentially resulting in the developer’s app
handling some requests that were expected to go to certain system components. The affected
Cloud Foundry Products are CAPI all versions prior to 1.97.0 and CF Deployment all versions
prior to 13.12.0.
It has been discovered that Salt allows remote attackers to determine which files exist on
the server, bypass authentication perform command injection, incorrectly validated method
calls and sanitized paths. An attacker could use these to extract sensitive information,
execute arbitrary code or crash the server, and access some methods without authentication.
Multiple vulnerabilities have been discovered in Struts2. The affected versions are Struts
2.0.0 - 2.5.20. It is recommended to upgrade to Struts 2.5.22.
It has been discovered that Dell Encryption and Dell Endpoint Security Suite contain a
privilege escalation vulnerability. A local malicious user with low privileges could
potentially exploit this vulnerability to gain elevated privilege on the affected system
with the help of a symbolic link. The affected products are Dell Encryption versions prior
to 10.8 and Dell Endpoint Security Suite versions prior to 2.8.
Multiple vulnerabilities have been discovered in Jenkins core and its plugins. The affected
versions are Jenkins weekly up to and including 2.251, Jenkins LTS up to and including
2.235.3, Email Extension Plugin up to and including 2.73, Flaky Test Handler Plugin up to
and including 1.0.4, Pipeline Maven Integration Plugin up to and including 3.8.2, and Yet
Another Build Visualizer Plugin up to and including 1.11.
It has been discovered that when SSL/TLS Forward Proxy Decryption mode has been configured
to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and
URL path headers for policy enforcement on the decrypted HTTPS web transactions but does not
consider Server Name Indication (SNI) field within the TLS Client Hello handshake. This
allows a compromised host in a protected network to evade any security policy that uses URL
filtering on a firewall configured with SSL Decryption in the Forward Proxy mode. A
malicious actor can then use this technique to evade detection of communication on the TLS
handshake phase between a compromised host and a remote malicious server.
It has been discovered that Fuel CMS allows SQL Injection via parameter 'col' in
pages/items, permissions/items, navigation/items and logs/items. Exploiting this
vulnerability could allow an attacker to compromise the application, access or modify data,
or exploit latent vulnerabilities in the underlying database. The affected versions are Fuel
CMS 1.4.7.
It has been discovered that Concourse for VMware Tanzu in installations which use the GitLab
auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account
with the same full name as another user who is granted access to a Concourse team. The
affected versions are Concourse for VMware Tanzu 6.3 versions prior to 6.3.1. It is
recommended to upgrade to Concourse for VMware Tanzu 6.3.1.
Reflected Cross Site Scripting vulnerability has been discovered in Teradici PCoIP
Management Console that could allow an attacker to take over the user's active session if
the user is exposed to a malicious payload. The affected versions are Teradici PCoIP
Management Console prior to 20.07. It is recommended to update to Management Console 20.07
or later.
It has been discovered that a vulnerability exists in the IBM Event Streams schema registry
that allows unauthorized access to create, edit and delete schemas. The affected version is
IBM Event Streams 10.0.0.
Multiple vulnerabilities have been discovered in Citrix Endpoint Management (CEM), also
referred to as XenMobile. The versions of Citrix Endpoint Management (CEM) affected by these
vulnerabilities are XenMobile Server 10.12 before RP2, XenMobile Server 10.11 before RP4,
XenMobile Server 10.10 before RP6, XenMobile Server 10.11 before RP6, XenMobile Server 10.12
before RP3, and XenMobile Server before 10.9 RP5.
Adobe has released security updates to address vulnerabilities affecting Adobe Acrobat,
Reader, and Lightroom. An attacker could exploit some of these vulnerabilities to take
control of an affected system.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A
remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
It has been discovered that a spoofing vulnerability exists when Windows incorrectly
validates file signatures. An attacker who successfully exploited this vulnerability could
bypass security features and load improperly signed files.
It has been discovered that a remote code execution vulnerability exists in the way that the
scripting engine handles objects in memory in Internet Explorer. The vulnerability could
corrupt memory in such a way that an attacker could execute arbitrary code in the context of
the current user. An attacker who successfully exploited the vulnerability could gain the
same user rights as the current user. If the current user is logged on with administrative
user rights, an attacker who successfully exploited the vulnerability could take control of
an affected system. An attacker could then install programs; view, change, or delete data;
or create new accounts with full user rights.
SAP has released security updates to address vulnerabilities affecting multiple products. An
attacker could exploit some of these vulnerabilities to take control of an affected system.
This includes a cross-site scripting vulnerability (CVE-2020-6284) in NetWeaver (Knowledge
Management).
Multiple vulnerabilities have been discovered in multiple products of Siemens. A remote
attacker could exploit some of these vulnerabilities to take control of an affected system.
Synchronous Access of Remote Resource without Timeout vulnerability has been discovered in
Tridium's Equipment- Niagara. Successful exploitation of this vulnerability could result in
a denial-of-service condition.
Path Traversal vulnerability has been discovered in Schneider Electric's Equipment- APC Easy
UPS On-Line. Successful exploitation of these vulnerabilities could lead to remote code
execution.
Multiple vulnerabilities such as Improper Authentication, and Path Traversal have been
discovered in Yokogawa's Equipment- CENTUM. Successful exploitation of these vulnerabilities
could allow a remote unauthenticated attacker to send tampered communication packets or
create/overwrite any file and run any commands.
It has been discovered that an arbitrary script may be executed on the user's web browser,
and when accessing a specially crafted URL, the user may be redirected to an arbitrary
website. As a result, the user may become a victim of a phishing attack. The affected
versions are CyberMail Ver.6.x, and CyberMail Ver.7.x.
Multiple vulnerabilities such as Improper Authorization, Cross site scripting, Unrestricted
Upload of File with Dangerous Type, Cross-site request forgery, Privilege escalation
vulnerability, and Unprotected Storage of Credentials have been discovered in Data Loss
Prevention for Mac agent and Data Loss Prevention ePO extension of McAfee.
Apple has released security updates to address vulnerabilities in iCloud for Windows 7.20
(for Windows 7 and later) and 11.3 (for Windows 10 and later). An attacker could exploit
some of these vulnerabilities to take control of an affected system.
Google has released Chrome version 84.0.4147.125 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system.
LibVNCServer is a C library that enables you to implement VNC server functionality into own
programs. A websocket decoding buffer overflow vulnerability has been discovered in
libvncserver. An update for libvncserver is now available for Red Hat Enterprise Linux 8.
It has been discovered that Network Security Service (NSS) incorrectly handled certain
signatures. An attacker could possibly use this vulnerability to expose sensitive
information.
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System
(DNS) protocols. It has been discovered that BIND does not sufficiently limit the number of
fetches performed when processing referrals and a logic error in code which checks TSIG
validity can be used to trigger an assertion failure in tsig.c. An update for bind is now
available for Red Hat Enterprise Linux 6.6 Advanced Update Support.
Samba is a SMB/CIFS file, print, and login server for Unix. It has been discovered that
Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT server. A
remote attacker could possibly use this vulnerability to cause Samba to crash, resulting in
a denial of service.
It has been discovered that ruby-kramdown processes the template option inside Kramdown
documents by default, which allows unintended read access or unintended embedded Ruby code
execution. It is recommended to upgrade the ruby-kramdown packages.
Post-authentication command injection vulnerability has been discovered in the User Portal
of Sophos XG Firewall. The affected versions are Sophos XG Firewall v18.0 MR1-Build396 and
older and Sophos XG Firewall v17.5 MR12 and older. It is recommended to upgrade the XG
Firewall to SFOS v18.
Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to
address the challenges of managing virtual environments. Multiple vulnerabilities have been
discovered in CloudForms. An update is now available for CloudForms Management Engine 5.11.
Multiple vulnerabilities have been discovered in firejail, a sandbox program to restrict the
running environment of untrusted applications. It is recommended to upgrade the firejail
packages.
Multiple vulnerabilities such as Out-of-bounds Read, Stack-based Buffer Overflow, Heap-based
Buffer Overflow, Write-what-where Condition, and Improper Input Validation have been
discovered in Delta Electronics' Equipment- TPEditor. Successful exploitation of these
vulnerabilities could allow an attacker to read/modify information, execute arbitrary code,
and/or crash the application.
OS Command Injection vulnerability has been discovered in Geutebrück's Equipment- G-Cam and
G-Code. Successful exploitation of this vulnerability could allow remote code execution as
root.
Exposure of Sensitive Information Through Sent Data vulnerability has been discovered in
Multiple Trailer and Brake Manufacturers' Equipment- Power Line Communications Bus /
PLC4TRUCKS / J2497. Successful exploitation of these vulnerabilities could make it possible
to read PLC signals using active antennas reliably at 6 feet and up to 8 feet away, subject
to environmental conditions.
A vulnerability has been discovered in the SUBSCRIBE method of UPnP, a network protocol for
devices to automatically discover and communicate with each other. Insuficient checks on
this method allowed attackers to use vulnerable UPnP services for DoS attacks or possibly to
bypass firewalls. It is recommended to upgrade the gupnp packages.
Multiple vulnerabilities such as Heap-based Buffer Overflow, Out-of-bounds Read,
Out-of-bounds Write, Type Confusion, Stack-based Buffer Overflow, and Double Free have been
discovered in Advantech's Equipment- WebAccess HMI Designer. Successful exploitation of
these vulnerabilities could allow an attacker to read/modify information, execute arbitrary
code, and/or crash the application.
Multiple vulnerabilities have been discovered in GitLab. GitLab has released versions
13.2.3, 13.1.6 and 13.0.12 for GitLab Community Edition (CE) and Enterprise Edition (EE).
These versions contain important security fixes, and it is strongly recommended that all
GitLab installations be upgraded to one of these versions immediately.
Multiple vulnerabilities such as Use of Hard-Coded Credentials, Origin Validation Error,
Missing Authentication for Critical Function, and Authentication Bypass Using an Alternate
Path of Channel have been discovered in temi, a teleconference robot produced by Robotemi
Global Ltd. These vulnerabilities could be used by a malicious actor to spy on temi’s video
calls, intercept calls intended for another user, and even remotely operate temi – all with
zero authentication.
Cisco has released security updates to address vulnerabilities affecting multiple products.
An unauthenticated, remote attacker could exploit some of these vulnerabilities to take
control of an affected system.
Multiple vulnerabilities have been discovered and fixed in MySQL. The new upstream version
changed compiler options and caused a regression in certain scenarios. These vulnerabilities
have been fixed in the updated version of MySQL 8.0.21 and MySQL 5.7.31.
An integer overflow vulnerability has been discovered in the json-c JSON library, which
could result in denial of service or potentially the execution of arbitrary code if large
malformed JSON files are processed. It is recommended to upgrade the json-c packages.
Multiple vulnerabilities have been discovered in the IBM SDK, Java Technology Edition that
is shipped with IBM WebSphere Application Server. These vulnerabilities might affect some
configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application
Server Liberty and IBM WebSphere Application Server Hypervisor Edition.
It has been discovered that libpcre in PCRE allows an integer overflow via a large number
after a (?C substring. An attacker may be able cause an integer overflow that negatively
impacts applications. The affected versions are PCRE before 8.44.
Multiple vulnerabilities such as Stack-based Buffer Overflow, Out-of-bounds Read, and Access
of Uninitialized Pointer have been discovered in Delta Electronics' Equipment- Industrial
Automation CNCSoft ScreenEditor. Successful exploitation of these vulnerabilities could
allow an attacker to read/modify information, execute arbitrary code, and/or crash the
application.
Multiple vulnerabilities such as Improper Handling of Length Parameter Inconsistency,
Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound,
Improper Null Termination, and Improper Access Control have been discovered in Treck Inc's
Equipment- TCP/IP. Successful exploitation of these vulnerabilities may allow remote code
execution or exposure of sensitive information.
It has been discovered that the libvirt package sets incorrect permissions on the UNIX
domain socket. A local attacker could use this vulnerability to access libvirt and escalate
privileges.
It has been discovered that that Point-to-Point Protocol (ppp) incorrectly handled module
loading. A local attacker could use this vulnerability to load arbitrary kernel modules and
possibly execute arbitrary code.
It has been discovered that Whoopsie incorrectly handled memory and parsing files. A local
attacker could use these vulnerabilities to cause Whoopsie to consume memory or crash,
resulting in a denial of service or possibly execute arbitrary code.
It has been discovered that Apport incorrectly dropped privileges when making certain D-Bus
calls, parsed configuration files, and implemented certain checks. A local attacker could
use these vulnerabilities to read arbitrary files, cause Apport to crash, escalate
privileges and run arbitrary code.
An integer overflows vulnerability exists in libX11, that could lead to heap corruption when
processing crafted messages from an input method. It is recommended to upgrade the libx11
packages.
A privilege escalation vulnerability has been discovered in Net-SNMP, a set of tools for
collecting and organising information about devices on computer networks, due to incorrect
symlink handling. It is recommended to upgrade the net-snmp packages.
kpatch-patch is a kernel live patch module which is automatically loaded by the RPM
post-install script to modify the code of a running kernel. Multiple vulnerabilities have
been discovered in kpatch's kernel. An update for kpatch-patch is now available for Red Hat
Enterprise Linux 8.1 Extended Update Support.
The Android Security Bulletin contains details of security vulnerabilities affecting Android
devices. Security patch levels of 2020-08-05 or later address all of these issues.
It has been spotted that Taidoor malware is being used in new attacks. The new Taidoor
samples have versions for 32- and 64-bit systems and are usually installed on a victim's
systems as a service dynamic link library (DLL). This DLL file, in turn, contains two other
files. The first file is a loader, which is started as a service. The loader decrypts the
second file, and executes it in memory, which is the main Remote Access Trojan (RAT).
The Android Security Bulletin contains details of security vulnerabilities affecting Android
devices. Security patch levels of 2020-08-05 or later address all of these issues.
It has been discovered that Atlassian FishEye allow remote attackers to view the HTTP
password of a repository via an information disclosure vulnerability in the logging feature.
The affected versions are Atlassian FishEye version < 4.8.3. The fixed versions are
Atlassian FishEye version 4.8.3 and 4.9.0.
It has been discovered that there was a potential cross-site scripting vulnerability via
iframe HTML elements in Zabbix, a PHP-based monitoring system. It is recommended to upgrade
the zabbix packages.
It has been discovered that Squid incorrectly handled caching certain requests, URN
requests, URL decoding, and input validation. A remote attacker could possibly use these
vulnerabilities to perform cache-injection attacks or gain access to reverse proxy features,
bypass access checks, bypass certain rule checks, and cause Squid to crash, resulting in a
denial of service respectively.
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System
(DNS) protocols. It has been discovered that BIND does not sufficiently limit the number of
fetches performed when processing referrals. An update for bind is now available for Red Hat
Enterprise Linux 7.7 Extended Update Support.
It has been discovered that SQLite incorrectly handled certain shadow tables, corrupt
records, and errors during parsing. An attacker could exploit these vulnerabilities to cause
SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.
It has been discovered that Ghostscript incorrectly handled certain PostScript files. If a
user or automated system were tricked into processing a specially crafted file, a remote
attacker could possibly use this issue to access arbitrary files, execute arbitrary code.
LibVNCServer is a C library that enables to implement VNC server functionality into own
programs. A websocket decoding buffer overflow vulnerability has been discovered that
libvncserver. An update for libvncserver is now available for Red Hat Enterprise Linux 7.
It has been discovered that SKYSEA Client View provided by Sky Co. LTD. is vulnerable to
privilege escalation. A user who can login to the PC where the product is installed may
obtain unauthorized privileges and modify/obtain sensitive information or perform unintended
operations. The affected products are SKYSEA Client View Version 12.200.12n to 15.210.05f.
It is recommended to apply the patch.
It has been discovered that Evolution Data Server has a vulnerability that allows a
malicious server to crash the mail client. It is recommended to upgrade the
evolution-data-server packages.
It has been discovered that in libopenmpt before 0.3.19 and 0.4.x before 0.4.9,
ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the
lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow. It
is recommended to upgrade the libopenmpt packages.
It has been discovered that `add_password` in pam_radius_auth.c in pam_radius 1.4.0 does not
correctly check the length of the input password, and is vulnerable to a stack-based buffer
overflow during memcpy(). An attacker could send a crafted password to an application
(loading the pam_radius library) and crash it. Arbitrary code execution might be possible,
depending on the application, C library, compiler, and other factors. It is recommended to
upgrade the libpam-radius-auth packages.
NETGEAR has released a fix for a pre-authentication command injection security vulnerability
in R8300. The affected versions are R8300 running firmware versions prior to 1.0.2.134.
It has been discovered that the Ark archive manager did not sanitize extraction paths, which
could result in maliciously crafted archives writing outside the extraction directory. It is
recommended to upgrade the ark packages.
Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation
Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and
Hitachi Ops Center.
Insertion of Sensitive Information into Log File vulnerability has been discovered in
Philips' Equipment- DreamMapper. Successful exploitation of this vulnerability could allow
an attacker access to the log file information containing descriptive error messages.
Multiple vulnerabilities such as XML external entity (XXE), and Caching routes have been
discovered in PgSQLXML and RootNode respectively of Quarkus. An update is now available for
Red Hat build of Quarkus.
It was discovered that there was an issue where kdepim-runtime would default to using
unencrypted POP3 communication despite the UI indicating that encryption was in use. It is
recommended to upgrade the kdepim-runtime packages.
Multiple vulnerabilities such as Use-After-Free, and Heap-based overflow have been
discovered in DaviewIndy. An attackers could exploit these vulnerabilities to cause
arbitrary code execution. It is recommended to update software over DaviewIndy 8.98.8
version or higher.
Missing Authorization vulnerability has been discovered in Inductive Automation's Equipment-
Ignition 8. Successful exploitation of this vulnerability could allow an attacker to gain
access to sensitive information.
Multiple vulnerabilities such as Permission Issues, Path Traversal, and Unquoted Search Path
or Element have been discovered in Mitsubishi Electric's Equipment- Multiple Factory
Automation Engineering Software products, Factory Automation products, and Factory
Automation Engineering products. Successful exploitation of this vulnerability may enable
the reading of arbitrary files, allow execution of a malicious binary, obtain unauthorized
information, tamper the information, and cause a denial-of-service condition.
Multiple vulnerabilities such as command injection, use-after-free, out-of-bounds read,
access issue, and cross site scripting have been discovered in WebKitGTK and WPE WebKit. The
affected versions are WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4.
It has been discovered that Toyota Motor's Global TechStream (GTS) contains a buffer
overflow vulnerability. An attacker may execute arbitrary code or cause a denial of service
(DoS) condition. The affected products are Global TechStream (GTS) for TOYOTA dealers
version 15.10.032 and earlier.
Multiple vulnerabilities have been discovered in Red Hat Process Automation Manager 7.7.1.
It is recommended to upgrade to Red Hat Process Automation Manager 7.8.0.
Cisco has released security updates to address vulnerabilities affecting multiple products.
An unauthenticated, remote attacker could exploit some of these vulnerabilities to take
control of an affected system.
openstack-tripleo-heat-templates is a collection of OpenStack Orchestration templates and
tools (codename heat), which can be used to help deploy OpenStack. It has been discovered
that there is no sVirt protection for OSP16 VMs due to disabled SELinux in
openstack-tripleo-heat-templates. An update for openstack-tripleo-heat-templates is now
available for Red Hat OpenStack Platform 16.1 (Train).
Multiple vulnerabilities such as arbitrary code execution, arithmetic overflow, heap-based
buffer overflow, and use-after-free have been discovered in the GRUB2 bootloader. It is
recommended to upgrade the grub2 packages.
It has been discovered that once an actor has infiltrated a network with Netwalker, a
combination of malicious programs may be executed to harvest administrator credentials,
steal valuable data, and encrypt user files. In order to encrypt the user files on a victim
network, the actors typically launch a malicious PowerShell script embedded with the
Netwalker ransomware executable. Two of the most common vulnerabilities exploited by actors
using Netwalker are Pulse Secure VPN (CVE-2019-11510) and Telerik UI (CVE-2019-18935).
Nagios Log Server is a popular Centralized Log Management, Monitoring, and Analysis software
that allows organisations to view, sort, and configure logs. It has been discovered that
Nagios Log Server version 2.1.6 was vulnerable to Stored XSS. An attacker (in this case, an
authenticated regular user) could exploit this vulnerability to execute malicious JavaScript
aimed to steal cookies, redirect users, perform arbitrary actions on the victim’s (in this
case, an admin’s) behalf, logging their keystroke and more. It is recommended to update the
application to the latest version.
Mozilla has released security updates to address vulnerabilities in Firefox 79, Firefox for
iOS 28, Firefox ESR, and Thunderbird. An attacker could exploit some of these
vulnerabilities to take control of an affected system.
Magento has released updates for Magento Commerce 2 (formerly known as Magento Enterprise
Edition) and Magento Open Source 2 (formerly known as Magento Community Edition). Successful
exploitation could lead to arbitrary code execution and signature verification bypass.
Multiple vulnerabilities such as Out-of-bounds Read, and Heap-based Buffer Overflow have
been discovered in Delta Electronics' Equipment- Delta Industrial Automation DOPSoft.
Successful exploitation of these vulnerabilities could allow an attacker to read/modify
information, execute arbitrary code, and/or crash the application.
luajit is a just in time compiler for Lua. It has been discovered that an out-of-bounds read
could happen if __gc handler frame traversal is mishandled. It is recommended to upgrade the
luajit packages.
Multiple vulnerabilities such as Heap-based Buffer Overflow, and Uncontrolled Resource
Consumption have been discovered in Softing Industrial Automation's Equipment- OPC.
Successful exploitation of these vulnerabilities could crash the device being accessed. A
buffer-overflow condition may also allow remote code execution.
Sympa is a modern mailing list manager. It has been discovered that Sympa incorrectly
handled HTTP GET/POST requests, URL parameters and environment variables. An attacker could
possibly use this issue to insert, edit or obtain sensitive information, perform XSS attacks
and gain root privileges respectively.
PostgreSQL is an advanced object-relational database management system. XML external entity
(XXE) vulnerability has been discovered in PgSQLXML of postgresql-jdbc. An update for
postgresql-jdbc is now available for Red Hat Enterprise Linux 8.
curl is a command line tool for transferring data with URL syntax. It has been discovered
that when using -J (--remote-header-name) and -i (--include) in the same command line, a
malicious server could force curl to overwrite the contents of local files with incoming
HTTP headers. It is recommended to upgrade the curl packages.
Multiple vulnerabilities have been discovered in salt, these vulnerabilities are related to
remote hackers bypassing authentication to execute arbitrary commands and getting
informations about files on the server. It is recommended to upgrade the salt packages.
Multiple vulnerabilities such as Improper Neutralization of Null Byte or NUL Character,
Off-by-one Error, Use of Hard-coded Credentials, and Use of Password Hash with Insufficient
Computational Effort have been discovered in Secomea's Equipment- GateManager. Successful
exploitation of these vulnerabilities could allow a remote attacker to gain remote code
execution on the device.
Google has released Chrome version 84.0.4147.105 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system.
It has been discovered that SQLite incorrectly handled query-flattener optimization. An
attacker could use this vulnerability to cause SQLite to crash, resulting in a denial of
service, or possibly execute arbitrary code.
It has been discovered that libslirp incorrectly handled replying to certain ICMP echo
requests. A remote attacker could possibly use this issue to cause libslirp to crash,
resulting in a denial of service.
It has been discovered that librsvg incorrectly handled parsing certain SVG files with
nested patterns. A remote attacker could possibly use these vulnerabilities to cause librsvg
to consume resources or crash, resulting in a denial of service.
Multiple vulnerabilities such as Heap-based buffer overflow, Stack-based buffer overflow,
and Use-after-free have been fixed in MilkyTracker, a music tracker for composing music in
the MOD and XM module file formats. It is recommended to upgrade the milkytracker packages.
Multiple vulnerabilities have been discovered and resolved in Pulse Connect Secure and Pulse
Policy Secure. It is recommended to upgrade the Pulse Connect Secure and Pulse Policy Secure
server software version to the 9.1R8.
It has been discovered that the IBM QRadar Advisor with Watson App for IBM QRadar SIEM does
not adequately mask all passwords during input, which could be obtained by a physical
attacker nearby. The affected versions are Qradar Advisor 1.1 - 2.5.2. It is recommended to
update to 2.5.3.
Multiple vulnerabilities have been discovered in Poppler, a PDF rendering library, that
could lead to denial of service or possibly other unspecified impact when processing
maliciously crafted documents. It is recommended to upgrade the poppler packages.
It has been discovered that Pillow incorrectly handled certain image files. If a user or
automated system were tricked into opening a specially-crafted image file, a remote attacker
could possibly cause Pillow to crash, resulting in a denial of service.
It has been discovered that there is an improper authorization vulnerability in several
Huawei smartphones. The software does not properly restrict certain operation in certain
scenario, the attacker should do certain configuration before the user turns on student mode
function. Successful exploitation could allow the attacker to bypass the limit of student
mode function. The affected products are HUAWEI Mate 20 versions earlier than
10.1.0.160(C00E160R3P8).
The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by
keeping track of users and their permitted activities. It has been discovered that EC2 and
credential endpoints are not protected from a scoped context and Credentials endpoint policy
logic allows changing credential owner and target project ID. An update for
openstack-keystone is now available for Red Hat OpenStack Platform 10 (Newton).
It has been discovered that IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to
cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in
the Web UI thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the
OpenJDK 8 Java Software Development Kit. Multiple vulnerabilities have been discovered in
openjdk. An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.0
Update Services for SAP Solutions.
It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data,
incorrectly handled sscanf failures, WEBM files, AVI files, JPEG files, M3U8 files. An
attacker could possibly use these issues to cause denial of service, obtain sensitive data
or other unspecified impact.
A vulnerability has been discovered in the web services interface of Cisco Adaptive Security
Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software that could allow
an unauthenticated, remote attacker to conduct directory traversal attacks and read
sensitive files on a targeted system.
It has been discovered that when a specific response header has a value that is too long,
Jetty will throw an exception to produce an HTTP 431 error. When this happens, the
ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool
twice. This may lead to disclosure of sensitive data. The affected versions are
9.4.27.v20200227, 9.4.28.v20200408, and 9.4.29.v20200521.
Adobe has released security updates to address vulnerabilities in multiple Adobe products.
An attacker could exploit some of these vulnerabilities to take control of an affected
system.
A vulnerability has been discovered in the automatic update service of Citrix Workspace app
for Windows that could result in a local user escalating their privilege level to that of an
administrator on the computer running Citrix Workspace app for Windows and a remote
compromise of the computer running Citrix Workspace app when Windows file sharing (SMB) is
enabled. The affected versions are Citrix Workspace app for Windows 1912 LTSR and Citrix
Workspace app for Windows 2002.
Multiple vulnerabilities such as Improper Handling of Length Parameter Inconsistency,
Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound,
Improper Null Termination, and Improper Access Control have been discovered in Treck Inc.'s
Equipment- TCP/IP. Successful exploitation of these vulnerabilities may allow remote code
execution or exposure of sensitive information.
fast-http is a library that allows you to create a tiny web server. It has been discovered
that the fast-http packages are vulnerable to Directory Traversal. There is no path
sanitization in the path provided at fs.readFile in index.js.
Uvicorn is a lightning-fast ASGI server. It has been discovered that Uvicorn's
implementation of the HTTP protocol for the httptools parser is vulnerable to HTTP response
splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can
exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary
response body, whenever crafted input is used to construct HTTP headers.
Multiple vulnerabilities such as SQL injection and cross-site scripting have been discovered
in SAINT. An attacker would need an account on the SAINT system in order to exploit the SQL
injection vulnerabilities. An authenticated SAINT user would need to click on a malicious
link or button provided by an attacker in order for the cross-site scripting vulnerabilities
to be exploited. It is recommended to upgrade to SAINT 9.8.21 or higher.
Mozilla has released a security update to address multiple vulnerabilities in Thunderbird.
An attacker could exploit some of these vulnerabilities to take control of an affected
system.
An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when DLL
files are allowed to download without prompting additional warning to the user. An attacker
who successfully exploited this vulnerability could drop the DLL files on the users Download
folder (or equivalent) and gain elevated privileges.
Stack-based Buffer Overflow vulnerability has been discovered in HMS Industrial Networks
AB's Equipment- eCatcher. Successful exploitation of this vulnerability could crash the
device being accessed. In addition, a buffer overflow condition may allow remote code
execution with highest privileges.
It has been discovered that IBM Verify Gateway (IVG) uses an inadequate account lockout
setting that could allow a remote attacker to brute force account credentials. The affected
versions of IBM Verify Gateway are RADIUS 1.0.0, PAM 1.0.0, 1.0.1 and WinLogin 1.0.0, 1.0.1.
Cisco has released security updates to address vulnerabilities affecting multiple products.
An unauthenticated, remote attacker could exploit some of these vulnerabilities to take
control of an affected system.
Apple has released security updates to address vulnerabilities in multiple products. An
attacker could exploit some of these vulnerabilities to take control of an affected system.
Protection Mechanism Failure vulnerability has been discovered in Capsule Technologies'
Equipment- SmartLinx Neuron 2. Successful exploitation of this vulnerability could provide
an attacker with full control of a trusted device on a hospital’s internal network.
Multiple vulnerabilities have been discovered in multiple products of Siemens. A remote
attacker could exploit some of these vulnerabilities to take control of an affected system.
Adobe has released security updates to address vulnerabilities in multiple Adobe products.
An attacker could exploit some of these vulnerabilities to take control of an affected
system.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A
remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
A remote code execution vulnerability exists in Windows Domain Name System servers when they
fail to properly handle requests. An attacker who successfully exploited the vulnerability
could run arbitrary code in the context of the Local System Account. Windows servers that
are configured as DNS servers are at risk from this vulnerability.
Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system.
Oracle has released its Critical Patch Update for July 2020 to address 433 vulnerabilities
across multiple products. A remote attacker could exploit some of these vulnerabilities to
take control of an affected system.
The Apache Software Foundation has released security advisories to address multiple
vulnerabilities in Apache Tomcat. An attacker could exploit these vulnerabilities to cause a
denial-of-service condition.
Protection Mechanism Failure vulnerability has been discovered in Capsule Technologies'
Equipment- SmartLinx Neuron 2. Successful exploitation of this vulnerability could provide
an attacker with full control of a trusted device on a hospital’s internal network.
It has been discovered that multiple vulnerabilities in Java affects the IBM FlashSystem
900. An unspecified vulnerability in Java SE could allow an unauthenticated attacker to
cause no confidentiality impact, high integrity impact, no availability impact, and a
concurrency component could allow an unauthenticated attacker to cause a denial of service
resulting in a low availability impact using unknown attack vectors.
Multiple vulnerabilities such as denial of service, XML External Entity Injection,
cross-site scripting, command injection, and out-of-bound vulnerabilities have been
discovered in IBM QRadar SIEM.
It has been discovered that Netty before 4.1.42.Final mishandles whitespace before the colon
in HTTP headers, which leads to HTTP request smuggling and Netty 4.1.43.Final allows HTTP
Request Smuggling because it mishandles Transfer-Encoding whitespace and a later
Content-Length header. These vulnerabilities result in HTTP request smuggling. When
malformed or abnormal HTTP requests are interpreted, the system can interpret them
inconsistently, allowing the attacker to 'smuggle' a request to one device while the other
device is unaware of it.
jbig2dec is a decoder implementation of the JBIG2 image compression format. A heap-based
buffer overflow vulnerability has been discovered in jbig2_image_compose in jbig2_image.c.
An update for jbig2dec is now available for Red Hat Enterprise Linux 8.
D-Bus is a system for sending messages between applications. A denial of service via file
descriptor leak has been discovered in dbus. An update for dbus is now available for Red Hat
Enterprise Linux 7.
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with
security in mind. It has been discovered that malformed NOOP commands leads to DoS in
dovecot. An update for dovecot is now available for Red Hat Enterprise Linux 8.
Multiple vulnerabilities such as denial of service, heap-based buffer overflow, and
use-after-free have been discovered in openjpeg2. It is recommended to upgrade the openjpeg2
packages.
It has been discovered that /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary
Content Injection and GNU Mailman before 2.1.33 allows arbitrary content injection via the
Cgi/private.py private archive login page. It is recommended to upgrade the mailman
packages.
It has been discovered that there exists a directory traversal vulnerability in rack <
2.2.0 that allows an attacker to perform directory traversal vulnerability in the
Rack::Directory app which could result in information disclosure and reliance on cookies
without validation/integrity check security vulnerability exists in rack < 2.2.3, rack
< 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie
prefix.
Multiple vulnerabilities such as Server Side Request Forgery and Cross-site Scripting have
been discovered in Hitachi Ops Center Analyzer viewpoint and Hitachi Infrastructure
Analytics Advisor/Hitachi Ops Center Analyzer respectively. The affected products are
Hitachi Ops Center Analyzer viewpoint version 10.0.0-00 or more and less than 10.3.0-00,
Hitachi Infrastructure Analytics Advisor 2.0.0-00 or more and less than 10.3.0-00 and
Hitachi Ops Center Analyzer 10.0.0-00 or more and less than 10.3.0-00.
It has been discovered that the affected versions of Atlassian Jira Server and Data Center
allow remote attackers to view titles of a private project via an Insecure Direct Object
References (IDOR) vulnerability in the Administration Permission Helper. The affected
versions are version < 7.13.16, 8.0.0 ≤ version < 8.5.7, 8.6.0 ≤ version < 8.9.2,
and 8.10.0 ≤ version < 8.10.1.
Juniper Networks has released security updates to address vulnerabilities affecting multiple
products. An attacker could exploit some of these vulnerabilities to take control of an
affected system.
Improper Restriction of XML External Entity Reference vulnerability has been discovered in
Rockwell Automation's Equipment- Logix Designer Studio 5000. Successful exploitation of this
vulnerability could allow an unauthenticated attacker to craft a malicious file, which when
parsed, could lead to some information disclosure of hostnames or other resources from the
program.
VMware Fusion, VMRC for Mac and Horizon Client for Mac contain a privilege escalation
vulnerability due to improper XPC Client validation. Successful exploitation of this issue
may allow attackers with normal user privileges to escalate their privileges to root on the
system where Fusion, VMRC for Mac or Horizon Client for Mac is installed.
It has been discovered that there was a possible signature verification issue in firmware
update daemon library fwupd as the return value of gpgme_op_verify_result was not being
checked. It is recommended to upgrade the fwupd packages.
It has been discovered that an OS Command Injection vulnerability in the PAN-OS
GlobalProtect portal allows an unauthenticated network-based attacker to execute arbitrary
OS commands with root privileges. An attacker would require some level of specific
information about the configuration of an impacted firewall or perform brute-force attacks
to exploit this issue.
It has been discovered that Carbon Black Response application add on to IBM QRadar SIEM is
vulnerable to cross site scripting. This vulnerability allows users to embed arbitrary
JavaScript code in the Web UI thus altering the intended functionality potentially leading
to credentials disclosure within a trusted session. The affected versions are Carbon Black
Response 1.0.1 - 1.3.0.
libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2)
protocol in C. It has been discovered that an overly large SETTINGS frames in nghttp2 can
lead to DoS. An update for nghttp2 is now available for Red Hat Enterprise Linux 8.0 Update
Services for SAP Solutions.
An SQL-injection vulnerability has been discovered in VeloCloud. The VeloCloud Orchestrator
does not apply correct input validation which allows for blind SQL-injection. A malicious
actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries
and obtain data to which they are not privileged.
Multiple vulnerabilities have been discovered in Citrix ADC, Citrix Gateway and Citrix
SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These
vulnerabilities, if exploited, could result in a number of security issues. It is
recommended to update to the required versions of Citrix ADC, Citrix Gateway and Citrix
SD-WAN WANOP.
Multiple vulnerabilities such as Missing Authentication for Critical Function, and
Unprotected Storage of Credentials have been discovered in Grundfos Pumps Corporation's
Equipment- CIM 500. Successful exploitation of these vulnerabilities could allow access to
cleartext credential data.
The Android Security Bulletin contains details of security vulnerabilities affecting Android
devices. Security patch levels of 2020-07-05 or later address all of these issues.
Multiple vulnerabilities such as Improper Restriction of Operations within the Bounds of a
Memory Buffer, Session Fixation, NULL Pointer Dereference, Improper Access Control, Argument
Injection, and Resource Management Errors have been discovered in Mitsubishi Electric's
Equipment- GOT2000 Series. Successful exploitation of these vulnerabilities could allow a
remote attacker to cause a denial-of-service condition or remote code execution.
Multiple vulnerabilities such as Stack-based Buffer Overflow, and Out-of-Bounds Read have
been discovered in Phoenix Contact's Equipment- Automation Worx Software Suite. Successful
exploitation could allow an attacker to execute arbitrary code under the privileges of the
application.
Samba has released security updates to address vulnerabilities in multiple versions of
Samba. An attacker could exploit some of these vulnerabilities to take control of an
affected system.
Cross-site Scripting vulnerability has been discovered in ABB's Equipment- System 800xA
Information Manager. Successful exploitation of this vulnerability could allow an attacker
to inject and execute arbitrary code on the information manager server.
Multiple vulnerabilities such as Path Traversal, Command Injection, Unrestricted Upload of
File with Dangerous Type, Cross-site Request Forgery, and Improper Authentication have been
discovered in Nortek's Equipment- Linear eMerge 50P/5000P. Successful exploitation of these
vulnerabilities could allow a remote attacker to gain full system access.
Multiple vulnerabilities have been discovered in OpenClinic GA's Equipment- OpenClinic GA.
Successful exploitation of these vulnerabilities could allow an attacker to bypass
authentication, discover restricted information, view/manipulate restricted database
information, and/or execute malicious code.
It has been discovered that Docker, a Linux container runtime, created network bridges which
by default accept IPv6 router advertisements. This could allow an attacker with the
CAP_NET_RAW capability in a container to spoof router advertisements, resulting in
information disclosure or denial of service. It is recommended to upgrade the docker.io
packages.
It has been discovered that Apache Guacamole 1.1.0 and older may mishandle pointers involved
in processing data received via RDP static virtual channels. If a user connects to a
malicious or compromised RDP server, a series of specially-crafted PDUs could result in
memory corruption, possibly allowing arbitrary code to be executed with the privileges of
the running guacd process. It is recommended to upgrade from Apache Guacamole 1.1.0 to
1.2.0.
Cisco has released security updates to address vulnerabilities in multiple products. A
remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
It has been discovered that the Traffic Management User Interface (TMUI), also referred to
as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed
pages. An attacker could exploit this vulnerability to take control of an affected system.
Multiple vulnerabilities such as Out-of-bounds Read, and Heap-based Buffer Overflow have
been discovered in Delta Electronics' Equipment- Delta Industrial Automation DOPSoft.
Successful exploitation of these vulnerabilities could allow an attacker to read/modify
information, execute arbitrary code, and/or crash the application.
Multiple vulnerabilities such as Improper Restriction of XML External Entity Reference and
Uncontrolled Resource Consumption have been discovered in Mitsubishi Electric's Equipment-
Factory Automation Engineering Software Products. Successful exploitation of these
vulnerabilities could allow a local attacker to send files outside of the system as well as
cause a denial-of-service condition.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR,
and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of
an affected system.
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs
Library handles objects in memory. An attacker who successfully exploited this vulnerability
could obtain information to further compromise the user’s system.
It has been discovered that when Security Assertion Markup Language (SAML) authentication is
enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked),
improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated
network-based attacker to access protected resources. The attacker must have network access
to the vulnerable server to exploit this vulnerability. This vulnerability affects PAN-OS
9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9;
PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). This
issue does not affect PAN-OS 7.1.
It has been discovered that glib-networking skipped hostname certificate verification if the
application failed to specify the server identity. A remote attacker could use this to
perform a person-in-the-middle attack and expose sensitive information.
It has been discovered that glib-networking skipped hostname certificate verification if the
application failed to specify the server identity. A remote attacker could use this to
perform a person-in-the-middle attack and expose sensitive information.
Multiple vulnerabilities have been fixed in zziplib, a library providing read access on
ZIP-archives. They are basically all related to invalid memory access and resulting crash or
memory leak. It is recommended to upgrade the zziplib packages.
It has been discovered that pngquant, a PNG (Portable Network Graphics) image optimising
utility, is susceptible to a buffer overflow write issue triggered by a maliciously crafted
png image, which could lead into denial of service or other issues. It is recommended to
upgrade the pngquant packages.
It has been discovered that libtiprc, a transport-independent RPC library, could be used for
a denial of service or possibly unspecified other impact by a stack-based buffer overflow
due to a flood of crafted ICMP and UDP packets. It is recommended to upgrade the libtirpc
packages.
A vulnerability has been discovered in Libtasn1, a library to manage ASN.1 structures,
allowing a remote attacker to cause a denial of service against an application using the
Libtasn1 library. It is recommended to upgrade the libtasn1-6 packages.
It has been discovered that there was a "roster push attack" in mcabber, a console-based
Jabber (XMPP) client. This is identical to CVE-2015-8688 for gajim. It is recommended to
upgrade the mcabber packages.
It has been discovered that there was a command injection vulnerability in picocom, a
minimal dumb-terminal emulation program. It is recommended to upgrade the picocom packages.
It has been discovered that a specially crafted sequence of HTTP/2 requests could trigger
high CPU usage for several seconds. If a sufficient number of such requests were made on
concurrent HTTP/2 connections, the server could become unresponsive. An attacker could
exploit this vulnerability to cause a denial-of-service condition. The affected versions are
Apache Tomcat 8.5.0 to 8.5.55, 9.0.0.M1 to 9.0.35 and 10.0.0-M1 to 10.0.0-M5.
Multiple vulnerabilities such as Cleartext Transmission of Sensitive Information,
Uncontrolled Resource Consumption, Hidden Functionality, and Improper Access Control have
been discovered in Schneider Electric's Equipment- Triconex TriStation and Triconex Tricon
Communication Module. Successful exploitation of these vulnerabilities may allow an attacker
to view clear text data on the network, cause a denial-of-service condition, or allow
improper access.
It has been discovered that there was an out-of-bounds access vulnerability in the
server-server protocol in the ngircd Internet Relay Chat (IRC) server. It is recommended to
upgrade the ngircd packages.
It has been discovered that there was a vulnerability in lynis, a security auditing tool.
The license key could be obtained by simple observation of the process list when a data
upload is being performed. It is recommended to upgrade the lynis packages.
Multiple vulnerabilities such as Improper Authentication, Cleartext Transmission of
Sensitive Information, Missing Encryption of Sensitive Data, and Storing Passwords in a
Recoverable Format have been discovered in BIOTRONIK's Equipment- CardioMessenger II-S
T-Line and CardioMessenger II-S GSM. Successful exploitation of these vulnerabilities could
allow an attacker with physical access to the CardioMessenger to obtain sensitive data,
obtain transmitted medical data from implanted cardiac devices with the implant’s serial
number or impact Cardio Messenger II product functionality. Successful exploitation of these
vulnerabilities could allow an attacker with adjacent access to influence communications
between the Home Monitoring Unit (HMU) and the Access Point Name (APN) gateway network.
Multiple vulnerabilities have been discovered in Baxter's Equipment- Baxter ExactaMix EM
2400 & EM 1200, Phoenix Hemodialysis Delivery System, PrismaFlex and PrisMax, and Sigma
Spectrum Infusion Pumps. Successful exploitation of these vulnerabilities could allow an
attacker to take control of an affected system.
Multiple vulnerabilities have been discovered in Mitsubishi Electric's Equipment- MC Works64
and MC Works32. Successful exploitation of these vulnerabilities may allow remote code
execution, a denial-of-service condition, information disclosure, or information tampering.
Improper Verification of Cryptographic Signature vulnerability has been discovered in
Johnson Controls' Equipment- exacqVision. Successful exploitation of this vulnerability
could allow an attacker with administrative privileges to potentially download and run a
malicious executable that could allow the execution of operating system commands on the
system.
Multiple vulnerabilities such as Improper Handling of Length Parameter Inconsistency,
Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound,
Improper Null Termination, and Improper Access Control have been discovered in Treck Inc's
Equipment- TCP/IP. Successful exploitation of these vulnerabilities may allow remote code
execution or exposure of sensitive information.
Multiple vulnerabilities such as Improper Input Validation, Improper Restriction of
Operations Within The Bounds of a Memory Buffer, Permissions, Privileges, and Access
Controls, and Exposure of Sensitive Information to an Unauthorized Actor have been
discovered in Rockwell Automation's Equipment- FactoryTalk View SE. Successful exploitation
of these vulnerabilities may allow a remote authenticated attacker to manipulate data of
affected devices.
Improper Input Validation vulnerability has been discovered in Rockwell Automation's
Equipment- FactoryTalk Services Platform. Successful exploitation of this vulnerability
could allow an unauthenticated attacker to execute remote COM objects with elevated
privileges.
Multiple vulnerabilities such as buffer overflow or memory corruption have been discovered
in ICONICS' Equipment- GENESIS64 and GENESIS32. Successful exploitation of these
vulnerabilities may allow remote code execution or denial of service.
Improper Access Control vulnerability has been discovered in McAfee Advanced Threat Defense
(ATD) prior to 4.10.0 that allows local users to view sensitive files via a carefully
crafted HTTP request parameter. It is recommended to upgrade to Advanced Threat Defense
(ATD) 4.10.0.
It has been discovered that VMware Tools for macOS contains a denial-of-service
vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation
of this issue may allow attackers with non-admin privileges on guest macOS virtual machines
to create a denial-of-service condition on their own VMs.
Drupal has released security updates to address multiple vulnerabilities such as Access
bypass, Arbitrary PHP code execution and Cross Site Request Forgery affecting Drupal 7, 8.8,
8.9, and 9.0. A remote attacker could exploit one of these vulnerabilities to take control
of an affected system.
Multiple vulnerabilities have been discovered affecting multiple versions of ISC Berkeley
Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause
a denial-of-service condition. The affected versions are BIND 9.16.0 to 9.16.3, BIND 9.11.14
to 9.11.19, BIND 9.14.9 to 9.14.12, BIND 9.16.0 to 9.16.3 and versions 9.11.14-S1 to
9.11.19-S1 of BIND Supported Preview Edition.
Cisco has released security updates to address vulnerabilities affecting multiple products.
A remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
It has been discovered that an elevation of privilege vulnerability exists in Windows 10
version 1903 when the Windows Spatial Data Service improperly handles objects in memory. An
attacker could exploit the vulnerability to overwrite or modify a protected file leading to
a privilege escalation.
Adobe has released security updates to address vulnerabilities in multiple products. An
attacker could exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that an untrusted search patch vulnerability exists in Trend Micro
Security 2020 that could allow an attacker to run arbitrary code on a vulnerable system. The
affected versions are Premium Security 2020 for Windows v16.0.1146 and earlier, Maximum
Security 2020 for Windows v16.0.1146 and earlier, Internet Security 2020 for Windows
v16.0.1146 and earlier, and Antivirus+ 2020 for Windows v16.0.1146 and earlier. It is
recommended to upgrade all Trend Micro Security 2020 versions to v16.0.1373.
Google has released Chrome version 83.0.4103.106 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system.
A Path Traversal vulnerability has been discovered in Hitachi Automation Director and
Hitachi Ops Center Automator. The affected versions are Hitachi Automation Director 8.1.1-00
or more and less than 10.1.1-00 (Windows), Hitachi Automation Director 8.2.0-00 or more and
less than 10.1.1-00 (Linux) and Hitachi Ops Center Automator 10.0.0-00 or more and less than
10.1.0-00 (Windows, Linux). It is recommended to upgrade to the appropriate version.
Multiple vulnerabilities have been discovered in Citrix Workspace app and Receiver for
Windows that could result in a local user escalating their privilege level to administrator
during the uninstallation process. These vulnerabilities do not affect Citrix Workspace app
and Receiver on any other platforms.
It has been discovered that unencrypted user credentials were stored in transaction logs in
Philips' Equipment- IntelliBridge Enterprise (IBE) system. Successful exploitation of this
vulnerability may allow an existing administrator and/or high privileged system user access
to credentials to the hospital’s clinical information systems.
Multiple vulnerabilities such as Improper Input Validation, Path Traversal, and Unrestricted
Upload of File with Dangerous Type have been discovered in Rockwell Automation's Equipment-
FactoryTalk Linx Software. Successful exploitation of these vulnerabilities could allow an
attacker to cause a denial-of-service condition, obtain remote code execution, and read
sensitive information.
Cross-site Scripting vulnerability has been discovered in OSIsoft's Equipment- PI Web API
2019. Successful exploitation of this vulnerability could allow a remote authenticated
attacker with write access to a PI Server to trick a user into interacting with a PI Web API
endpoint that executes arbitrary JavaScript in the user’s browser, resulting in view,
modification, or deletion of data as allowed for by the victim’s user permissions.
It has been discovered that roundcube, a skinnable AJAX based webmail solution for IMAP
servers, did not correctly process and sanitize requests. This would allow a remote attacker
to perform a Cross-Side Scripting (XSS) attack leading to the execution of arbitrary code.
It is recommended to upgrade the roundcube packages.
It has been discovered that PHPMailer before 6.1.6 contains an output escaping bug when the
name of a file attachment contains a double quote character. This can result in the file
type being misinterpreted by the receiver or any mail relay processing the message. It is
recommended to upgrade the libphp-phpmailer packages.
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on
the WildFly application runtime. Multiple vulnerabilities have been discovered in Red Hat
JBoss Enterprise Application Platform 7.3.0. An update is now available for Red Hat JBoss
Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8 that includes bug fixes
and enhancements.
Expat is a C library for parsing XML documents. An Integer overflow leading to buffer
overflow in XML_GetBuffer() of expat has been discovered. An update for expat is now
available for Red Hat Enterprise Linux 7.7 Extended Update Support.
WordPress 5.4.1 and prior versions are affected by multiple vulnerabilities. An attacker
could exploit some of these vulnerabilities to take control of an affected website. It is
recommended to upgrade to WordPress 5.4.2.
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync
utilities. Unsafe Object Creation vulnerability in JSON has been discovered. An update for
pcs is now available for Red Hat Enterprise Linux 8.
Potential security vulnerabilities in Intel Converged Security and Manageability Engine
(CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel
Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Dynamic
Application Loader (DAL) may allow escalation of privilege, denial of service or information
disclosure. Intel recommends that users of Intel CSME, Intel SPS, Intel TXE, Intel AMT,
Intel ISM and Intel DAL update to the latest versions provided by the system manufacturer
that address these issues.
A privilege escalation vulnerability affecting VMware Horizon Client for Windows has been
discovered. A local user on the system where the software is installed may exploit this
vulnerability to run commands as any user.
Adobe has released security updates to address vulnerabilities in Flash Player, Experience
Manager, and Framemaker. An attacker could exploit some of these vulnerabilities to take
control of an affected system.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An
attacker could exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities such as Improper Input Validation, and Use of Hard Coded
Credentials have been discovered in Philips' Equipment- PageWriter TC10, TC20, TC30, TC50,
and TC70 Cardiographs. Successful exploitation of these vulnerabilities could allow buffer
overflows, or allow an attacker to access and modify settings on the device.
Multiple vulnerabilities have been discovered in multiple Siemens' Equipments. An attacker
could exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities such as Uncontrolled Search Path Element, Improper Verification of
Cryptographic Signature, Incorrect Default Permissions, Uncaught Exception, Null Pointer
Dereference, Improper Input Validation, Cross-site Scripting, and Insertion of Sensitive
Information into Log File have been discovered in OSIsoft's Equipment- PI System. Successful
exploitation of these vulnerabilities could allow an attacker to access unauthorized
information, delete or modify local processes, and crash the affected device.
Resource Exhaustion vulnerability has been discovered in Mitsubishi Electric's Equipment-
MELSEC iQ-R series. Successful exploitation of this vulnerability could cause the Ethernet
port to enter a denial-of-service condition.
Stack-based Buffer Overflow vulnerability has been discovered in Advantech's Equipment-
WebAccess Node. Successful exploitation of this vulnerability could crash the application
being accessed; a buffer overflow condition may allow remote code execution.
The Universal Plug and Play (UPnP) protocol in effect prior to April 17, 2020 can be abused
to send traffic to arbitrary destinations using SUBSCRIBE functionality, leading to
amplified DDoS attacks and data exfiltration.
It has been discovered that the BCC recipients are visible in article detail on external
interface. This information disclosure vulnerability affects OTRS 7.0.17 and prior versions,
and OTRS 8.0.3 and prior versions. It is recommended to upgrade to OTRS 7.0.18 or OTRS
8.0.4.
It has been discovered that the `ippReadIO` function may under-read an extension field and
there was a heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c. It is
recommended to upgrade the cups packages.
A vulnerability has been discovered in graphicsmagick, a collection of image processing
tools, that results in a heap buffer overwrite when magnifying MNG images. It is recommended
to upgrade the graphicsmagick packages.
Multiple vulnerabilities have been discovered in Node.js, which could result in denial of
service and potentially the execution of arbitrary code. It is recommended to upgrade the
nodejs packages.
It has been discovered that there was a file descriptor leak in the D-Bus message bus. An
unprivileged local attacker could use this to attack the system DBus daemon, leading to
denial of service for all users of the machine. It is recommended to upgrade the dbus
packages.
It has been discovered that a vulnerability in the improper handling of symbolic links in
Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file,
and restore it to a privileged location. This issue affects Bitdefender Antivirus Free
versions prior to 1.0.17.178. An automatic update to Bitdefender Antivirus Free version
1.0.17.178 or newer fixes this vulnerability.
It has been discovered that the Management Console is vulnerable to a XXE attack when adding
and updating a Lifecycle. The XXE attacks can affect any trusted system respective to the
machine where the parser is located. This attack may result in disclosing local files,
denial of service, server-side request forgery, port scanning and other system impacts on
affected systems.
WinGate is a sophisticated integrated Internet gateway and communications server. It has
been discovered that WinGate has insecure permissions for the installation directory, which
allows local users ability to gain privileges by replacing an executable file with a Trojan
horse. The affected versions are WinGate v9.4.1.5998.
It has been discovered that GnuTLS 3.6.4 introduced a regression in the TLS protocol
implementation. This caused the TLS server to not securely construct a session ticket
encryption key considering the application supplied secret, allowing a MitM attacker to
bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2. The affected
versions are below GnuTLS 3.6.14.
It has been discovered that WebSphere Application Server is vulnerable to a remote code
execution vulnerability. The IBM WebSphere Application Server traditional could allow a
remote attacker to execute arbitrary code on the system with a specially-crafted sequence of
serialized objects.
Potential security vulnerabilities have been discovered in HPE Edgeline Integrated System
Manager. These vulnerabilities, known as the "TCP SACK Panic", could be remotely exploited
to cause a remote denial of service. The affected versions are HPE Edgeline EL300 Converged
Edge System - Running HPE Edgeline Integrated System Manager Prior to 2.06.
It has been discovered that IBM QRadar is vulnerable to an XML External Entity Injection
(XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to
expose sensitive information or consume memory resources. The affected products and versions
are all SDEE protocol versions before 7.3.0-QRADAR-PROTOCOL-SDEE-7.3-20200429181957 and all
SDEE protocol versions before 7.4.0-QRADAR-PROTOCOL-SDEE-7.4-20200429181942.
An improper neutralization of input and an unquoted service path vulnerability has been
discovered in FortiAnalyzer and FortiSIEM Windows Agent respectively. The affected versions
are FortiAnalyzer version 6.2.3 and below and FortiSIEMWindowsAgent version 3.1.2 and below.
It is recommended to upgrade to FortiAnalyzer version 6.2.4 or above or 6.4.0 or above and
FortiSIEMWindowsAgent version 3.2.0 or above.
Google has released Chrome version 83.0.4103.97 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system.
Cisco has released security updates to address vulnerabilities in multiple products. A
remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
It has been discovered that there is an improper handling of exceptional condition
vulnerability in Huawei Smartphones. A component cannot deal with an exception correctly.
Attackers can exploit this vulnerability by sending malformed message. This could compromise
normal service of affected phones.
Multiple vulnerabilities such as data leakage and XSS have been discovered in Django. The
affected versions are Django master branch, Django 3.1 (currently at alpha status), Django
3.0, and Django 2.2. It is recommended to upgrade to Django 3.0.7 or Django 2.2.13.
Multiple vulnerabilities such as XSS and CSRF have been discovered in Joomla! CMS. An
attacker could exploit these vulnerabilities to take control of an affected system.
url-regex is a package with regular expression for matching URLs. It has been discovered
that the affected versions of url-regex package are vulnerable to Regular Expression Denial
of Service (ReDoS). An attacker providing a very long string in String.test can cause a
Denial of Service.
It has been discovered that IP Encapsulation within IP (RFC2003 IP-in-IP) can be abused by
an unauthenticated attacker to unexpectedly route arbitrary network traffic through a
vulnerable device.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR and
Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an
affected system.
Missing Authentication for Critical Function vulnerability has been discovered in GE's
Equipment- Grid Solutions Reason RT Clocks. Successful exploitation of this vulnerability
could allow access to sensitive information, execution of arbitrary code, and cause the
device to become unresponsive.
An Improper Access Control vulnerability has been discovered in SWARCO TRAFFIC SYSTEMS'
Equipment- CPU LS4000. Successful exploitation of this vulnerability could allow access to
the device and disturb operations with connected devices.
It has been discovered that clusters using IPv4 may be vulnerable to information disclosure
if IPv6 is enabled but unused. A compromised pod with default privilege is able to
reconfigure the node’s IPv6 interface and redirect traffic from the node to the compromised
pod. It is recommended to upgrade to the latest Calico or Calico Enterprise releases.
Ant is a java based build tool like make. It has been discovered that Apache Ant created
temporary files with insecure permissions. An attacker could use this vulnerability to read
sensitive information leaked into /tmp, or potentially inject malicious code into a project
that is built with Apache Ant.
The Android Security Bulletin contains details of security vulnerabilities affecting Android
devices. Security patch levels of 2020-06-05 or later address all of these issues.
Flask is a micro web framework based on Werkzeug and Jinja2. It has been discovered that
Flask incorrectly handled certain inputs. An attacker could possibly use this issue to cause
a denial of service.
ca-certificates is common CA certificates. It has been discovered that ca-certificates
package contained an expired CA certificate that caused connectivity issues. This update
removes the "AddTrust External Root" CA.
It has been discovered that use of a hard-coded cryptographic key to encrypt security
sensitive data in configuration in FortiClient for Windows may allow an attacker with access
to the configuration or the backup file to decrypt the sensitive data via knowledge of the
hard-coded key. The affected versions are FortiClient for Windows below 6.4.0. It is
recommended to upgrade to FortiClient for Windows 6.4.0.
An Out-Of-Bound (OOB) access vulnerability has been discovered in the Message Signalled
Interrupt (MSI-X) device support of QEMU. This vulnerability could occur while performing
MSI-X mmio operations when a guest sent address goes beyond the mmio region. A guest
user/process may use this vulnerability to crash the QEMU process resulting in DoS scenario.
It has been discovered that a Kubernetes cluster using an affected networking implementation
is vulnerable to man-in-the-middle (MitM) attacks. Kubernetes itself is not vulnerable.
Multiple vulnerabilities have been discovered in the Planning Analytics Workspace component
of IBM Planning Analytics. An attacker could exploit one of these vulnerabilities to take
control of an affected system.
Apple has released security updates to address a vulnerability in multiple products. An
attacker could exploit this vulnerability to take control of an affected system.
A vulnerability has been discovered in the network stack of Cisco NX-OS Software that could
allow an unauthenticated, remote attacker to bypass certain security boundaries or cause a
denial of service (DoS) condition on an affected device.
Multiple vulnerabilities have been discovered in multiple products of ABB. An attacker could
exploit some of these vulnerabilities to take control of an affected system.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Multiple
vulnerabilities such as Out-of-bounds write and Integer overflow have been discovered in
freerdp. An update for freerdp is now available for Red Hat Enterprise Linux 7.
A security vulnerability in the exchange of information through Windows Named Pipes has been
discovered in PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows. This
would allow the interception of sensitive information. Additionally, if the user account had
windows impersonation enabled, then the attacker could elevate privilege to execute as
Windows System. The affected versions are PCoIP Agent (Standard or Graphics) for Windows
19.11.1 and earlier, and PCoIP Agent (Standard or Graphics) for Windows 2.7.8 and earlier.
It is recommended to update the PCoIP Agent for Windows to 19.11.2 (or later) or the 2.7.9
patch.
Multiple vulnerabilities have been discovered in bbPress 2.6. These vulnerabilities have
been fixed in bbPress 2.6.5. It is recommended to update from bbPress 2.6 to bbPress 2.6.5.
Unbound is a validating, recursive, and caching DNS resolver. It has been discovered that
Unbound incorrectly handled certain queries and malformed answers. A remote attacker could
use these vulnerabilities to perform an amplification attack directed at a target or cause
Unbound to crash, resulting in a denial of service.
Multiple vulnerabilities such as EternalBlue, BlueKeep, Improper Access Control, and lack of
Full Disk Encryption have been discovered in Bosch Recording Station (BRS). Bosch strongly
recommends to operate the BRS system in a closed network and prevent unauthorized direct
access to the BRS server.
Apple has released security updates to address vulnerabilities in multiple products. A
remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
A new elevation of privilege vulnerability has been discovered in Android that allows
hackers to gain access to almost all apps. This vulnerability has been named StrandHogg 2.0
due to its similarities with the infamous StrandHogg vulnerability.
A Stored XSS vulnerability has been discovered in the File Picker area under Extensions in
CMS Made Simple Admin Console. This vulnerability affects the CMS Made Simple latest version
(2.2.14) and below.
Multiple vulnerabilities such as Missing Authentication for Critical Function and
Deserialization of Untrusted Data have been discovered in Inductive Automation's Equipment-
Ignition. Successful exploitation of these vulnerabilities could allow an attacker to obtain
sensitive information and perform remote code execution with SYSTEM privileges.
A system permissions vulnerability has been discovered in all versions of Tyco Kantech
EntraPass Security Management Software Editions. An attacker with authorized access to a
low-privileged user account could exploit this vulnerability to gain full system level
privileges.
An integer overflow vulnerability has been discovered in the sqlite3_str_vappendf function
of the src/printf.c file of sqlite3 from version 3.8.3. It is recommended to upgrade the
sqlite3 packages.
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan
project. Multiple vulnerabilities have been discovered in Red Hat Data Grid 7.3.5. These
vulnerabilities have been fixed in new release Red Hat Data Grid 7.3.6.
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web
server. The mod_rewrite configurations of httpd is vulnerable to open redirect
vulnerability. An update for httpd24-httpd and httpd24-mod_md is now available for Red Hat
Software Collections.
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability
environments. A HTTP request smuggling vulnerability with transfer-encoding header
containing an obfuscated "chunked" value has been discovered in haproxy and HTTP/2
implementation of haproxy is vulnerable to intermediary encapsulation attacks. An update for
rh-haproxy18-haproxy is now available for Red Hat Software Collections.
A vulnerability has been discovered in the Linux kernels SELinux LSM hook implementation
where it incorrectly assumed that an skb would only contain a single netlink message. The
hook would incorrectly only validate the first netlink message in the skb and allow or deny
the rest of the messages within the skb with the granted permission without further
processing.
Multiple vulnerabilities such as Improper Access Control, Privilege Escalation, and
Unauthorized code execution have been discovered in FortiClient and FortiGateCloud of
FortiGuard. The affected products are FortiClient for Windows 6.2.1 and below and
FortiGateCloud version 4.4.
Multiple vulnerabilities have been discovered in qmail which could result in the execution
of arbitrary code, bypass of mail address verification and a local information leak whether
a file exists or not. It is recommended to upgrade the netqmail packages.
Directory traversal vulnerability has been discovered in the Rack::Directory app that is
bundled with Rack. If certain directories exist in a director that is managed by
`Rack::Directory`, an attacker could, using this vulnerability, read the contents of files
on the server that were outside of the root specified in the Rack::Directory initializer. It
is recommended to upgrade the ruby-rack packages.
Meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and
request smuggling attacks might be possible due to incorrect Content-Length and Transfer
encoding header parsing.
Multiple vulnerabilities such as SQL Injection, Path Traversal, and Argument Injection have
been discovered in Schneider Electric's Equipment- EcoStruxure Operator Terminal Expert.
Successful exploitation of these vulnerabilities could allow unauthorized write access or
remote code execution.
Cleartext Storage of Sensitive Information vulnerability has been discovered in Johnson
Controls' Equipment- Software House C-CURE 9000 and American Dynamics victor Video
Management System. Successful exploitation of this vulnerability may allow an attacker to
access credentials used for access to the application.
A race condition for systems with Message Aggregation enabled has been discovered in Slurm.
This race condition vulnerability could allow a user to launch a process as an arbitrary
user. This vulnerability has been fixed in Slurm versions 20.02.3 and 19.05.7.
Apple has released a security update to address a vulnerability in Xcode. A remote attacker
could exploit this vulnerability to take control of an affected system.
Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.7, and
8.8. A remote attacker could exploit these vulnerabilities to take control of an affected
system.
It has been discovered in Apache Tomcat that using a specifically crafted request an
attacker will be able to trigger remote code execution via deserialization of the file under
their control. The affected versions are Apache Tomcat 10.0.0-M1 to 10.0.0-M4, Apache Tomcat
9.0.0.M1 to 9.0.34, Apache Tomcat 8.5.0 to 8.5.54 and Apache Tomcat 7.0.0 to 7.0.103.
Cisco has released security updates to address multiple vulnerabilities affecting various
Cisco products. An attacker could exploit these vulnerabilities to take control of an
affected system.
It has been discovered that in some Fortinet products the TCP stacks that lack RFC 5961 3.2
& 4.2 support (or have it disabled at application level) may allow remote attackers to
guess sequence numbers and cause a denial of service (connection loss) to persistent TCP
connections by repeatedly injecting a TCP RST or SYN packet. The affected products are
FortiAnalyzer 6.2.3 and below and FortiManager 6.2.3 and below. It is recommended to upgrade
FortiAnalyzer to 6.2.4 or above and FortiManager to 6.2.4 or above.
Trend Micro has released a new Critical Patch (CP) for Trend Micro InterScan Web Security
Appliance (IWSVA) 6.5. This CP resolves multiple vulnerabilities related to cross-site
scripting (XSS), directory traversal information disclosure, authenticated command injection
and authentication bypass.
Multiple vulnerabilities such as Improper Restriction of Operations within the Bounds of a
Memory Buffer, and SQL Injection have been discovered in Rockwell Automation's Equipment-
EDS Subsystem. Successful exploitation of these vulnerabilities could lead to a
denial-of-service condition.
Arguments modification via missing support for integrity check vulnerability has been
discovered in RAONWIZ Inc K Upload. Automatic update processing without integrity check on
update module(web.js) allows an attacker to modify arguments which causes downloading a
random DLL and injection on it.
Multiple vulnerabilities such as Missing Authentication for Critical Function, Improper
Ownership Management, and Inadequate Encryption Strength have been discovered in Emerson's
Equipment- OpenEnterprise SCADA Software. Successful exploitation of these vulnerabilities
could allow an attacker access to OpenEnterprise configuration services or access passwords
for OpenEnterprise user accounts.
Bind is an Internet Domain Name Server. It has been discovered that Bind incorrectly limited
certain fetches and incorrectly handled checking TSIG validity. A remote attacker could
possibly use this issue to cause Bind to consume resources or cause Bind to crash, resulting
in a denial of service.
Exim is a mail transport agent. It has been discovered that Exim incorrectly handled certain
inputs. A remote attacker could possibly use this vulnerability to access sensitive
information or authentication bypass.
Multiple vulnerabilities have been discovered in HPE Superdome Flex Server Remote Management
Controller (RMC) and HPE NimbleStorage. A validation issue in HPE Superdome Flex's RMC
component may allow local elevation of privilege. Potential remote access security
vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited
by an attacker to access and modify sensitive information on the system.
It has been discovered that jquery is vulnerable to Cross-site Scripting (XSS). The affected
versions are jquery prior to 1.9.0. It is recommended to upgrade jquery to version 1.9.0 or
higher.
Adobe has released security updates to address vulnerabilities in multiple products. An
attacker could exploit these vulnerabilities to obtain sensitive information or perform
remote code execution.
Google has released Chrome version 83.0.4103.61 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system.
A code injection vulnerability has been discovered in VMware Cloud Director. An
authenticated actor may be able to send malicious traffic to VMware Cloud Director which may
lead to arbitrary remote code execution.
Microsoft has discovered a vulnerability involving packet amplification that affects Windows
DNS servers. An attacker who successfully exploits this vulnerability could cause the DNS
Server service to become nonresponsive.
It has been discovered that Signal Messenger App has a vulnerability which allows a remote
non-contact to ring a user's Signal phone and disclose the Signal user's current DNS server.
This can result in a remote attacker obtaining coarse information via leaking DNS server IP
of a Signal user, which may disclose coarse location as well as changes in internet
connections at any given moment.
It has been discovered that WordPress Plugin "Paid Memberships Pro" contains SQL injection
vulnerability. An attacker who can access the administrative page of Paid Membership Pro may
obtain and/or alter the information stored in the database. It is recommended to upgrade the
plugin to version 2.3.3.
Multiple vulnerabilities such as SNMPv2 and remotesupport have been discovered in Dell EMC
Isilon OneFS. These vulnerabilities could be exploited by malicious users to compromise the
affected system. The affected verions are Dell EMC Isilon OneFS 8.2.2 and earlier.
Multiple vulnerabilities such as stored XSS and remote code execution have been discovered
in MathJax and SCORM package of Moodle respectively. The affected versions are 3.8 to 3.8.2,
3.7 to 3.7.5, 3.6 to 3.6.9, 3.5 to 3.5.11 and earlier unsupported versions.
Multiple vulnerabilities have been discovered in Red Hat build of Thorntail. An update is
now available for Red Hat build of Thorntail. This release of Red Hat build of Thorntail
2.5.1 includes security updates, bug fixes, and enhancements.
DPDK is a set of libraries for fast packet processing. It has been discovered that DPDK
incorrectly handled certain inputs. An attacker could possibly use this issue to cause a
crash or execute arbitrary code. These vulnerabilities affects Ubuntu 20.04 LTS, Ubuntu
19.10 and Ubuntu 18.04 LTS.
Sending malformed NOOP command or sending command followed by sufficient number of newlines
or sending mail with empty quoted localpart can cause crash in submission, submission-login
or lmtp service, causing denial of service attack. The affected verions are Dovecot prior to
2.3.10.1.
It has been discovered that a locally authenticated user with low privileges in Ivanti
Workspace Control v10.3 and v10.4 can acquire admin privileges by changing certain user
registry entries. This allows an attacker to start applications with elevated privileges.
This only applies to configurations where administrator rights have been added to an
application by using Dynamic Privileges. This vulnerability has been resolved in Ivanti
Workspace Control 10.4.40.0.
Multiple vulnerabilities such as Pairing Method Confusion and Bluetooth Impersonation
Attacks have been discovered in Bluetooth devices supporting LE and BR/EDR implementation.
The affected versions are Core Spec, v2.1 to v5.2.
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in
Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data
Downloads>Reports>Download profile info" feature.
An XML external entity vulnerability has been discovered in log4net, a logging API for the
ECMA Common Language Infrastructure (CLI), sometimes referred to as "Mono". It is
recommended to upgrade the log4net packages.
Multiple vulnerabilities have been discovered in Hitachi Command Suite, Hitachi Automation
Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor, Hitachi
Ops Center, Hitachi Compute Systems Manager, JP1/Automatic Job Management System 3 and
JP1/Automatic Job Management System 2.
IBM i users running complex SQL statements under a specific set of circumstances may allow a
local user to obtain sensitive information that they should not have access to. The issue
can be fixed by applying a PTF to the IBM i Operating System. It is recommended that all
users running unsupported versions of affected products upgrade to supported and fixed
version of affected products.
OpenStack Shared Filesystem Service (Manila) provides services to manage network filesystems
for use by Virtual Machine instances. User with share-network UUID is able to show create
and delete shares. An update for openstack-manila is now available for Red Hat OpenStack
Platform 16 (Train).
kpatch is a kernel live patch module which is automatically loaded by the RPM post-install
script to modify the code of a running kernel. A null pointer dereference while receiving
CIPSO packet with null category may cause kernel panic. An update for kpatch-patch is now
available for Red Hat Enterprise Linux 8.
.NET Core is a managed-software framework. A denial of service vulnerability via untrusted
input has been discovered in dotnet. An update for .NET Core is now available for Red Hat
Enterprise Linux 8. The updated version is .NET Core Runtime 2.1.18 and SDK 2.1.514.
An improper restriction of XML external entity reference (XXE) vulnerability has been
discovered in Palo Alto Networks Panorama management service which allows remote
unauthenticated attackers with network access to the Panorama management interface to read
arbitrary files on the system. This vulnerability affects all versions of PAN-OS for
Panorama 7.1 and 8.0, PAN-OS for Panorama 8.1 versions earlier than 8.1.13, and PAN-OS for
Panorama 9.0 versions earlier than 9.0.7.
The reCaptcha v3 module enables to protect forms using the Google reCaptcha V3. If the
reCaptcha v3 challenge succeeds, all the other form validations are bypassed. This makes it
possible for attackers to submit invalid or incomplete forms. This vulnerability only
affects forms that are protected by reCaptcha v3 and have server side validation steps. It
is recommended to upgrade to the latest version of reCAPTCHA v3.
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in
its login flow. A remote unauthenticated attacker could convince a user to click on a link
using the OAuth redirect link with an untrusted website and gain access to that user's
access token in Concourse.
Adobe has released security updates to address vulnerabilities affecting Adobe DNG Software
Development Kit, Acrobat, and Reader. A remote attacker could exploit some of these
vulnerabilities to take control of an affected system.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A
remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
Cross-site Scripting vulnerability has been discovered in 3S-Smart Software Solutions GmbH's
Equipment- CODESYS V3 Library Manager. Successful exploitation of this vulnerability may
allow malicious content from manipulated libraries to be displayed or executed.
Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow,
Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer,
Race Condition, Argument Injection, and Null Pointer Dereference have been discovered in
different Equipments- OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by
IP Infusion, and VxWorks by Wind River. Successful exploitation of these vulnerabilities
could allow remote code execution.
Multiple vulnerabilities such as Uncontrolled Search Path Element, Improper Verification of
Cryptographic Signature, Incorrect Default Permissions, Uncaught Exception, Null Pointer
Dereference, Improper Input Validation, Cross-site Scripting, and Insertion of Sensitive
Information into Log File have been discovered in OSIsoft's Equipment- PI System. Successful
exploitation of these vulnerabilities could allow an attacker to access unauthorized
information, delete or modify local processes, and crash the affected device.
Multiple vulnerabilities such as Improper Input Validation and Incorrect Privilege
Assignment have been discovered in Eaton's Equipment- Intelligent Power Manager. Successful
exploitation of these vulnerabilities could allow an attacker to perform command injection
or code execution and allow non-administrator users to manipulate the system configurations.
The podman tool manages pods, container images, and containers. Crafted input tar file may
lead to local file overwrite during image build process and Use-after-free in GPGME bindings
during container image pull. An update for podman is now available for Red Hat Enterprise
Linux 7 Extras.
Siemens low & high voltage power meters are affected by multiple security
vulnerabilities due to the underlying Wind River VxWorks network stack. The vulnerability
could allow an attacker to execute a variety of exploits for the purpose of
Denial-of-Service (DoS), data extraction, RCE, etc. targeting both availability and
confidentiality of the devices and data.
A vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 and PDF-parsing module
in ClamAV 0.101 - 0.102.2 that could cause a denial-of-service condition has been fixed.
Other issues such as "Attempt to allocate 0 bytes" error when parsing some PDF documents and
some minor memory leaks have also been fixed. The libclamunrar has been updated to UnRAR
5.9.2. It is recommended to upgrade ClamAV to 0.102.3.
Multiple vulnerabilities have been discovered in the src wordpress package. An attacker
could exploit these vulnerabilities to take control of an affected system. It is recommended
to upgrade the wordpress packages.
The qemu-kvm-ma packages provide the user-space component for running virtual machines that
use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. A heap buffer
overflow vulnerability has been discovered during packet reassembly in slirp of QEMU. An
update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.6 Extended Update
Support.
Multiple vulnerabilities such as Out of Bounds, Directory Traversal, and Elevation of
Privilege have been discovered in the Symantec Endpoint Protection (SEP) and Symantec
Endpoint Protection Manager (SEPM). It is recommended to upgrade SEP and SEPM to 14.3.
It has been discovered that libntlm through 1.5 relies on a fixed buffer size for
tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write
operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in
smbutil.c for a crafted NTLM request. It is recommended to upgrade the libntlm packages.
Multiple vulnerabilities such as Authentication Bypass and Directory Traversal have been
discovered in Salt, an open source project by SaltStack, which have been determined to
affect VMware vRealize Operations Manager (vROps). The affected versions are 8.1.0, 8.0.x,
and 7.5.0.
A race condition has been discovered in the mkhomedir tool shipped with the oddjob package.
This vulnerability allows an attacker to leverage this flaw by creating a symlink point to a
target folder, which then has its ownership transferred to the new home directory's
unprivileged user.
Multiple vulnerabilities have been discovered in Wordpress Elementor Pro. These
vulnerabilities allows any logged-in user to upload and execute PHP scripts on the blog and
a vulnerability in Ultimate Addons for Elementor allows for subscriber registration. It is
recommended to upgrade to Elementor Pro 2.9.4.
Multiple vulnerabilities such as Improper Validation of Array Index, Relative Path
Traversal, SQL Injection, Stack-based Buffer Overflow, Heap-based Buffer Overflow, and
Out-of-bounds Read have been discovered in Advantech's Equipment- WebAccess Node. Successful
exploitation of these vulnerabilities may allow information disclosure, remote code
execution, and compromise system availability.
In WSO2, it has been discovered that the Management Console is vulnerable to a XXE attack
when updating an EventPublisher. The XXE attacks can affect any trusted system respective to
the machine where the parser is located. This attack may result in disclosing local files,
denial of service, server-side request forgery, port scanning and other system impacts on
affected systems.
A vulnerability has been discovered in Zulip Desktop 0.5.10, a certification validation
handler inadvertently disabled all certificate validation whether or not ignoreCerts was
enabled, except during initial association with the server. All versions of Zulip Desktop
from 0.5.10 through 5.1.0 are affected. It is recommended to upgrade to latest release.
Cisco has released security updates to address vulnerabilities in multiple products. A
remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
A vulnerability has been discovered in the EC2 credentials API of Keystone, the OpenStack
identity service: Any user authenticated within a limited scope (trust/oauth/application
credential) could create an EC2 credential with an escalated permission, such as obtaining
"admin" while the user is on a limited "viewer" role. It is recommended to upgrade the
keystone packages.
ManageEngine DataSecurity Plus application uses default admin credentials to communicate
with Dataengine Xnode server. This allows an attacker to bypass authentication for
Dataengine Xnode server and execute all operations in the context of admin user.
Google has released Chrome version 81.0.4044.138 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system.
Multiple vulnerabilities such as Cross-site Scripting, and Path Traversal have been
discovered in SAE IT-systems' Equipment- FW-50 Remote Telemetry Unit (RTU). Successful
exploitation of these vulnerabilities may allow an attacker to execute remote code, disclose
sensitive information, or cause a denial-of-service condition.
Uncontrolled Search Path Element vulnerability has been discovered in Fazecast's Equipment-
jSerialComm. Successful exploitation of this vulnerability could allow an unauthenticated
attacker to execute arbitrary code on a targeted system.
SQLite is a C library that implements an SQL database engine.The fts3 of sqlite has an
improve shadow table corruption detection. An update for sqlite is now available for Red Hat
Enterprise Linux 7.6 Extended Update Support.
Muliple vulnerabilities have been discovered in customer-managed Citrix ShareFile storage
zone controllers. These vulnerabilities, if exploited, would allow an unauthenticated
attacker to compromise the storage zones controller potentially giving an attacker the
ability to access ShareFile users’ documents and folders.
It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers,
did not correctly process and sanitize requests. This would allow a remote attacker to
perform either a Cross-Site Request Forgery (CSRF) forcing an authenticated user to be
logged out, or a Cross-Side Scripting (XSS) leading to execution of arbitrary code. It is
recommended to upgrade the roundcube packages.
Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox and
Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an
affected system.
The ServiceNow product is affected by a Stored Cross-Site Scripting vulnerability on one of
the parameters issued by the client when opening a new Incident Request. By exploiting this
vulnerability, an attacker can create a malicious Incident Request which can then be sent
out to users in the platform via a direct link to the Request.
The Android Security Bulletin contains details of security vulnerabilities affecting Android
devices. Security patch levels of 2020-05-05 or later address all of these issues.
A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote
attacker to craft links in an E-Mail message or calendar invite to execute arbitrary
JavaScript. The attack requires an A element containing an href attribute with a "www"
substring (including the quotes) followed immediately by a DOM event listener such as
onmouseover. This is fixed in 9.0.0 Patch 2.
A vulnerability has been discovered in JUnit XML launch import starting from version 3.1.0.
The XML parser was not configured properly to prevent XML external entity (XXE) attacks.
This allows a user to import a specifically-crafted XML file that uses external entities for
extraction of secrets from Report Portal service-api module or server-side request forgery.
It is recommended to install the latest releases.
A vulnerability was discovered in OpenLDAP, a free implementation of the Lightweight
Directory Access Protocol. LDAP search filters with nested boolean expressions can result in
denial of service (slapd daemon crash). It is recommended to upgrade the openldap packages.
A vulnerability has been discovered in SimpliSafe SS3 which is an incomplete fix to
TRA-2020-03. An attacker, with physical access, can add PINs without prior knowledge of the
PIN. This allows the attacker to disarm the system.
Salt is an open-source remote task and configuration management framework widely used in
data centers and cloud servers. SaltStack has released a security update to address critical
vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2. A remote attacker
could exploit these vulnerabilities to take control of an affected system.
It has been discovered that there was an integer signedness error in the miniupnpc UPnP
client that could allow remote attackers to cause a denial of service attack. It is
recommended to upgrade the miniupnpc packages.
Multiple security vulnerabilities have been discovered in the microdns plugin of the VLC
media player, which could result in denial of service or potentially the execution of
arbitrary code via malicious mDNS packets. It is recommended to upgrade the vlc packages.
Apache OFBiz is vulnerable to Host header injection by accepting arbitrary hosts. It is
recommended to upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583.
A vulnerability has been discovered in the CLI of Cisco IOS XE SD-WAN Software that could
allow an authenticated, local attacker to inject arbitrary commands that are executed with
root privileges.
WordPress 5.4 and prior versions are affected by multiple vulnerabilities. An attacker could
exploit some of these vulnerabilities to take control of an affected website. It is
recommended to upgrade to WordPress 5.4.1.
An invalid pointer access vulnerability has been discovered in Huawei OceanStor 5310
product. The software system access an invalid pointer when attacker malformed packet. Due
to the insufficient validation of some parameter, successful exploit could cause device
reboot.
Adobe has released security updates to address vulnerabilities in multiple products. An
attacker could exploit some of these vulnerabilities to take control of an affected system.
ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC
is frequently called by other applications in the case of mass traffic data in the system,
it results in no response for a long time and there is a memory overflow risk.
The libtiff packages contain a library of functions for manipulating Tagged Image File
Format (TIFF) files. An integer overflow vulnerability has been discovered in
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c. An update for libtiff is now available
for Red Hat Enterprise Linux 8.
The libmspack packages contain a library providing compression and extraction of the Cabinet
(CAB) file format used by Microsoft. A buffer overflow vulnerability has been discovered in
function chmd_read_headers(). An update for libmspack is now available for Red Hat
Enterprise Linux 8.
GLib provides the core application building blocks for libraries and applications written in
C and Intelligent Input Bus (IBus) is an input method framework for multilingual input in
Unix-like operating systems. A missing authorization allows local attacker to access the
input bus of another user. An update for glib2 and ibus is now available for Red Hat
Enterprise Linux 8.
WavPack is a completely open audio compression format providing lossless, high-quality
lossy, and a unique hybrid compression mode. Multiple vulnerabilities have been discovered
in wavpack that could lead to crashing or Denial of Service. An update for wavpack is now
available for Red Hat Enterprise Linux 8.
Irssi is a modular IRC client with Perl scripting. Use after free vulnerability has been
discovered in irssi when sending SASL login to server. An update for irssi is now available
for Red Hat Enterprise Linux 8.
Liblouis is an open source braille translator and back-translator named in honor of Louis
Braille. Multiple vulnerabilities such as Stack-based buffer overflow and Segmentation fault
have been discovered in liblouis. An update for liblouis is now available for Red Hat
Enterprise Linux 8.
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines.
Numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib has been discovered in edk2. An
update for edk2 is now available for Red Hat Enterprise Linux 8.
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and
DHCP (Dynamic Host Configuration Protocol) server. A memory leak in the create_helper()
function in /src/helper.c has been discovered in dnsmasq. An update for dnsmasq is now
available for Red Hat Enterprise Linux 8.
Multiple vulnerabilities such as Exposure of Sensitive Information to an Unauthorized Actor,
and Improper Input Validation have been discovered in LCDS' Equipment- LAquis SCADA.
Successful exploitation of these vulnerabilities could allow unauthorized attackers to view
sensitive information and create files in arbitrary locations.
A Stored Cross-Site Scripting (XSS) vulnerability has been discovered in VMware ESXi. A
malicious actor with access to modify the system properties of a virtual machine from inside
the guest os may be able to inject malicious script which will be executed by a victim's
browser when viewing this virtual machine via the ESXi Host Client.
A critical vulnerability has been discovered in Genius Server v. 3.2.2. An authenticated
function allows the attacker with administrative privileges to execute arbitrary commands.
It is recommended to upgrade to Genius Server version 3.2.8.
Samba has released security updates to address multiple vulnerabilities such as
Use-after-free and Denial of Service in multiple versions of Samba. An attacker could
exploit one of these vulnerabilities to take control of an affected system.
re2c is a tool for generating fast C-based recognizers. It has been discovered that re2c
could be made to execute arbitrary code if it received a specially crafted file. This
vulnerability affects Ubuntu 20.04 LTS releases of Ubuntu and its derivatives.
An unsafe object creation vulnerability has been discovered in ruby-json before 2.3.0. When
parsing certain JSON documents, the json gem (including the one bundled with Ruby) can be
coerced into creating arbitrary objects in the target system. It is recommended to upgrade
the ruby-json packages.
Multiple vulnerabilities such as Path Traversal Recursive Directory Listing and Absolute
File Backup Copy have been discovered in Tiny File Manager 2.4.1. Both vulnerabilities are
exploitable only while authenticated as a non-readonly user, or while authentication is
disabled.
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows
remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory
traversal, as demonstrated by reading /etc/shadow.
A SQL injection vulnerability was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25
on Sophos XG Firewall devices. This affected devices configured with either the
administration (HTTPS) service or the User Portal exposed on the WAN zone.
It has been discovered that the backend incorrectly handled messages given by user-input in
the "send" functionality of the Inspect-tool of the Monitor component. An attacker with
access to the IntelMQ Manager could possibly use this issue to execute arbitrary code with
the privileges of the webserver.
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN
(DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning
(ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path
traversal. An attacker can exploit this vulnerability to inject commands into the httpd.log,
read files with 'world' readable file permission or obtain J-Web session tokens. Software
releases have been updated to resolve this specific issue.
Google has released Chrome version 81.0.4044.129 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system.
An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a
remote unauthenticated attacker to access the system as a legitimate user by requesting a
password change via the user interface.
It has been discovered that Apache Traffic Server (ATS) is vulnerable to a HTTP/2 slow read
attack. The affected versions are ATS 6.0.0 to 6.2.3, ATS 7.0.0 to 7.1.9 and ATS 8.0.0 to
8.0.6.
It has been discovered that it is possible to create a cross site scripting attack on the
webarchives of the Mailman mailing list manager, by sending a special type of attachment. It
is recommended to upgrade the mailman packages.
Multiple vulnerabilities have been discovered in php5, a server-side, HTML-embedded
scripting language. It is recommended to upgrade the php5 packages.
A heap buffer overflow write vulnerability has been discovered in the rzip program (a
compression program for large files) when uncompressing maliciously crafted files. It is
recommended to upgrade the rzip packages.
It has been discovered that there is a null pointer dereference exploit in libgsf, an I/O
abstraction library for GNOME. An error within the "tar_directory_for_file()" function could
be exploited to trigger a null pointer dereference and subsequently cause a crash via a
crafted TAR file.
It has been discovered that there was a path traversal vulnerability in jsch, a pure Java
implementation of the SSH2 protocol. It is recommended to upgrade the jsch packages.
It has been discovered that a NULL pointer dereference could happen in ncmpc, an
ncurses-based audio player. This could result in a crash and a denial of service. It is
recommended to upgrade the ncmpc packages.
It has been discovered that eog (Eye of GNOME) incorrectly handled certain invalid UTF-8
strings. If a user were tricked into opening a specially-crafted image, a remote attacker
could use this vulnerability to cause Eye of GNOME to crash, resulting in a denial of
service, or possibly execute arbitrary code. It is recommended to upgrade the eog packages.
Radicale, a simple calendar and addressbook server - daemon, is prone to timing oracles and
simple brute-force attacks when using the htpasswd authentication method. It is recommended
to upgrade the radicale packages.
It was discovered that python-reportlab, a Python library to create PDF documents, is prone
to a code injection vulnerability while parsing a color attribute. An attacker can take
advantage of this vulnerability to execute arbitrary code if a specially crafted document is
processed. It is recommended to upgrade the python-reportlab packages.
Multiple vulnerabilities have been discovered in Hitachi Ops Center Analyzer viewpoint,
Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer.
An integer overflow vulnerability has been discovered in QEMU in the way it implemented the
ATI VGA emulation. A malicious guest could exploit this vulnerability to crash the QEMU
process, resulting in a denial of service.
A remote access vulnerability has been discovered that may allow a remote user to run shell
commands on affected systems using HTTP requests to the BIG-IQ user interface. A remote
attacker may be able to leverage the Grafana component to run local shell commands on the
system.
Multiple vulnerabilities have been discovered in HPE UIoT version 1.4.2 and earlier that
could allow unauthorized remote access and access to sensitive data. The versions affected
are HPE IOT + GCP 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.
Multiple vulnerabilities such as OS Command Injection, Use of Hard-coded Credentials,
Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Cross-site Request
Forgery, Information Exposure, and Missing Encryption of Sensitive Data have been discovered
in Sierra Wireless' Equipment- AirLink ALEOS. Successful exploitation of these
vulnerabilities could allow attackers to remotely execute code, discover user credentials,
upload files, or discover file paths.
Due to incorrect buffer handling Squid is vulnerable to multiple vulnerabilities such as
cache poisoning, remote execution, and denial of service attacks when processing ESI
responses. The affected versions are Squid 3.x - 3.5.28, Squid 4.x - 4.10 and Squid 5.x -
5.0.1. The vulnerabilities have been fixed in Squid 4.11 and Squid 5.0.2.
Due to an integer overflow bug Squid is vulnerable to credential replay and remote code
execution attacks against HTTP Digest Authentication tokens. A remote attacker can replay a
sniffed Digest Authentication nonce to gain access to resources that are otherwise
forbidden.
Twisted Web is a complete web server, aimed at hosting web applications using Twisted and
Python, but fully able to serve static pages too. A HTTP request smuggling vulnerability has
been discovered in python-twisted when presented with a Content-Length and a chunked
Transfer-Encoding header. An update for python-twisted-web is now available for Red Hat
Enterprise Linux 7.
Multiple vulnerabilities in dependent libraries affect IBM Db2 leading to denial of service
or privilege escalation. These vulnerabilities affects the Db2 versions V11.1 and V11.5.
The communication between NGINX Controller and NGINX Plus instances skip TLS verification by
default. This vulnerability enables a man-in-the-middle (MITM) attack that can intercept the
communication channel and read/modify data in transit.
The kernel packages contain the Linux kernel, the core of any Linux operating system. The
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a
certain upper-bound check, leading to a buffer overflow vulnerability and the offset2lib
allows for the stack guard page to be jumped over. An update for kernel is now available for
Red Hat Enterprise Linux 6.
An Out-of-Bound Write and Heap Overflow vulnerabilities have been discovered in Apple iOS
13.4.1 and previous versions. These vulnerabilities allows remote code execution
capabilities and enables an attacker to remotely infect a device by sending emails that
consume significant amount of memory.
Binutils is GNU assembler, linker and binary utilities. If a user or automated system were
tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils
to crash, resulting in a denial of service, or possibly execute arbitrary code.
Google has released Chrome version 81.0.4044.122 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system.
Server or client applications that call the SSL_check_chain() function during or after a TLS
1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling
of the "signature_algorithms_cert" TLS extension. OpenSSL version 1.1.1g has been released
to address the vulnerability affecting versions 1.1.1d, 1.1.1e, and 1.1.1f. An attacker
could exploit this vulnerability in a Denial of Service attack.
An Improper Access Control vulnerability has been discovered in Inductive Automation's
Equipment- Ignition 8 Gateway. Successful exploitation of this vulnerability could allow an
attacker to write endless log statements into the database, which could result in a
denial-of-service condition.
The http-parser package provides a utility for parsing HTTP messages. HTTP request smuggling
using malformed Transfer-Encoding header has been discovered. An update for http-parser is
now available for Red Hat Enterprise Linux 7.6 Extended Update Support.
It has been discovered that Python incorrectly stripped certain characters from requests and
incorrectly handled certain HTTP requests. A remote attacker could use these vulnerabilities
to perform CRLF injection and cause a denial of service respectively.
The ipfw system facility allows filtering, redirecting, and other operations on IP packets
travelling through network interfaces. Incomplete packet data validation may result in
accessing out-of-bounds memory or may access memory after it has been freed. Access to out
of bounds or freed mbuf data can lead to a kernel panic or other unpredictable results. It
is recommended to upgrade the vulnerable system to a supported FreeBSD stable or release /
security branch (releng) dated after the correction date, and reboot.
It has been discovered that SysAid On-Premise 20.1.11, by default, allows the AJP protocol
port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated
access to upload files, which can be used to execute commands on the system by chaining it
with a GhostCat attack.
HCL AppScan Enterprise Edition contains hard-coded credentials, such as a password or
cryptographic key, which it uses for its own inbound authentication, outbound communication
to external components, or encryption of internal data.
An issue has been discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access
level section of com_users allow the unauthorized editing of usergroups. It is recommended
to upgrade to version 3.9.17.
Multiple vulnerabilities have been discovered in multiple products of Cisco. An attacker
could exploit some of these vulnerabilities to take control of an affected system.
A vulnerability has been discovered in git, a fast, scalable, distributed revision control
system. With a crafted URL that contains a newline or empty host, or lacks a scheme, the
credential helper machinery can be fooled into providing credential information that is not
appropriate for the protocol in use and host being contacted. It is recommended to upgrade
the git packages.
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF)
that provides container runtime. Volume mount race condition with shared mounts led to
information leak and integrity manipulation. An update for runc is now available for Red Hat
OpenShift Container Platform 4.3.
re2c is a tool for generating C-based recognizers from regular expressions. There is an heap
overflow reproducible with a crafted file. The re2c-1.3 version has been affected by this
vulnerability.
It has been discovered that there was a path-traversal vulnerability in Apache Shiro, a
security framework for the Java programming language. A specially-crafted request could
cause an authentication bypass. It is recommended to upgrade the shiro packages.
Due to incorrect URL handling Squid is vulnerable to access control bypass, cache poisoning
and cross-site scripting attacks when processing HTTP Request messages. These
vulnerabilities have been fixed in Squid 4.8 version.
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal
during extraction because it lacks a check of whether a file's parent is a symlink to a
directory outside of the intended extraction location. It is recommended to upgrade the
file-roller packages.
The Bluetooth BR/EDR specification up to and including version 5.1 in FortiSwitch permits
sufficiently low encryption key length and does not prevent an attacker from influencing the
key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can
decrypt traffic and inject arbitrary ciphertext without the victim noticing.
Apple has released a security update to address vulnerabilities in Xcode. A crafted git URL
that contains a newline in it may cause credential information to be provided for the wrong
host. A remote attacker could exploit this vulnerability to take control of an affected
system. This update is available for macOS Catalina 10.15.2 and later.
A vulnerability has been discovered in the webkit2gtk web engine, a maliciously crafted web
content may lead to arbitrary code execution or a denial of service. It is recommended to
upgrade the webkit2gtk packages.
TigerVNC is a suite of Virtual Network Computing servers and clients. Multiple
vulnerabilities such as Stack use-after-return, Heap buffer overflow and Stack buffer
overflow have been discovered in TigerVNC. An update for tigervnc is now available for Red
Hat Enterprise Linux 8.
The ipmitool packages contain a command-line utility for interfacing with devices that
support the Intelligent Platform Management Interface (IPMI) specification. A Buffer
overflow vulnerability in read_fru_area_section function in lib/ipmi_fru.c has been
discovered. An update for ipmitool is now available for Red Hat Enterprise Linux 7.5
Extended Update Support.
In versions 0.20.0-incubating and Apache Heron does not configure its YAML parser to prevent
the instantiation of arbitrary types, resulting in remote code execution vulnerabilities.
The versions affected are 0.20.2-incubating, 0.20.1-incubating and v-0.20.0-incubating.
The kernel-alt packages provide the Linux kernel version 4.x. Multiple vulnerabilities such
as Heap-based overflow, Heap overflow and Null pointer dereference have been discovered in
kernel. An update for kernel-alt is now available for Red Hat Enterprise Linux 7.
Vulnerabilities in Veeam ONE Agent components residing on Veeam ONE and Veeam Backup &
Replication servers allow executing malicious code remotely without authentication. This may
lead to gaining control over the target system.
Multiple vulnerabilities such as Improper Authentication, Information Disclosure, and Denial
of Service have been discovered in some Huawei smartphones. Successful exploitation of these
vulnerabilities may cause information disclosure, and abnormal service in specific scenario.
Multiple vulnerabilities have been discovered in the IBM HTTP Server used by WebSphere
Application Server. Apache HTTP Server could allow a remote attacker to conduct phishing
attacks, and execute arbitrary code on the system. An attacker could exploit these
vulnerabilities to redirect a victim to arbitrary websites and execute arbitrary code or
cause a denial of service condition on the system respectively.
Applications and Services that utilize the FBX-SDK Ver. 2020.0 or earlier can be impacted by
buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference,
and heap overflow vulnerabilities.
Google has released Chrome version 81.0.4044.113 for Windows, Mac, and Linux. This version
addresses a vulnerability that an attacker could exploit to take control of an affected
system.
Multiple vulnerabilities have been discovered in multiple products of Cisco. An attacker
could exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been identified within Citrix Hypervisor, which could, if
exploited, allow privileged code in a PV guest VM to read a single uninitialized 4kB page of
memory (that may contain data left by a previous VM) and also allow privileged code in a
guest VM to cause the host to crash. These vulnerabilities affect all currently supported
versions of Citrix Hypervisor up to and including Citrix Hypervisor 8.1. Updates have been
released to address these issues.
Red Hat CodeReady Workspaces 2.1.0 provides a cloud developer-workspace server and a
browser-based IDE built for teams and organisations. JWT proxy bypass allows access to
workspace pods of other users. Red Hat CodeReady Workspaces 2.1.0 has been released.
The elfutils packages contain a number of utility programs and libraries related to the
creation and maintenance of executable code. Double-free due to double decompression of
sections in crafted ELF causes crash. An update for elfutils is now available for Red Hat
Enterprise Linux 7.6 Extended Update Support.
The Network Time Protocol (NTP) is used to synchronize a computer's time with another
referenced time source. Stack-based buffer overflow vulnerability in ntpq and ntpdc allows
denial of service or code execution. An update for NTP is now available for Red Hat
Enterprise Linux 7.6 Extended Update Support.
Multiple vulnerabilities such as Authentication Bypass, Authenticated Remote Code Execution,
Authenticated Stored Cross Site Scripting and Information Disclosure have been discovered in
ClearPass Policy Manager. Successful exploitation of these vulnerabilities could lead to
database changes, remote code execution, privilege escalation attack and compromise of some
of ClearPass' service accounts respectively.
Oracle has released its Critical Patch Update for April 2020 to address vulnerabilities
across multiple products. A remote attacker could exploit some of these vulnerabilities to
take control of an affected system.
It has been discovered that files uploaded via Forms to folders migrated from Silverstripe
CMS 3.x may be put to the default "/Uploads" folder instead. This is a security issue
because the default "/Uploads" folder is publicly accessible by default, which means
unauthorised parties may access the uploaded files via HTTP by guessing the file name.
Multiple vulnerabilities have been discovered in CA API Developer Portal of CA Technologies.
These vulnerabilities can allow attackers to bypass access controls, view or modify
sensitive information, perform open redirect attacks, or elevate privileges.
A vulnerability has been discovered in git, a fast, scalable, distributed revision control
system. With a crafted URL that contains a newline, the credential helper machinery can be
fooled to return credential information for a wrong host. It is recommended to upgrade the
git packages.
A vulnerability has been discovered in graphicsmagick, a collection of image processing
tools, that results in a heap overflow in 32-bit applications because of a signed overflow
on range check in the HuffmanDecodeImage function. It is recommended to upgrade the
graphicsmagick packages.
An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was
found to contain functionality that allows a privileged user (root) in the Rich Execution
Environment (REE) to obtain bitmap images from the fingerprint sensor because of Leftover
Debug Code. The issue is that the Trusted Application (TA) supports an extended number of
commands beyond what is needed to implement a fingerprint authentication system compatible
with Android.
Adobe has released security updates to address vulnerabilities in multiple products. An
attacker could exploit some of these vulnerabilities to take control of an affected system.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A
remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
Intel has released security updates to address vulnerabilities in multiple products. An
attacker could exploit some of these vulnerabilities to take control of an affected system.
Cross Site Scripting (XSS) and Open Redirect vulnerabilities in vRealize Log Insight were
discovered. Successful exploitation of this issue may result in a compromise of the victim's
workstation.
Multiple vulnerabilities such as Stack-based Buffer Overflow and Out-of-bounds Read were
discovered in Eaton's Equipment- HMiSoft VU3 (HMIVU3 runtime not impacted). Successful
exploitation of these vulnerabilities could crash the device being accessed and may allow
remote code execution or information disclosure.
Stacked-based Buffer Overflow vulnerability has been discovered in Triangle MicroWorks'
Equipment- DNP3 Outstation Libraries. Successful exploitation of this vulnerability could
possibly allow remote attackers to stop the execution of code on affected equipment.
Multiple vulnerabilities such as Stacked-based Buffer Overflow, Out-of-Bounds Read, and Type
Confusion have been discovered in Triangle MicroWorks' Equipment- SCADA Data Gateway. These
vulnerabilities allow remote attackers to execute arbitrary code and disclose on affected
installations of Triangle Microworks SCADA Data Gateway with DNP3 Outstation channels.
Multiple vulnerabilities have been discovered in multiple products of Siemens. An attacker
could exploit some of these vulnerabilities to take control of an affected system.
A remote authenticated authorization bypass vulnerability has been discovered in Wowza
Streaming Engine 4.7.8 (build 20191105123929) that allows any read-only user to issue
requests to the administration panel in order to change functionality of the application.
From 30 June 2020, Magento will no longer provide software and security updates for Magento
1 e-commerce platform. Affected software include all versions of Magento Commerce 1 and
Magento Open Source 1. Websites running on Magento 1 e-commerce platform will continue to
function even after the support ends.
Open Liberty is a lightweight open framework for building fast and efficient cloud-native
Java microservices. WebSphere Application Server Liberty is vulnerable to Cross-site
Scripting. Open Liberty 20.0.0.4 Runtime is now available and serves as a replacement for
Open Liberty 20.0.0.3.
Mozilla has released security updates to address vulnerabilities in Thunderbird 68.7.0. An
attacker could exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that libssh incorrectly handled AES-CTR ciphers. A remote attacker
could possibly use this issue to cause libssh to crash, resulting in a denial of service.
A sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) was
discovered. A malicious actor with network access to an affected vmdir deployment may be
able to extract highly sensitive information which could be used to compromise vCenter
Server or other services which are dependent upon vmdir for authentication.
VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions
prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling
that writes database connection properties to its log, including database username and
password. A malicious user with access to those logs may gain unauthorized access to the
database being used by Autoscaling.
Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in
Rockwell Automation's Equipment- RSLinx Classic. Successful exploitation of this
vulnerability could allow a local authenticated attacker to execute malicious code when
opening RSLinx Classic.
IBM WebSphere Application Server traditional is vulnerable to a privilege escalation
vulnerability when using token-based authentication in an admin request over the SOAP
connector.
A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, ACX
Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a
local authenticated high privileged user to access the underlying WRL host. This issue
affects Junos OS 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4.
Multiple information disclosure vulnerabilities in Juniper Networks Junos OS Evolved allow a
local, authenticated user with shell access the ability to view sensitive configuration
information, such as the hashed values of login passwords and shared secrets. This issue
affects Junos OS Evolved.
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This
vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering
the intended functionality potentially leading to credentials disclosure within a trusted
session.
Receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS
Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other
peers to terminate the established BGP session, creating a Denial of Service (DoS)
condition. This issue affects Junos OS Evolved and Junos OS 16.1, 16.2, 17.1, 17.2, 17.2X75,
17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4, 19.1, 19.2.
A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with
a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of
service condition or potentially execute code with root privileges.
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local
authenticated Windows user to escalate privileges or overwrite system files. This issue
affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on
Windows.
Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH
login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and
Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple
login attempts in excess of the configured login attempt limit. Successful exploitation
allows an attacker to perform brute-force password attacks on the SSH service.
There is an insufficient integrity validation vulnerability in several Huawei products. The
device does not sufficiently validate the integrity of certain file in certain loading
processes, successful exploitation could allow the attacker to load a crafted file to the
device through USB.
The Spamicide module protects Drupal forms with a form field that is hidden from normal
users, but visible to spam bots. The module doesn't require appropriate permissions for
administrative pages leading to an Access Bypass.
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application
platform solution designed for on-premise or private cloud deployments. Crafted requests to
kubelet API allowed for memory exhaustion. An update for
openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container
Platform 4.3.
It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or
automated system were tricked into processing a specially crafted binary, a remote attacker
could use this issue to cause libiberty to crash, resulting in a denial of service, or
possibly execute arbitrary code.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR.
An attacker could exploit some of these vulnerabilities to take control of an affected
system.
Google has released Chrome version 81.0.4044.92 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system.
A Cross-site Scripting vulnerability has been discovered in HMS Networks' Equipment- eWON
Flexy and Cosy. Successful exploitation of this vulnerability could initiate a password
change.
A Heap-based Buffer Overflow vulnerability has been discovered in Fuji Electric's Equipment-
V-Server Lite. Successful exploitation of this vulnerability could allow a remote attacker
to gain elevated privileges for remote code execution.
An Improper Enforcement of Message Integrity During Transmission in a Communication Channel
vulnerability has been discovered in KUKA's Equipment- Sim Pro. Successful exploitation of
this vulnerability could result in a loss of integrity in external 3D models fetched from
remote servers. When tested on real machines, this effect is unpredictable.
Multiple vulnerabilities such as Improper Authentication, Improper Input Validation, Missing
Authentication for Critical Function, Improper Check for Unusual or Exceptional Conditions,
Exposure of Sensitive Information to an Unauthorized Actor, and Incorrect Default
Permissions have been discovered in Synergy Systems & Solutions' Equipment- HUSKY RTU.
Successful exploitation of these vulnerabilities could allow an attacker to read sensitive
information, execute arbitrary code, or cause a denial-of-service condition.
An Improper Privilege Management vulnerability has been discovered in GE Digital's
Equipment- CIMPLICITY. Successful exploitation of this vulnerability could allow an
adversary to modify the systemwide CIMPLICITY configuration, leading to the arbitrary
execution of code.
Multiple vulnerabilities such as Unrestricted Upload of File with Dangerous Type, SQL
Injection, Relative Path Traversal, Missing Authentication for Critical Function, Improper
Restriction of XML External Entity Reference, and OS Command Injection have been discovered
in Advantech's Equipment- WebAccess/NMS. Successful exploitation of these vulnerabilities
may allow an attacker to gain remote code execution, upload files, delete files, cause a
denial-of-service condition, and create an admin account for the application.
The krb5-appl packages contain Kerberos-aware versions of telnet, ftp, rsh, and rlogin
clients and servers. No bounds checks in nextitem() function allows to remotely execute
arbitrary code. An update for krb5-appl is now available for Red Hat Enterprise Linux 6.
The nss-softokn package provides the Network Security Services Softoken Cryptographic
Module. An Out-of-bounds write when passing an output buffer smaller than the block size to
NSC_EncryptUpdate and Key Extraction Side Channel in multiple crypto libraries
vulnerabilities have been discovered in nss and ROHNP respectively. An update for
nss-softokn is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red
Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4
Update Services for SAP Solutions.
Telnet is a popular protocol for logging in to remote systems over the Internet. No bounds
checks in nextitem() function allows to remotely execute arbitrary code. An update for
telnet is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
A Hard-Coded Administrator Password vulnerability was discovered in OpsRamp Gateway. The
OpsRamp Gateway has an administrative account named vadmin that allows root SSH access to
the server.
Periscope BuySpeed is a tool to automate the full procure-to-pay process efficiently and
intelligently. Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting,
which may allow a local, authenticated attacker to execute arbitrary JavaScript.
The Android Security Bulletin contains details of security vulnerabilities affecting Android
devices. Security patch levels of 2020-04-05 or later address all of these issues.
An improper authorization vulnerability in FortiADC may allow a remote authenticated user
with low privileges to perform certain actions such as rebooting the system. The FortiADC
version 5.3.4 and below are affected by this vulnerability. It is recommended to upgrade to
FortiADC version 5.3.5 or above.
OpenStack Shared Filesystem Service (Manila) provides services to manage network filesystems
for use by Virtual Machine instances. An user with share-network UUID is able to show,
create and delete shares. An update for openstack-manila is now available for Red Hat
OpenStack Platform 15 (Stein).
python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools. A
prototype pollution in object's prototype leads to denial of service or remote code
execution or property injection vulnerability. An update for python-XStatic-jQuery is now
available for Red Hat OpenStack Platform 15 (Stein).
Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be
susceptible to a privilege escalation vulnerability, which is a type of issue whereby an
attacker may attempt to compromise the software application to gain elevated access to
resources that are normally protected from an application or user.
libmtp is a library for communicating with MTP aware devices. An integer overflow
vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file and in the
ptp-pack.c (ptp_unpack_OPL function) allows attackers to cause a denial of service
(out-of-bounds memory access) or remote code execution by inserting a mobile device into a
personal computer through a USB cable. It is recommended to upgrade the libmtp packages.
A vulnerability was discovered in the DTLS protocol implementation in GnuTLS, a library
implementing the TLS and SSL protocols. The DTLS client would not contribute any randomness
to the DTLS negotiation, breaking the security guarantees of the DTLS protocol. It is
recommended to upgrade the gnutls28 packages.
Information disclosure vulnerability has been discovered in DotNetNuke CMS (DNN) v.9.5
within the built in Message Center Module. A registered user is able to enumerate any file
in the Admin File Manager that is not contained in a secure folder by sending themselves a
message with the file attached.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR.
An attacker could exploit these vulnerabilities to take control of an affected system.
UNC path injection vulnerability has been discovered in Zoom’s video conferencing software
for Windows that could let hackers steal Windows passwords and execute arbitrary commands on
their devices.
It was discovered that some user-generated CSS selectors in MediaWiki, a website engine for
collaborative work, were not escaped. It is recommended to upgrade the mediawiki packages.
Multiple vulnerabilities such as Improper Privilege Management, Missing Required
Cryptographic Step, and Path Traversal have been discovered in B&R Automation's
Equipment- Automation Studio. Successful exploitation of these vulnerabilities could allow
an attacker to delete arbitrary files from this system, fetch arbitrary files, or perform
arbitrary write operations.
It has been discovered that qbittorrent, a bittorrent client with a Qt5 GUI user interface,
allows command injection via shell metacharacters in the torrent name parameter or current
tracker parameter, which could result in remote command execution via a crafted name within
an RSS feed if qbittorrent is configured to run an external program on torrent completion.
It is recommended to upgrade the qbittorrent packages.
Node.js is a software development platform for building fast and scalable network
applications in the JavaScript programming language. An Integer overflow vulnerability in
UnicodeString::doAppend() has been discovered in nodejs:12. An update for the nodejs:12
module is now available for Red Hat Enterprise Linux 8.
A critical vulnerability has been discovered in HAProxy’s HTTP/2 HPACK decoder that can be
exploited to cause an out-of-bound memory write potentially leading to corruption of data, a
crash, or code execution.
Multiple vulnerabilities have been discovered in DrayTek devices which could allow for
arbitrary code execution. Successful exploitation of these vulnerabilities could result in
an attacker executing arbitrary code on the affected system.
A buffer overflow vulnerability has been discovered in some Huawei products. This
vulnerability can be exploited by an attacker to perform remote code execution on the
affected products when the affected product functions as an optical line terminal.
Google has released Chrome version 80.0.3987.162 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system.
The unzip utility is used to list, test, and extract files from zip archives. An overlapping
of files in ZIP container leads to denial of service. An update for unzip is now available
for Red Hat Enterprise Linux 7.
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for
Zero Configuration Networking. It has been discovered that a multicast DNS responds to
unicast queries outside of local network. An update for avahi is now available for Red Hat
Enterprise Linux 7.
TagLib is a library for reading and editing the meta-data of different audio formats. It has
been discovered that a heap-based buffer over-read via a crafted audio file. An update for
taglib is now available for Red Hat Enterprise Linux 7.
The polkit packages provide a component for controlling system-wide privileges. An Improper
authorization vulnerability in polkit_backend_interactive_authority_check_authorization
function in polkitd has been discovered. An update for polkit is now available for Red Hat
Enterprise Linux 7.
Improper Check for Unusual or Exceptional Conditions vulnerability has been discovered in
Schneider Electric's Equipment- Modicon M580, Modicon M340, Modicon Quantum, and Modicon
Premium. Successful exploitation of this vulnerability could result in a denial-of-service
condition.
Uncontrolled Resource Consumption vulnerability has been discovered in Mitsubishi Electric's
Equipment- MELSEC. Successful exploitation of this vulnerability may render the device
unresponsive.
Classic Buffer Overflow vulnerability has been discovered in Hirschmann Automation and
Control GmbH's Equipment- HiOS and HiSecOS. Successful exploitation of this vulnerability
could allow an unauthenticated, remote attacker to overflow a buffer and fully compromise
the device.
Protection Mechanism Failure vulnerability has been discovered in Becton, Dickinson and
Company's Equipment- Pyxis MedStation and Pyxis Anesthesia (PAS) ES System. The affected BD
medical devices utilize a method of software application implementation called “kiosk mode.”
This kiosk mode is vulnerable to local breakouts, which could allow an attacker with
physical access to bypass kiosk mode and view and/or modify sensitive data.
The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX,
and similar operating systems. Multiple vulnerabilities such as Local privilege escalation,
Manipulation of cupsd.conf and Predictable session cookie have been discovered in CUPS. An
update for CUPS is now available for Red Hat Enterprise Linux 7.
The wireshark packages contain a network protocol analyzer used to capture and browse the
traffic running on a computer network. Multiple vulnerabilities have been discovered in
wireshark. An update for wireshark is now available for Red Hat Enterprise Linux 7.
LFTP is a file transfer utility for File Transfer Protocol (FTP), Secure File Transfer
Protocol (SFTP), Hypertext Transfer Protocol (HTTP), and other commonly used protocols. A
particular remote file names may lead to current working directory erased. An update for
LFTP is now available for Red Hat Enterprise Linux 7.
AdvanceCOMP is a set of recompression utilities for .PNG, .MNG and .ZIP files. An integer
overflow vulnerability in png_compress in pngex.cc has been discovered in AdvanceCOMP. An
update for advancecomp is now available for Red Hat Enterprise Linux 7.
The texlive packages contain TeXLive, an implementation of TeX for Linux or UNIX systems. A
Buffer overflow vulnerability in t1_check_unusual_charstring function in writet1.c has been
discovered in texlive. An update for texlive is now available for Red Hat Enterprise Linux
7.
GNOME is the default desktop environment of Red Hat Enterprise Linux. A partial lock screen
bypass vulnerability has been discovered in GNOME. An update for GNOME is now available for
Red Hat Enterprise Linux 7.
Expat is a C library for parsing XML documents. An Integer overflow vulnerability leading to
buffer overflow in XML_GetBuffer() has been discovered in Expat. An update for Expat is now
available for Red Hat Enterprise Linux 7.
The rsyslog packages provide an enhanced, multi-threaded syslog daemon. A heap-based
overflow vulnerability has been discovered in rsyslog. An update for rsyslog is now
available for Red Hat Enterprise Linux 7.
Sphinx (a.k.a. Zloader or Terdot) is a modular malware based on the leaked source code of
the infamous Zeus banking trojan and began resurfacing in December 2019. There has been
significant increase in volume in March, as Sphinx’s operators looked to take advantage of
the interest and news around government relief payments. Sphinx is joining the growing fray
of COVID-19-themed phishing and malspam campaigns ramping up worldwide. In the latest
campaigns, Sphinx is spreading via coronavirus-themed email sent to victims. Sphinx’s core
capability is to harvest online account credentials for online banking sites. When infected
users land on a targeted online banking portal, Sphinx dynamically fetches web injections
from its command-and-control (C2) server to modify the page that the user sees, so that the
information that the user enters into the log-in fields is sent to the cybercriminals.
It has been discovered that the bpf verifier in the Linux kernel did not properly calculate
register bounds for certain operations. A local attacker could use this to expose sensitive
information (kernel memory) or gain administrative privileges.
It has been discovered that Timeshift did not securely create temporary files. An attacker
could exploit a race condition in Timeshift and potentially execute arbitrary commands as
root.
WebKit2GTK is a web content engine library for GTK+. Multiple vulnerabilities have been
discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing
a malicious website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
The Versiant LYNX Customer Service Portal version 3.5.2 is vulnerable to stored cross-site
scripting, which may allow a local, authenticated attacker to execute arbitrary JavaScript.
A vulnerability has been discovered in OTRS, an authenticated user can guess other session
IDs based on its own. It is also possible to guess a password reset token or generate an
automated password. This issue affects ((OTRS)) Community Edition 5.0.x, 6.0.x and OTRS
7.0.x. It is recommended to upgrade to OTRS 7.0.16, ((OTRS)) Community Edition 6.0.27,
5.0.42.
It was discovered that the BlueZ's HID and HOGP profile implementations don't specifically
require bonding between the device and the host. Malicious devices can take advantage of
this flaw to connect to a target host and impersonate an existing HID device without
security or to cause an SDP or GATT service discovery to take place which would allow HID
reports to be injected to the input subsystem from a non-bonded source. It is recommended to
upgrade the bluez packages.
PostgreSQL is an advanced object-relational database management system (DBMS). Multiple
vulnerabilities such as stack-based buffer overflow and missing authorization checks have
been discovered in rh-postgresql10-postgresql. An update for rh-postgresql10-postgresql is
now available for Red Hat Software Collections.
The ipmitool packages contain a command-line utility for interfacing with devices that
support the Intelligent Platform Management Interface (IPMI) specification. A Buffer
overflow vulnerability in read_fru_area_section function in lib/ipmi_fru.c has been
discovered. An update for ipmitool is now available for Red Hat Enterprise Linux 7.
Stack-based Buffer Overflow vulnerability has been discovered in Advantech's Equipment-
WebAccess. Successful exploitation of this vulnerability may allow remote code execution.
Versions 12.9.1, 12.8.8, and 12.7.8 for GitLab Community Edition (CE) and Enterprise Edition
(EE) have been released. These versions contain important security fixes, and it is strongly
recommended that all GitLab installations be upgraded to one of these versions immediately.
Jenkins is a continuous integration server that monitors executions of repeated jobs, such
as building a software project or jobs run by cron. Deserialization in snakeyaml YAML()
objects can allow remote code execution. An update for jenkins-2-plugins is now available
for Red Hat OpenShift Container Platform 3.11.
SVG Image module allows to upload SVG files. The module did not sufficiently protect against
malicious code inside SVG files leading to a cross site scripting vulnerability.
An integer overflow vulnerability has been discovered in the International Components for
Unicode (ICU) library which could result in denial of service and potentially the execution
of arbitrary code. It is recommended to upgrade the icu packages.
Multiple vulnerabilities in SMA were discovered by the Micro Focus Service Management
Automation (SMA) R&D Team. These vulnerabilities allow improper neutralization of
special elements in SQL commands and may lead to the product being vulnerable to SQL
injection.
An improper authentication vulnerability has been discovered in some Huawei smartphones. The
Application doesn't perform proper authentication when user performs certain operations. An
attacker can trick user into installing a malicious plug-in to exploit this vulnerability.
Successful exploitation could allow the attacker to bypass the authentication to perform
unauthorized operations.
Serendipity has released Serendipity 2.3.4, fixing a security flaw that was present on
Windows installations only and exploitable only for users with upload rights on the Media
library.
A stored XSS vulnerability was discovered in Micro Focus Vibe prior to 4.0.7 which allows a
remote attacker to craft and store malicious content into Vibe such that when the content is
viewed by another user of the system, attacker controlled JavaScript will execute in the
security context of the target user’s browser.
DLL Side Loading vulnerability has been discovered in the installer for McAfee Application
and Change Control (MACC) prior to 8.3, this allows local users to execute arbitrary code
via execution from a compromised folder. It is recommended to install or update to McAfee
Application and Change Control (MACC) 8.3 or 8.2.6.
It was discovered that IBus did not enforce appropriate access controls on its private D-Bus
socket. A local unprivileged user who discovers the IBus socket address of another user
could exploit this to capture the key strokes of the other user.
Multiple vulnerabilities such as Path Traversal and Missing Authentication for Critical
Function have been discovered in Schneider Electric's Equipment- IGSS (Interactive Graphical
SCADA System). Successful exploitation of these vulnerabilities could result in unauthorized
access to sensitive data and functions.
Multiple vulnerabilities such as Relative Path Traversal, Incorrect Default Permissions,
Inadequate Encryption Strength, Insecure Storage of Sensitive Information, and Stack-based
Buffer Overflow have been discovered in VISAM's Equipment- VBASE. Successful exploitation of
these vulnerabilities could allow an attacker to read the contents of unexpected files,
escalate privileges to system level, execute arbitrary code on the targeted system, bypass
security mechanisms, and discover the cryptographic key for the web login.
Adobe has released a security update for the Adobe Creative Cloud Desktop Application for
Windows. Successful exploitation could lead to arbitrary file deletion.
Apple has released security updates to address multiple vulnerabilities affecting various
Apple products. A remote attacker could exploit some of these vulnerabilities to take
control of an affected system.
A memory leak has been discovered in the backport of fixes for CVE-2018-16864 in Red Hat
Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the
memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker
may use this flaw to make systemd-journald crash. This issue only affects versions shipped
with Red Hat Enterprise since v219-62.2.
Keijiban Tsumiki provided by Mash room is a CGI to provide Bulletin Board System (BBS)
functions. An OS command injection vulnerability has been discovered in Keijiban Tsumiki.
It has been discovered that Vim incorrectly handled certain sources, files and inputs. An
attacker could possibly use these vulnerabilities to cause a denial of service or execute
arbitrary code.
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF)
that provides container runtime. A volume mount race condition with shared mounts leads to
information leak/integrity manipulation. An update for runc is now available for Red Hat
Enterprise Linux 7 Extras.
Remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type
Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1
PostScript format. A remote attacker can exploit these vulnerabilities to take control of an
affected system.
The devtoolset-8-gcc packages provide the Red Hat Developer Toolset version of GNU Compiler
Collection (GCC), as well as related libraries. The POWER9 "DARN" RNG intrinsic produces
repeated output. An update for devtoolset-8-gcc is now available for Red Hat Developer
Toolset 8 for Red Hat Enterprise Linux.
A denial of service vulnerability (by triggering high CPU consumption) has been discovered
in Tor, a connection-based low-latency anonymous communication system. For the stable
distribution (buster), this problem has been fixed in version 0.3.5.10-1.
All versions of lix are vulnerable to Machine-In-The-Middle. The package accepts downloads
with http and follows location header redirects for package downloads. This allows for an
attacker in a privileged network position to intercept a lix package installation and
redirect the download to a malicious source.
An SQL injection vulnerability was discovered where malicious code could be used to trigger
an XSS attack through retrieving and displaying results. The attack requires an attacker be
able to insert specially-crafted data in to certain database tables, which when retrieved
can trigger the XSS attack.
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in
ActionView's JavaScript literal escape helpers. Views that use the `j` or
`escape_javascript` methods may be susceptible to XSS attacks. It is recommended to upgrade
the rails packages.
An unsafe object creation vulnerability has been discovered in the json gem bundled with
Ruby. When parsing certain JSON documents, the json gem (including the one bundled with
Ruby) can be coerced into creating arbitrary objects in the target system.
It was discovered that Twisted incorrectly validated URLs or HTTP methods, incorrectly
verified XMPP TLS certificates, incorrectly handled HTTP/2 connections and incorrectly
handled certain content-length headers. A remote attacker could use these issues to perform
header injection attacks, obtain sensitive information, lead to denial of service and
perform HTTP request splitting attacks respectively.
A missing NUL-termination check for the jail_set(2) configuration option "osrelease" may
return more bytes when reading the jail configuration back with jail_get(2) than were
originally set. For jails with a non-default setting of children.max > 0 ("nested jails") a
superuser inside a jail can create a jail and may be able to read and take advantage of
exposed kernel memory.
The zsh shell is a command interpreter usable as an interactive login shell and as a shell
script command processor. An insecure dropping of privileges when unsetting PRIVILEGED
option vulnerability has been discovered in zsh. An update for zsh is now available for Red
Hat Enterprise Linux 8.
Cross-site Scripting vulnerability has been discovered in Systech Corporation's Equipment-
NDS-5000 Terminal Server. Successful exploitation of this vulnerability could allow
information disclosure, limit system availability, and may allow remote code execution.
Improper Access Control vulnerability has been discovered in Insulet's Equipment- Omnipod
Insulin Management System. Successful exploitation of this vulnerability may allow an
attacker to gain access to the affected products to intercept, modify, or interfere with the
wireless RF (radio frequency) communications to or from the product. This may allow
attackers to read sensitive data, change pump settings, or control insulin delivery.
Google has released Chrome version 80.0.3987.149 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system.
Cisco has released security updates to address multiple vulnerabilities in SD-WAN Solution
software. An attacker could exploit these vulnerabilities to take control of an affected
system.
Drupal has released security updates to address vulnerabilities affecting Drupal 8.7.x and
8.8.x. An attacker could exploit these vulnerabilities to take control of an affected
system.
A Pakistani-linked threat actor, APT36, has been using a decoy health advisory that taps
into global panic around the coronavirus pandemic to spread the Crimson RAT. The
functionalities of the Crimson RAT include stealing credentials from victims’ browsers,
capturing screenshots, collecting anti-virus software information, and listing the running
processes, drives and directories from victim machines. The use of such data exfiltration
capabilities are common for APT36 (also known as Transparent Tribe, ProjectM, Mythic
Leopard, and TEMP.Lapis), active since 2016.
Multiple vulnerabilities such as Stack-based Buffer Overflow and Out-of-bounds Read have
been discovered in Delta Electronics' Equipment- Delta Industrial Automation CNCSoft
ScreenEditor. Successful exploitation of these vulnerabilities could cause buffer overflow
conditions that may allow information disclosure, remote code execution, or crash the
application.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS.
Successful exploitation could lead to arbitrary code execution in the context of the current
user.
Remote Code Execution (RCE) vulnerability has been discovered in CMS Made Simple 2.2.13, it
is vulnerable using crafted JPG extension files through the Filemanager.
Multiple vulnerabilities have been discovered in Trend Micro Worry-Free Business Security.
An attacker could exploit these vulnerabilities to take control of an affected system.
It was discovered that there was a buffer overflow vulnerability in slirp, a SLIP/PPP
emulator for using a dial up shell account. This was caused by the incorrect usage of return
values from snprintf(3). It is recommended to upgrade the slirp packages.
VMware Workstation and Fusion contain a use-after vulnerability in vmnetdhcp. Successful
exploitation of this issue may lead to code execution on the host from the guest or may
allow attackers to create a denial-of-service condition of the vmnetdhcp service running on
the host machine.
A remote code execution vulnerability exists in the way that the Microsoft Server Message
Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully
exploited the vulnerability could gain the ability to execute code on the target server or
client.
Improper Access Control vulnerability has been discovered in Rockwell Automation's
Equipment- Allen-Bradley Stratix 5950. Successful exploitation of this vulnerability could
allow an attacker to write a modified image to the component.
Trend Micro has released an updated version of Trend Micro Password Manager 5.0 (Windows)
that resolves a DLL hijacking vulnerability in both the standalone version of the product
and the versions packed with the latest version of Trend Micro Security (Consumer).
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of FortiSIEM could
allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated
user's session by persuading the victim to follow a malicious link.
Data collection analyzer MELQIC IU1 series provided by Mitsubishi Electric Corporation
contain multiple vulnerabilities in TCP/IP function included in the firmware. By receiving a
packet which is specially crafted by an attacker, the network functions of the products may
be stopped or malware may be executed.
An out-of-bounds read vulnerability has been discovered in some Huawei products. Due to a
logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit
this vulnerability to disrupt service in the affected products.
Apache ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to
load datasource configuration. SnakeYAML allows to unmarshal data to a Java type by using
the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE. An attacker
can use untrusted data to fill in the DataSource Config after login the sharding-ui.
TIBCO Spotfire Server Script Trust Problem exposes remote code execution vulnerability. This
vulnerability allows an attacker with write permissions to the Spotfire Library, but not
"Script Author" group permission, to modify attributes of files and objects saved to the
library such that the system treats them as trusted. This could allow an attacker to cause
the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code
with the privileges of the system account that started those processes.
Improper access control vulnerability in the subsystem for Intel(R) Smart Sound Technology
may allow an authenticated user to potentially enable escalation of privilege via local
access.
Puppet Server and PuppetDB may leak sensitive information via metrics API. PE 2018.1.13
& 2019.4.0, Puppet Server 6.9.1 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable
trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default.
Multiple vulnerabilities have been discovered in various Siemens' Equipment. An attacker
could exploit some of these vulnerabilities to take control of an affected system.
Improper Restriction of XML External Entity Reference and Improper Input Validation
vulnerabilities have been discovered in Johnson Controls' Equipment- Metasys and EntraPass.
Successful exploitation of these vulnerabilities can allow a denial-of-service attack or
disclosure of sensitive data and malicious code execution with system-level privileges
respectively.
Multiple vulnerabilities such as Use of Hard-coded Cryptographic Key, Use of a Broken or
Risky Algorithm for Password Protection, Use of Client-Side Authentication and Cleartext
Storage of Sensitive Information have been discovered in Rockwell Automation's Equipment-
MicroLogix 1400 Controllers, MicroLogix 1100 Controllers, and RSLogix 500 Software.
Successful exploitation of these vulnerabilities could allow an attacker to gain access to
sensitive project file information including passwords.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR.
An attacker could exploit some of these vulnerabilities to take control of an affected
system.
Potential security vulnerabilities in Intel Graphics Drivers may allow escalation of
privilege, denial of service and/or information disclosure. Intel has released software
updates to mitigate these potential vulnerabilities.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A
remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
A Stored XSS vulnerability has been discovered in Ramp Altimeter that allows a malicious
user to store arbitrary JavaScript payloads on the application server.
An unauthenticated remote code execution vulnerability was discovered in ManageEngine
Desktop Central. This vulnerability could allow remote attackers to execute arbitrary code
on affected installations of Desktop Central. Authentication is not required to exploit this
vulnerability. It is recommended to update to the latest version.
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header
parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers
to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was
located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header
in a particular manner. An attacker may exploit this vulnerability to perform an HTTP
request smuggling attack.
NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update
addresses issues that may lead to denial of service, escalation of privileges, or
information disclosure.
Multiple vulnerabilities such as Information Exposure Through Sent Data, Buffer Access with
Incorrect Length Value, Missing Authentication for Critical Function, and Classic Buffer
Overflow have been discovered in WAGO's Equipment- I/O-CHECK Series PFC100 and Series
PFC200. Successful exploitation of these vulnerabilities could allow an attacker to change
settings, delete the application, run remote code, cause a system crash, cause a
denial-of-service condition, revert to factory settings, and overwrite MAC addresses.
Waitress is a pure Python WSGI server which supports HTTP/1.0 and HTTP/1.1. Multiple
vulnerabilities have been discovered in python-waitress. An update for python-waitress is
now available for Red Hat OpenStack Platform 15 (Stein).
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application
platform solution designed for on-premise or private cloud deployments. HTTP/1.1 headers
with a space before the colon led to filter bypass or request smuggling. An update for
ose-installer-artifacts-container and ose-installer-container is now available for Red Hat
OpenShift Container Platform 4.2.
It was discovered that there was an out-of-bounds write vulnerability in pdfresurrect, a
tool for extracting or scrubbing versioning data from PDF documents. It is recommended to
upgrade the pdfresurrect packages.
A vulnerability in the handling of HTTP sessions within Wing FTP Server allows any local
user to escalate privileges to root on Linux, MacOS, and Solaris. Exploitation is contingent
on an already-established administrative session.
pppd (Point to Point Protocol Daemon) versions 2.4.2 through 2.4.8 are vulnerable to buffer
overflow due to a flaw in Extensible Authentication Protocol (EAP) packet processing in
eap_request and eap_response subroutines.
A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection
(AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an
unauthenticated remote attacker to exhaust resources on an affected device.
Critical cross site scripting vulnerability has been discovered in Drupal SVG Formatter.
This vulnerability is mitigated by the fact that an attacker must be able to upload SVG
files. It is recommended to upgrade the SVG Formatter module for Drupal 8.x to SVG Formatter
8.x-1.12.
Insufficient data validation vulnerability has been discovered in the open-source project
for YubiKey Validation Server. This issue potentially affects developers, partners, and
customers who have used a YubiKey Validation Server to build a self-hosted one-time password
(OTP) validation service. The default configuration of the service only exposes the verify
API, which could allow an attacker to perform a denial of service, potentially preventing
legitimate authentications.
Google has released Chrome version 80.0.3987.132 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system.
It was discovered that there was an issue where incorrect default permissions on a HTTP
cookie store could have allowed local attackers to read private credentials in libzypp, a
package management library that powers applications. It is recommended to upgrade the
libzypp packages.
The qemu-kvm-ma packages provide the user-space component for running virtual machines that
use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. OOB heap access via
an unexpected response of iSCSI Server vulnerability was discovered. An update for
qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.
Uncontrolled Resource Consumption vulnerability has been discovered in Omron's Equipment-
PLC CJ Series. Successful exploitation of this vulnerability could cause a denial-of-service
condition.
Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in
Phoenix Contact's Equipment- Emalytics Controller ILC 2050 BI(L). Successful exploitation of
this vulnerability could allow an attacker to change the device configuration and start or
stop services.
Improper Access Control vulnerability has been discovered in Emerson's Equipment- ValveLink.
Successful exploitation of this vulnerability could allow arbitrary code execution.
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to
process text files and to perform system management tasks. Multiple vulnerabilities have
been discovered in Ruby. An update for ruby is now available for Red Hat Enterprise Linux
7.6 Extended Update Support.
Multiple vulnerabilities have been discovered in kernel. An update for kernel is now
available for Red Hat Enterprise Linux 7.2 Advanced Update Support.
The Pixel Update Bulletin contains details of security vulnerabilities and functional
improvements affecting supported Pixel devices (Google devices). For Google devices,
security patch levels of 2020-03-05 or later address all issues in this bulletin and all
issues in the March 2020 Android Security Bulletin.
The Android Security Bulletin contains details of security vulnerabilities affecting Android
devices. Security patch levels of 2020-03-05 or later address all of these issues.
A vulnerability in the implementation of the wireless egress packet processing of certain
Broadcom Wi-Fi chipsets has been discovered. Multiple Cisco wireless products are affected
by this vulnerability. This vulnerability could allow an unauthenticated, adjacent attacker
to decrypt Wi-Fi frames without the knowledge of the Wireless Protected Access (WPA) or
Wireless Protected Access 2 (WPA2) Pairwise Temporal Key (PTK) used to secure the Wi-Fi
network.
An use-after-free flaw in the memory pool allocator in ProFTPD, a powerful modular
FTP/SFTP/FTPS server, has been discovered. Interrupting current data transfers can corrupt
the ProFTPD memory pool, leading to denial of service, or potentially the execution of
arbitrary code. It is recommended to upgrade proftpd-dfsg packages.
Multiple vulnerabilities such as Cross-site Request Forgery, Improper Neutralization of HTTP
Headers for Scripting Syntax, and Use of Obsolete Function have been discovered in
Honeywell's Equipment- WIN-PAK. Successful exploitation of these vulnerabilities allows an
attacker to perform remote code execution.
Google has released Chrome version 80.0.3987.122 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system.
OpenSMTPD has released version 6.6.4p1 to address a critical vulnerability. A remote
attacker could exploit this vulnerability to take control of an affected server.
It has been discovered that pysaml2, a Python implementation of SAML to be used in a WSGI
environment, was susceptible to XML signature wrapping attacks, which could result in a
bypass of signature verification. It is recommended to upgrade the python-pysaml2 packages.
KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is
backward-compatible with the Bourne shell (sh) and includes many features of the C shell.
Certain environment variables interpreted as arithmetic expressions on startup, lead to code
injection vulnerability. An update for ksh is now available for Red Hat Enterprise Linux 8.
Multiple vulnerabilities such as Cleartext Transmission of Sensitive Information, Origin
Validation Error, Use of Hard-coded Credentials, Weak Password Recovery Mechanism for
Forgotten Password, and Weak Password Requirements have been discovered in various
Equipments- RP 210E Remote Panels, DCU 210E Control Units, and Marine Observer Pro (Android
App). Successful exploitation of these vulnerabilities could allow a remote attacker to gain
root access to the underlying operating system of the device and may allow read/write
access.
Multiple vulnerabilities such as Authentication Bypass by Capture-replay and Path Traversal
have been discovered in Honeywell's Equipment- NOTI-FIRE-NET Web Server (NWS-3). Successful
exploitation of these vulnerabilities could result in an attacker bypassing web server
authentication methods.
Deserialization of Untrusted Data vulnerability has been discovered in Rockwell Automation's
Equipment- FactoryTalk Diagnostics. Successful exploitation of this vulnerability could
allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM level
privileges.
Improper Authorization vulnerability has been discovered in B&R Industrial Automation
GmbH's Equipment- Automation Studio and Automation Runtime. Successful exploitation of this
vulnerability may allow a remote attacker to modify the configuration of affected devices.
Adobe has released an update for Adobe After Effects and Media Encoder. This update resolves
a critical out-of-bounds write vulnerability that could lead to arbitrary code execution in
the context of the current user.
Cisco has released security updates to address vulnerabilities affecting multiple products.
A remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
Google has released Chrome version 80.0.3987.116 for Windows, Mac, and Linux. This version
addresses vulnerabilities that an attacker could exploit to take control of an affected
system.
Heap-based Buffer Overflow vulnerability has been discovered in Emerson's Equipment-
OpenEnterprise SCADA Server. Successful exploitation of this vulnerability could allow an
attacker to execute code on an OpenEnterprise SCADA Server.
Improper Privilege Management vulnerability has been discovered in Honeywell's Equipment-
INNCOM INNControl 3. Successful exploitation of this vulnerability could allow an attacker
to escalate user privileges within the INNControl application.
Improper Input Validation vulnerability has been discovered in Spacelabs' Equipment- Xhibit
Telemetry Receiver. An attacker can exploit this vulnerability to perform remote code
execution on an unprotected system.
Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow,
Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer,
Race Condition, Argument Injection, and Null Pointer Dereference have been discovered in
various Equipments- OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP
Infusion, and VxWorks by Wind River. Successful exploitation of these vulnerabilities could
allow remote code execution.
Protection Mechanism Failure vulnerability has been discovered in GE's Equipment- Ultrasound
Products. The affected GE Healthcare ultrasound devices utilize a method of software
application implementation called “Kiosk Mode.” This Kiosk Mode is vulnerable to local
breakouts, which could allow an attacker with physical access to gain access to the
operating system of affected devices.
Db2 is vulnerable to denial of service. Db2 could allow an attacker to send specially
crafted packets to the Db2 server to cause excessive memory usage and cause Db2 to terminate
abnormally.
It has been discovered that ClamAV, an antivirus software, was susceptible to a denial of
service attack by unauthenticated users via inefficient MIME parsing of especially crafted
email files.
Multiple security issues were found in PHP, a widely-used open source general purpose
scripting language which could result in information disclosure, denial of service or
incorrect validation of path names.
Multiple vulnerabilities such as command injection, disclosure of uninitialized memory and
buffer overflow have been discovered in evince, a simple multi-page document viewer.
An Insufficient Verification of Data Authenticity vulnerability in FortiManager may allow an
unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
Improper Check for Unusual or Exceptional Conditions vulnerability has been discovered in
Schneider Electric's Equipment- Magelis HMI Panel. Successful exploitation of this
vulnerability could allow a denial-of-service condition.
Improper Check for Unusual or Exceptional Conditions and Improper Access Control
vulnerabilities have been discovered in Schneider Electric's Equipment- Modicon BMXNOR0200H.
Successful exploitation of these vulnerabilities could allow remote code execution or cause
a denial-of-service condition.
An out-of-bound read vulnerability has been discovered in Huawei Firewall products that the
IPSec module does not validate a field in a specific message. Attackers can exploit this
vulnerability to send malformed message to cause out-of-bound read, compromising normal
service.
A denial-of-service (DoS) vulnerability has been discovered in Palo Alto Networks
GlobalProtect software running on Mac OS. This vulnerability allows authenticated local
users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5
and earlier versions of GlobalProtect 5.0 on Mac OS.
Missing XML validation vulnerability has been discovered in the PAN-OS web interface on Palo
Alto Networks PAN-OS software. This vulnerability allows authenticated users to inject
arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions
earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6.
Denial of service via an algorithmic complexity attack on email address parsing has been
discovered in libemail-address-list-perl. It is recommended to upgrade the
libemail-address-list-perl packages.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in
denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect
TLS handshakes. It is recommended to upgrade the openjdk-8 packages.
A remote code execution vulnerability exists in Microsoft Exchange Server when the server
fails to properly create unique keys at install time. Knowledge of the validation key allows
an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web
application, which runs as SYSTEM. This security update addresses the vulnerability by
correcting how Microsoft Exchange creates the keys during install.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR,
and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of
an affected system.
Adobe has released security updates to address vulnerabilities in multiple Adobe products.
An attacker could exploit some of these vulnerabilities to take control of an affected
system.
Intel has released security updates to address vulnerabilities in multiple products. An
attacker could exploit these vulnerabilities to gain escalation of privileges.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A
remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
Unrestricted Upload of File with Dangerous Type and Cross-site Scripting vulnerabilities
have been discovered in Digi International's Equipment- ConnectPort LTS 32 MEI. Successful
exploitation of these vulnerabilities could limit system availability.
Multiple vulnerabilities have been discovered in multiple products of Siemens. A remote
attacker could exploit some of these vulnerabilities to take control of an affected system.
Improper Authentication and Improper Input Validation vulnerabilities have been discovered
in Synergy Systems & Solutions' Equipment- HUSKY RTU. Successful exploitation of these
vulnerabilities could allow an attacker to read sensitive information, execute arbitrary
code, or cause a denial-of-service condition.
The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for
Independent Computing Environments (SPICE) clients. Insufficient encoding checks for LZ can
cause different integer/buffer overflows.
It has been discovered that libykpiv, a supporting library of the Yubico PIV Tool and
YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made,
malicious USB device could potentially execute arbitrary code on a computer running the
Yubico PIV Tool or Yubikey PIV Manager.
It has been discovered that libexif incorrectly handled certain files. An attacker could
possibly exploit these vulnerabilities to access sensitive information, cause a denial of
service or execute arbitrary code.
A system command injection vulnerability has been discovered in FortiAP. This vulnerability
in FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system
level commands via specially crafted ifconfig commands.
It has been discovered that Qt incorrectly handled certain PPM images, text files and
incorrectly searched for plugins and libraries in the current working directory. A remote
attacker could exploit these vulnerabilities to cause a denial of service and execute
arbitrary code on an affected system.
An out-of-bounds write vulnerability due to an integer overflow has been reported in
libexif, a library to parse exif files. This flaw might be leveraged by remote attackers to
cause denial of service, or potentially execute arbitrary code via crafted image files.
It has been discovered that HPE Superdome Flex Server is vulnerable to multiple remote
vulnerabilities via improper input validation of administrator commands. This vulnerability
could allow an Administrator to bypass security restrictions and access multiple remote
vulnerabilities including information disclosure, or denial of service.
A new loader type has been identified that takes advantage of the wlanAPI interface to
enumerate all Wi-Fi networks in the area, and then attempts to spread to these networks,
infecting all devices that it can access in the process.
It has been reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in
Java, does perform deserialization of the server-side exception serialized in the faultCause
attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of
this flaw to execute arbitrary code with the privileges of an application using the Apache
XMLRPC client library.
CDP supported devices are vulnerable to heap overflow in Cisco IP Cameras (CVE-2020-3110),
stack overflow in Cisco VoIP devices (CVE-2020-3111), a format string stack overflow
vulnerability (CVE-2020-3118),
stack overflow and arbitrary write (CVE-2020-3119), and a resource exhaustion
denial-of-service vulnerability (CVE-2020-3120)
in Cisco NX-OS switches and Cisco IOS XR Routers, among others. These vulnerabilities could
allow an attacker on the
local network to execute code or cause a denial of service.
Multiple vulnerabilities have been discovered in CA Unified Infrastructure Management
(Nimsoft / UIM) of CA Technologies, a Broadcom Company. These vulnerabilities could allow an
unauthenticated remote attacker to execute arbitrary code or commands, read from or write to
systems, or conduct denial of service attacks.
Insufficiently Protected Credentials vulnerability has been discovered
in AutomationDirect's Equipment- C-More Touch Panels EA9 Series. Successful
exploitation of this vulnerability may allow an attacker to get account
information such as usernames and passwords, obscure or manipulate process data, and lock
out access to the device.
It has been discovered that Django incorrectly handled input in the PostgreSQL module.
A remote attacker could possibly use this to perform SQL injection attacks.
It has been discovered that GraphicsMagick incorrectly handled certain image files.
An attacker could possibly use this issue to cause a denial of service or other unspecified
impact.
Symantec has released updates to address issues that were discovered in the Symantec
Endpoint Protection (SEP), Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint
Protection Small Business Edition (SEP SBE) products.
An Uncontrolled Resource Consumption vulnerability has been
discovered in multiple products of Fortiguard. This vulnerability
could allow an attacker to cause web service portal denial of
service (DoS) via handling special crafted HTTP requests/responses in pieces slowly.
Sudo incorrectly handled memory operations when the pwfeedback
option is enabled. A local attacker could possibly use this issue
to obtain unintended access to the administrator account.
Cosminexus Developer's Kit for Java and Hitachi Developer's Kit for Java
contain the following vulnerabilities: CVE-2020-2583, CVE-2020-2590, CVE-2020-2593,
CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2655, CVE-2020-2659.
Memory mismanagement vulnerability has been discovered in QEMU 4.2.0.
This vulnerability can cause a heap-based buffer overflow or other
out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
A vulnerability has been discovered in OpenSMTPD.
An incorrect check allows an attacker to trick mbox delivery into executing arbitrary
commands as root and lmtp delivery into executing arbitrary commands as an unprivileged
user.
Multiple vulnerabilities have been discovered in the stream-tcp code of the intrusion
detection and prevention tool Suricata. These vulnerabilities can cause to bypass any
tcp based signature by either faking a closed TCP session using an evil server or
overlapping a TCP segment with a fake FIN packet.
Cisco has released security updates to address multiple vulnerabilities
affecting the web UI of Cisco Small Business Switches. These vulnerabilities
could allow an unauthenticated, remote attacker to access sensitive device
information and cause a denial of service condition on an affected device.
Multiple vulnerabilities have been discovered in the WebKitGTK+ Web and JavaScript engines.
A remote attacker could exploit a variety of issues related to web browser security,
including
cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Multiple vulnerabilities have been discovered in Linux Kernel.
A local attacker could use these vulnerabilities to expose sensitive
information, gain administrative privileges and could possibly use this to cause a denial of
service.
Apple has released security updates to address vulnerabilities in multiple products.
An attacker could exploit some of these vulnerabilities to take control of an affected
system.
Unprotected Storage of Credentials, Improper Input Validation, Use of Hard-coded
Credentials,
Missing Authentication for Critical Function, Unrestricted Upload of File with Dangerous
Type
and Inadequate Encryption Strength vulnerabilities have been discovered in GE's equipments -
CARESCAPE
Telemetry Server, ApexPro Telemetry Server, CARESCAPE Central Station (CSCS) and Clinical
Information
Center (CIC) systems, CARESCAPE B450, B650, B850 Monitors.
Multiple vulnerabilities were identified in Cisco products.
A remote attacker could exploit some of these vulnerabilities to trigger denial of service
condition, disclose sensitive information,
and bypass security restriction on the targeted system.
OpenSLP is an open source implementation of the Service Location Protocol (SLP).
Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c may lead to remote code
execution.
The libarchive programming library can create and read several different streaming archive
formats,
including GNU tar, cpio, and ISO 9660 CD-ROM images. Use-after-free vulnerability has been
discovered
in archive_read_format_rar_read_data when there is an error in the decompression of an
archive entry.
Multiple vulnerabilities have been found in zlib. An attacker could use
this issue to cause zlib to crash, resulting in a denial of service, or
arbitrary code execution.
It was discovered that GraphicsMagick incorrectly handled certain image files.
An attacker could possibly use this issue to cause a denial of service or other unspecified
impact.
Deserialization of Untrusted Data and SQL Injection vulnerabilities have been discovered
in Honeywell's equipments - MAXPRO VMS & NVR. Successful exploitation of these
vulnerabilities
could result in elevation of privileges, cause a denial-of-service condition, or allow
unauthenticated remote code execution.
The Samba Team has released security updates to address vulnerabilities in multiple versions
of Samba.
An attacker could exploit one of these vulnerabilities to take control of an affected
system.
Red Hat JBoss Enterprise Application Platform 7.2.6 released
security update which is now available for Red Hat Enterprise Linux 6, Linux 7 and Linux 8.
It was discovered that Sysstat incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or execute arbitrary code.
A vulnerability has been found in the handling of chunked HTTP in openconnect,
an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN.
A malicious HTTP server (after having accepted its identity certificate),
can provide bogus chunk lengths for chunked HTTP encoding and cause a heap-based buffer
overflow.
Multiple vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in
denial of service,
incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
Microsoft has released a security advisory to address a critical vulnerability in Internet
Explorer.
A remote attacker could exploit this vulnerability to take control of an affected system.
Google has released Chrome version 79.0.3945.130 for Windows, Mac, and Linux.
This version addresses vulnerabilities that an attacker could exploit to take control of an
affected system.
Improper Check for Unusual or Exceptional Conditions vulnerability has been discovered in
Schneider Electric's Equipments- Modicon M580, Modicon M340, Modicon Quantum, and Modicon
Premium.
Successful exploitation of this vulnerability could result in a denial-of-service condition.
Multiple vulnerabilities have been discovered in Cisco Data Center Network Manager (DCNM).
A remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
A use of hard-coded cryptographic key vulnerability in
FortiSIEM may allow a remote unauthenticated attacker to obtain
SSH access to the supervisor as the restricted user "tunneluser" by
leveraging knowledge of the private key from another installation or a firmware image.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software.
A remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
Intel has released security updates to address vulnerabilities in multiple products.
An authenticated attacker with local access could exploit some of these vulnerabilities to
gain escalation of privileges.
Adobe has released security updates to address vulnerabilities in Illustrator CC and
Experience Manager.
An attacker could exploit some of these vulnerabilities to take control of an affected
system.
VMware has released a security update to address a vulnerability in VMware Tools.
An attacker could exploit this vulnerability to take control of an affected system.
Oracle has released its Critical Patch Update for January 2020 containing 334 new security
patches
to address vulnerabilities across multiple products.
A remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
Multiple vulnerabilities have been discovered in multiple products of Siemens.
A remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
Improper Access Control, Cross-site Request Forgery (CSRF), Cross-site Scripting
and Inclusion of Sensitive Information in Log Files vulnerabilities have been
found in OSIsoft LLC's equipment- PI Vision. Successful exploitation of these
vulnerabilities may allow disclosure of sensitive information and limit the availability of
the system.
Improper Input Validation vulnerability has been found in GE/Emerson's equipment- PACSystems
RX3i.
Successful exploitation of this vulnerability could cause the system to change to halt-mode,
resulting in a denial-of-service condition.
Multiple vulnerabilities have been discovered in SpamAssassin- Perl-based spam filter using
text analysis.
SpamAssassin incorrectly handled certain messages and certain CF files which may cause
denial of service
and arbitrary code execution respectively.
A vulnerability has been discovered in Libgcrypt which affects the releases of Ubuntu and
its derivatives.
It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could
possibly use
this attack to recover sensitive information.
A vulnerability has been discovered in nginx which affects the releases of Ubuntu and its
derivatives.
A remote attacker could possibly use this issue to perform HTTP request smuggling attacks
and
access resources contrary to expectations.
USN-4047-1 fixed a vulnerability in libvirt-Libvirt virtualization toolkit.
This update provides the corresponding update for Ubuntu and its derivatives: Ubuntu 14.04
ESM.
Multiple vulnerabilities have been discovered in the Xen hypervisor,
which could result in denial of service, guest-to-host privilege escalation or information
leaks.
A Hard-coded password vulnerability has been discovered in the FortiSIEM database component
that may allow attackers to access the device database via the use of static credentials.
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird.
An attacker could exploit these vulnerabilities to take control of an affected system.
A hook script of ldm, the display manager for the Linux Terminal Server Project
incorrectly parsed responses from an SSH server which could result in local root privilege
escalation.
A security issue was discovered in ntpq and ntpdc that incorrectly handled some arguments.
An attacker could possibly use this issue to cause ntpq or ntpdc to crash, execute arbitrary
code, or escalate to higher privileges.
A hook script of ldm, the display manager for the Linux Terminal Server Project,
incorrectly parsed responses from an SSH server, which could result in local root privilege
escalation.
Juniper Networks has released security updates to address multiple vulnerabilities in
various Juniper products.
A remote attacker could exploit some of these vulnerabilities to take control of an affected
system.
A sensitive information disclosure vulnerability has been discovered
in the VMware Workspace ONE SDK. Updates are available to address this vulnerability in
affected VMware products.
Cisco has released security updates to address vulnerabilities in Cisco Webex Video Mesh,
Cisco IOS, and Cisco IOS XE Software. A remote attacker could exploit these vulnerabilities
to take control of an affected system.
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR.
An attacker could exploit this vulnerability to take control of an affected system.
A vulnerability has been discovered in the web-based GUI of Cisco IP Phone 6800, 7800,
and 8800 Series with Multiplatform Firmware that could allow an authenticated,
remote attacker to conduct a Cross-Site Scripting (XSS) attack against a user
of the web-based interface of an affected system.
Multiple vulnerabilities have been discovered in Wordpress, a web blogging tool.
An attacker could exploit these vulnerabilities to perform various Cross-Site Scripting
(XSS)
and Cross-Site Request Forgery (CSRF) attacks, create open redirects, poison cache, and
bypass authorization access and input sanitation.
Google has released security updates for Chrome version 79.0.3945.117 for Windows,
Mac, and Linux. This version addresses a vulnerability that an attacker could exploit
to take control of an affected system.
Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow,
Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer,
Race Condition, Argument Injection, and Null Pointer Dereference have been discovered in
different Equipments- OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON,
ZebOS by IP Infusion, and VxWorks by Wind River. Successful exploitation of these
vulnerabilities could allow remote code execution.
Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privilege escalation
vulnerability,
which is a type of issue whereby an attacker may attempt to compromise the software
application
to gain elevated access to resources that are normally protected from an application or
user.
Multiple vulnerabilities referred to as Dragonblood have been discovered in FortiGuard's
product- FortiOS, FortiAP-S/W2, Meru AP and Meru Controller. Dragonblood vulnerabilities
exists in WiFi WPA3 standard implementations that can cause password leak,
denial of service or authorization bypass.
Multiple vulnerabilities have been identified in GitLab, a remote
attacker could exploit some of these vulnerabilities to trigger
denial of service, security restriction bypass and sensitive information disclosure on the
targeted system.
Multiple vulnerabilities have been discovered in IBM's Equipment.
An attacker could exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities such as Authentication Bypass, SQL Injection, Path Traversal,
Command Injection,
Read Access, and Unauthorised Access have been discovered in Cisco Data Center Network
Manager (DCNM).
An attacker could exploit these vulnerabilities to take control of an affected system.