Alerts and Advisories- 2020




January   February   March   April   May   June   July   August   September   October   November   December  


  • libxstream-java security update (31 Dec 2020)

    Multiple vulnerabilities such as Server-Side Forgery Request, and Arbitrary File Deletion have been discovered in XStream. It is recommended to upgrade the libxstream-java packages.
    CVE ID: CVE-2020-26258 (High), CVE-2020-26259 (Medium)

  • McAfee Security Bulletin (30 Dec 2020)

    A Cross Site Request Forgery (CSRF) vulnerability has been discovered in McAfee Network Security Management (NSM) which may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request. The affected version are McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55.
    CVE ID: CVE-2020-7336 (Medium)

  • Multiple vulnerabilities in QNAP (30 Dec 2020)

    Multiple vulnerabilities identified in QNAP Products, a remote attacker may exploit some of these vulnerabilities to trigger disclose sensitive information and data manipulation on the targeted system. These issues do not affect in QNAP version QTS 4.5.1.1456 build 20201015 (and later), QuTS hero h4.5.1.1472 build 20201031 (and later) & QuTScloud c4.5.2.1379 build 20200730 (and later).
    CVE ID: CVE-2018-19944 (Medium), CVE-2018-19941 (Medium), CVE-2018-19945 (High)

  • Vulnerability in OpenEMR (30 Dec 2020)

    It has been discovered that OpenEMR, the most popular open source electronic health records and medical practice management solution allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file. The affected version is OpenEMR 5.0.1.3.
    CVE ID: CVE-2018-16795

  • Vulnerability in Green Packet WiMax DV-360 (30 Dec 2020)

    It has been discovered that Green Packet WiMax DV-360 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. The affected version is Green Packet WiMax DV-360 2.10.14-g1.0.6.1.
    CVE ID: CVE-2018-14067

  • Vulnerability in Green Packet WiMax DV-360 (30 Dec 2020)

    It has been discovered that GDrayTek Vigor2960, wireless access point allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. The affected version is GDrayTek Vigor2960 1.5.1.
    CVE ID: CVE-2020-19664

  • Vulnerability in USVN (30 Dec 2020)

    It has been discovered that User-Friendly USVN, a web interface written in PHP used to configure Subversion repositories allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline. The affected versions are USVN before 1.0.9.
    CVE ID: CVE-2020-17363

  • Vulnerability in CPE WAN Management Protocol of Amino Communications (29 Dec 2020)

    Command Injection vulnerability has been discovered in the CPE WAN Management Protocol (CWMP) registration in Amino Communications. The vulnerability allows Man-in-the-Middle attackers to execute arbitrary commands with root level privileges. The affected versions are AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B.
    CVE ID: CVE-2020-10209

  • Vulnerability in Inventory module of 1E Client (29 Dec 2020)

    It has been discovered that the Inventory module of the 1E Client doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\.
    CVE ID: CVE-2020-27644

  • Vulnerability in Agentejo Cockpit (29 Dec 2020)

    It has been discovered that Agentejo Cockpit allows NoSQL injection vulnerability via the Controller/Auth.php newpassword function. The affected versions are Agentejo Cockpit before 0.11.2.
    CVE ID: CVE-2020-35848

  • roundcube security update (28 Dec 2020)

    A vulnerability has been discovered in roundcube, a web-based IMAP email client where in a cross-site scripting (XSS) via HTML or Plain text messages with malicious content is possible. It is recommended to upgrade the roundcube packages.
    CVE ID: CVE-2020-35730 (Medium)

  • Vulnerability Summary (28 Dec 2020)

    Summary of vulnerabilities for the week of December 21, 2020.

  • SPIP security update (28 Dec 2020)

    It has been discovered that SPIP, a website engine for publishing, does not correctly validate its input (couleur, display, display_navigation, display_outils, imessage, and spip_ecran) which allows authenticated users to execute arbitrary code. It is recommended to upgrade the spip packages.
    CVE ID: CVE-2020-28984 (Critical)

  • Vulnerability in HedgeDoc (28 Dec 2020)

    HedgeDoc is a collaborative platform for writing and sharing markdown. It has been discovered that an attacker can inject arbitrary `script` tags in HedgeDoc notes using mermaid diagrams. The affected versions are HedgeDoc before version 1.7.1.
    CVE ID: CVE-2020-26287 (High)

  • Distributed Denial of Service vulnerability in Citrix ADC (23 Dec 2020)

    A Distributed Denial of Service(DDoS) vulnerability has been discovered in Citrix ADC. An attacker or bots can overwhelm the Citrix ADC DTLS network throughput, potentially leading to outbound bandwidth exhaustion.

  • Vulnerability in iSM client (23 Dec 2020)

    It has been discovered that iSM client running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate. The affected versions are iSM client versions from V5.1 prior to V12.1.
    CVE ID: CVE-2020-5684

  • Vulnerability in HTTP package for Dart (23 Dec 2020)

    A vulnerability has been discovered in the HTTP package for Dart. If an attacker controls the HTTP method and the App is using request directly, it's possible to achieve Carriage Return and Line Feed (CRLF) injection in an HTTP request. The affected version are HTTP package through 0.12.2 for Dart.
    CVE ID: CVE-2020-35669

  • Vulnerability in BigProf Online Invoicing System (23 Dec 2020)

    It has been discovered that BigProf Online Invoicing System fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. The affected versions are BigProf Online Invoicing System before 4.0.
    CVE ID: CVE-2020-35677

  • Awstats security update (23 Dec 2020)

    It has been discovered that Awstats, a web server log analyzer, is vulnerable to path traversal attacks. A remote unauthenticated attacker can leverage that to perform arbitrary code execution. It is recommended to upgrade the awstats packages.
    CVE ID: CVE-2020-29600 (Critical), CVE-2020-35176 (Medium)

  • Multiple vulnerabilities in QNAP (23 Dec 2020)

    Multiple vulnerabilities have been discovered in QES, QTS and QuTS hero of QNAP. A remote attacker can exploit some of these vulnerabilities to trigger remote code execution, disclose sensitive information, cross-site scripting and bypass security restriction on the targeted system.
    CVE ID: CVE-2020-2499 (High), CVE-2016-6903 (High), CVE-2020-25847 (High), CVE-2020-2503 (Critical), CVE-2020-2504 (Medium), CVE-2020-2505 (Low)

  • Security update for ceph (23 Dec 2020)

    The update for a privilege escalation vulnerability via the ceph_volume_client Python interface is available. The affected products are SUSE Linux Enterprise Module for Basesystem 15-SP2 & SUSE Enterprise Storage 7.
    CVE ID: CVE-2020-27781 (High)

  • Vulnerability in cURL (23 Dec 2020)

    Heap buffer overflow has been discovered in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. An attacker can cause a Denial of Service (DoS) or arbitrary code execution if you use cURL to transfer data to or from a Trivial File Transport Protocol (TFTP) server and set the blksize (block size) option to a value below 504 (the default value is 512).
    CVE ID: CVE-2019-5482 (Critical)

  • Multiple vulnerabilities in Sympa (23 Dec 2020)

    Multiple vulnerabilities have been discovered in Sympa, a mailing list manager, which can result in local privilege escalation, Denial of Service or unauthorized access via the SOAP API.
    CVE ID: CVE-2020-9369 (High), CVE-2020-10936 (High), CVE-2020-26932 (Medium), CVE-2020-29668 (Low)

  • libpq security update (21 Dec 2020)

    The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Multiple vulnerabilities have been discovered such as reconnection can downgrade connection security settings and psql's \gset allows overwriting specially treated variables in postgresql. An update for libpq is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
    CVE ID: CVE-2020-25694 (High), CVE-2020-25696 (High)

  • Vulnerability in PushToWatch extension for MediaWiki (21 Dec 2020)

    A vulnerability has been discovered in the PushToWatch extension for MediaWiki. The primary form do not implement an anti-CSRF (Cross-Site Request Forgery) token and therefore is completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php. The affected versions are MediaWiki through 1.35.1.
    CVE ID: CVE-2020-35626

  • Vulnerability Summary (21 Dec 2020)

    Summary of vulnerabilities for the week of December 14, 2020.

  • Postsrsd security update (20 Dec 2020)

    A potential Denial of Service vulnerability through malicious timestamp tags has been discovered in PostSRSd, a Sender Rewriting Scheme (SRS) lookup table for Postfix in Debian GNU/Linux OS. It is recommended to upgrade the postsrsd packages.
    CVE ID: CVE-2020-35573

  • Influxdb security update (20 Dec 2020)

    A vulnerability has been discovered in influxdb, a scalable datastore for metrics, events, and real-time analytics in Debian GNU/Linux OS. By using a JWT token with an empty shared secret, one is able to bypass authentication in services/httpd/handler.go. It is recommended to upgrade the influxdb packages.
    CVE ID: CVE-2019-20933 (Critical)

  • php-pear security update (19 Dec 2020)

    Multiple vulnerabilities have been discovered in the PEAR Archive_Tar package for handling tar files in PHP. A remote attacker can execute arbitrary code or overwrite files. It is recommended to upgrade the php-pear packages in Debian GNU/Linux OS.
    CVE ID: CVE-2020-28948 (High), CVE-2020-28949 (High)

  • Multiple vulnerabilities in Apache Poi used by IBMQRadar SIEM (18 Dec 2020)

    Multiple vulnerabilities such as XML external entity (XXE), and Denial of Service have been discovered in Apache Poi. A remote attacker can exploit these vulnerabilities to obtain sensitive information, cause the application to enter into an infinite loop and an out of memory exception.
    CVE ID: CVE-2019-12415 (Medium), CVE-2017-12626 (Medium)

  • Multiple vulnerabilities in Treck Inc.'s Equipment (18 Dec 2020)

    Multiple vulnerabilities such as Heap-based Buffer Overflow, Out-of-bounds Read, and Out-of-bounds Write have been discovered in Treck Inc.'s Equipment- TCP/IP. Successful exploitation of this vulnerability may allow remote code execution and a Denial of Service condition. The affected components of Treck TCP/IP stack Version 6.0.1.67 and prior are HTTP Server, IPv6 & DHCPv6. The Treck TCP/IP stack may be known by other names such as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2, Kwiknet, or AMX. CVE ID: CVE-2020-25066 (Critical), CVE-2020-27337 (Critical), CVE-2020-27338 (Medium)

  • Mediawiki security update (18 Dec 2020)

    Multiple vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work. The vulnerabilities can result in cross-site scripting or the disclosure of hidden users. It is recommended to upgrade the mediawiki packages.
    CVE ID: CVE-2020-35475, CVE-2020-35477, CVE-2020-35479 (Medium), CVE-2020-35480

  • Curl security update (18 Dec 2020)

    Multiple vulnerabilities have been discovered in curl, a command line tool for transferring data with URL syntax and an easy-to-use client-side URL transfer library. It is recommended to upgrade the curl packages.
    CVE ID: CVE-2020-8284 (Low), CVE-2020-8285 (High), CVE-2020-8286 (High)

  • Vulnerability in Hitachi Command Suite (18 Dec 2020)

    A Cross-site Scripting vulnerability has been discovered in Hitachi Command Suite and multiple Hitachi softwares.

  • Red Hat OpenShift Container Storage security, bug fix, enhancement update (17 Dec 2020)

    Multiple vulnerabilities have been discovered in Red Hat OpenShift Container Storage. Updated images are now available for Red Hat OpenShift Container Storage 4.6.0 on Red Hat Enterprise Linux 8. The affected product is Red Hat OpenShift Container Storage 4 x86_64.
    CVE ID: CVE-2020-7720 (High), CVE-2020-8237 (High), CVE-2020-14040 (High), CVE-2020-15586 (Medium), CVE-2020-16845 (High)

  • Vulnerability in BIND affects AIX (17 Dec 2020)

    It has been discovered that ISC BIND is vulnerable to a Denial of Service, caused by an assertion failure when attempting to verify a truncated response to a TSIG-signed request. By sending a specially-crafted request, a remote authenticated attacker can exploit this vulnerability to cause the server to exit. The affected products are AIX 7.1, 7.2 and VIOS 3.1.
    CVE ID: CVE-2020-8622 (Medium)

  • Vulnerability in Terminal Access Controller Access-Control System Plus (17 Dec 2020)

    It has been discovered that the audit forwarding mechanism for Terminal Access Controller Access-Control System Plus (TACACS+) uses an unencrypted database variable to store passwords. The system leaks sensitive information to authenticated users who have access to the BIG-IP system.

  • Vulnerability in BIG-IP AVRD (17 Dec 2020)

    It has been discovered that under certain conditions, Analytics, Visibility and Reporting Daemon (AVRD) may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices. This may allow an attacker to initiate a denial-of-service (DoS) attack on the AVRD process on the BIG-IP system from a mobile device in certain condition.
    CVE ID: CVE-2020-27728

  • Vulnerability in Emerson's Equipment (17 Dec 2020)

    Improper Authentication vulnerability has been discovered in Emerson's Equipment- Rosemount X-STREAM Gas Analyzer. Successful exploitation of this vulnerability may allow an attacker through a specially crafted URL to download files and obtain sensitive information.
    CVE ID: CVE-2020-27254 (High)

  • Vulnerability in PTC's Kepware LinkMaster (17 Dec 2020)

    PTC Kepware LinkMaster is a Windows application linking data between OPC servers. An Incorrect Default Permissions vulnerability has been discovered. Successful exploitation of this vulnerability may allow a local attacker to globally overwrite the service configuration to execute arbitrary code with NT SYSTEM privileges. The affected Kepware LinkMaster versions are 3.0.94.0 and prior.
    CVE ID: CVE-2020-13535 (Critical)

  • Multiple vulnerabilities in PTC's Kepware KEPServerEX (17 Dec 2020)

    Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow, and Use After Free have been discovered in PTC's Equipment- Kepware KEPServerEX. Successful exploitation of these vulnerabilities may lead to a server crashing, a denial-of-service condition, data leakage or remote code execution.
    CVE ID: CVE-2020-27265 (Critical), CVE-2020-27263 (Critical), CVE-2020-27267 (High)

  • Vulnerability in BIG-IP ASM (17 Dec 2020)

    It has been discovered that when the BIG-IP ASM system processes requests with JSON payload, an unusually large number of parameters may cause excessive CPU usage in the BIG-IP ASM bd process. When this vulnerability is exploited, the BIG-IP ASM system may cause denial-of-service condition.
    CVE ID: CVE-2020-27718

  • Vulnerability in BIG-IP APM (17 Dec 2020)

    It has been discovered that BIG-IP APM virtual server processing PingAccess requests may lead to a restart of the Traffic Management Microkernel (TMM) process. Traffic processing on the BIG-IP system is disrupted while TMM restarts, leading to a failover event in a high availability (HA) environment.
    CVE ID: CVE-2020-27723

  • Denial of Service vulnerability in Huawei Smartphone (16 Dec 2020)

    A denial of service vulnerability has been discovered in some Huawei smartphones. Due to the improper processing of received abnormal messages, remote attackers may exploit this vulnerability to cause a Denial of Service (DoS) on the specific module.
    CVE ID: CVE-2020-9223

  • Netgear releases security updates for multiple products (16 Dec 2020)

    Netgear has released security updates to address vulnerabilities in multiple products. An attacker may exploit some of these vulnerabilities to take control of an affected system.

  • Java-1.7.1-ibm security update (16 Dec 2020)

    IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. Multiple vulnerabilities have been discovered in java-1.7.1-ibm. The java-1.7.1-ibm security update is now available which upgrades IBM Java SE 7 to version 7R1 SR4-FP75.
    CVE ID: CVE-2020-14779 (Low), CVE-2020-14781 (Low), CVE-2020-14782 (Low), CVE-2020-14796 (Low), CVE-2020-14797 (Low)

  • Memcached security update (16 Dec 2020)

    Memcached is a high-performance, distributed memory object caching system. A null-pointer dereference vulnerability has been discovered in "lru mode" and "lru temp_ttl" causing denial of service in Memcached. An update for Memcached is now available for Red Hat OpenStack Platform 13 (Queens). The affected products are Red Hat OpenStack 13 x86_64 & Red Hat OpenStack for IBM Power 13 ppc64le.
    CVE ID: CVE-2019-11596 (High)

  • Python-XStatic-Bootstrap-SCSS security update (16 Dec 2020)

    Python-XStatic-Bootstrap-SCSS is the Bootstrap-SCSS JavaScript library packaged for setuptools / pip. Multiple XSS vulnerabilities have been discovered in python-XStatic-Bootstrap-SCSS. An update for python-XStatic-Bootstrap-SCSS is now available for Red Hat OpenStack Platform 13 (Queens).
    CVE ID: CVE-2016-10735 (Medium), CVE-2018-14042 (Medium), CVE-2018-20676 (Medium), CVE-2018-20677 (Medium), CVE-2019-8331 (Medium)

  • Python-XStatic-jQuery security update (16 Dec 2020)

    Python-X Static-jQuery is the jQuery javascript library packaged for Python's setup tools. Prototype pollution in object's prototype leads to denial of service, remote code execution or property injection in python-XStatic-jQuery. An update for python-XStatic-jQuery is now available for Red Hat OpenStack Platform 13 (Queens).
    CVE ID: CVE-2019-11358 (Medium)

  • Red Hat build of Thorntail 2.7.2 security and bug fix update (16 Dec 2020)

    Multiple vulnerabilities have been discovered in Red Hat build of Thorntail. An update is now available for Red Hat build of Thorntail.
    CVE ID: CVE-2020-14299 (Medium), CVE-2020-14338 (Medium), CVE-2020-14340, CVE-2020-25638 (High), CVE-2020-25649 (High)

  • Mozilla releases security updates for Firefox, Firefox ESR, and Thunderbird (15 Dec 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker may exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in WAGO's Equipment (15 Dec 2020)

    Uncontrolled Resource Consumption vulnerability has been discovered in WAGO's Equipment- 750-88x and 750-352. Successful exploitation of this vulnerability may allow an attacker to crash the device being accessed using a denial-of-service attack.
    CVE ID: CVE-2020-12516 (High)

  • Active Exploitation of SolarWinds Software (14 Dec 2020)

    A manual supply chain attack has been discovered in SolarWinds Orion Platform software. The affected versions are SolarWinds Orion Platform software builds for versions 2019.4 HF 5 and 2020.2 with no hotfix or 2020.2 HF 1. The updates are available.

  • Vulnerability Summary (14 Dec 2020)

    Summary of vulnerabilities for the week of December 07, 2020.

  • Vulnerability in NewPK (14 Dec 2020)

    SQL Injection vulnerability has been discovered in NewPK via the title parameter to admin\newpost.php. The affected version is NewPK 1.1.
    CVE ID: CVE-2020-20189

  • Apple releases security updates for multiple products (14 Dec 2020)

    Apple has released security updates to address vulnerabilities in multiple products. An attacker may exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in Envoy (14 Dec 2020)

    It has been discovered that Envoy logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters). The affected versions are Envoy before 1.16.1.
    CVE ID: CVE-2020-35470

  • Vulnerability in LOGO! (14 Dec 2020)

    A vulnerability has been discovered in LOGO! 8 BM (incl. SIPLUS variants). The password used for authentication for the LOGO! Website and the LOGO! Access Tool is sent in a recoverable format. An attacker with access to the network traffic could derive valid logins. The affected versions are LOGO! 8 BM all versions below V8.3
    CVE ID: CVE-2020-25235

  • Vulnerability in py-matrix-synapse (13 Dec 2020)

    It has been discovered that a malicious or poorly-implemented homeserver may inject malformed events into a room by specifying a different room id. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation.
    CVE ID: CVE-2020-26257

  • openexr security update (13 Dec 2020)

    Multiple vulnerabilities such as Null Pointer Deference, and head-based buffer overflow have been discovered in openexr, a set of tools to manipulate OpenEXR image files. It is recommended to upgrade the openexr packages.
    CVE ID: CVE-2020-16588, CVE-2020-16589

  • Multiple vulnerabilities in Medtronic's Equipment (10 Dec 2020)

    Multiple vulnerabilities have been discovered in Medtronic's Equipment- MyCareLink (MCL) Smart Model 25000 Patient Reader. Successful exploitation of these vulnerabilities together may result in the attacker being able to modify or fabricate data from the implanted cardiac device being uploaded to the CareLink Network and remotely execute code on the MCL Smart Patient Reader device, which may allow control of a paired cardiac device. The exploitation must be initiated within Bluetooth signal proximity of the vulnerable product.
    CVE ID: CVE-2020-27252 (High), CVE-2020-25187 (High), CVE-2020-25183 (High)

  • Cisco releases security updates for multiple products (10 Dec 2020)

    Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker may exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2020-3419 (Medium), CVE-2020-26085 (Critical)

  • Vulnerability in Host Engineering ECOM100 Module (10 Dec 2020)

    Improper Input Validation vulnerability has been discovered in Host Engineering's Equipment- ECOM100 Module- an Ethernet communications module for PLC systems. Successful exploitation of this vulnerability may lead to a denial-of-service condition, forcing an operator to manually restart the device.
    CVE ID: CVE-2020-25195 (High)

  • Vulnerability in Mitsubishi Electric's Equipment (10 Dec 2020)

    A denial-of-service (DoS) vulnerability has been discovered in Mitsubishi Electric's MELSEC iQ-F series FX5U(C) CPU modules. CPU modules may allow malicious attacker to cause a DoS condition on program execution and communication by sending specially crafted Address Resolution Protocol (ARP) packets.
    CVE ID: CVE-2020-5665 (High)

  • Vulnerability in SquirrelMail (10 Dec 2020)

    It has been discovered that a cross-site scripting (XSS) vulnerability in SquirrelMail- Webmail for nuts allows remote attackers to use malicious script content from HTML e-mail to execute code and/or provoke a denial of service.
    CVE ID: CVE-2019-12970 (Medium)

  • CVE - KB Correlation (10 Dec 2020)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during December 2020.

  • CVE - KB Correlation (09 Dec 2020)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during November 2020.

  • Microsoft releases December 2020 security updates (08 Dec 2020)

    Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.

  • Adobe releases security updates for multiple products (08 Dec 2020)

    Adobe has released security updates to address vulnerabilities in multiple products. An attacker may exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2020-24447 (Critical), CVE-2020-24444, CVE-2020-24445 (Critical), CVE-2020-24440 (Critical)

  • Vulnerability in LibTIFF (08 Dec 2020)

    It has been discovered that LibTIFF decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. An attacker may be able to use specially crafted TIFF files to cause a denial of service (DoS) via out-of-bounds writes.
    CVE ID: CVE-2018-18557 (High)

  • Multiple vulnerabilities in Linux kernel (08 Dec 2020)

    Multiple vulnerabilities such as out-of-bounds access, and race condition have been discovered in Linux kernel. A locally logged-in attacker may gain unauthorized access to resources or cause a denial-of-service (DoS) on a vulnerable system.
    CVE ID: CVE-2017-18344 (Medium), CVE-2017-10661 (High)

  • OpenSSL releases security update (08 Dec 2020)

    OpenSSL has released a security update to address a vulnerability affecting all versions 1.0.2 and 1.1.1 released before version 1.1.1i. An attacker may exploit this vulnerability to cause a denial-of-service condition.
    CVE ID: CVE-2020-1971

  • Unauthorized access of FireEye Red Team tools (08 Dec 2020)

    FireEye has addressed an unauthorized access to their Red Team’s tools by a highly sophisticated threat actor. Red Team tools are often used by cybersecurity organizations to evaluate the security posture of enterprise systems. An unauthorized third-party users may abuse these tools to take control of targeted systems.

  • Multiple vulnerabilities in several vendors Equipment (08 Dec 2020)

    Multiple vulnerabilities have been discovered in several vendors Equipment- uIP-Contiki-OS, uIP-Contiki-NG, uIP, open-iscsi, picoTCP-NG, picoTCP, FNET, Nut/Net. Successful exploitation of these vulnerabilities may allow attackers to corrupt memory, put devices into infinite loops, access unauthorized data, and/or poison DNS cache.

  • SAP releases December 2020 security updates (08 Dec 2020)

    SAP has released security updates to address vulnerabilities affecting multiple products. An attacker may exploit some of these vulnerabilities to take control of an affected system.

  • Apache releases security update for Apache Struts 2 (08 Dec 2020)

    Remote Code Execution vulnerability has been discovered in Apache Struts 2. A remote attacker may exploit this vulnerability to take control of an affected system. The affected versions are Struts 2.0.0 - Struts 2.5.25. It is recommended to upgrade to Struts 2.5.26 or higher.
    CVE ID: CVE-2020-17530

  • Multiple vulnerabilities in GE Healthcare's Equipment (08 Dec 2020)

    Multiple vulnerabilities such as Unprotected Transport of Credentials, and Exposure of Sensitive System Information to an Unauthorized Control Sphere have been discovered in GE Imaging and Ultrasound Products of GE Healthcare. Successful exploitation of these vulnerabilities may occur if an attacker gains access to the Healthcare Delivery Organization’s (HDO) network.
    CVE ID: CVE-2020-25175 (Critical), CVE-2020-25179 (Critical)

  • Multiple vulnerabilities in Schneider Electric's Easergy T300 (08 Dec 2020)

    Multiple vulnerabilities have been discovered in Schneider Electric's Equipment- Easergy T300. The Easergy T300 is a modular platform for medium voltage and low voltage public distribution network management. Successful exploitation of this vulnerability may allow an attacker to obtain unauthorized access to the internal product LAN, which will result in exposure of sensitive information, Denial of Service, and remote code execution.
    CVE ID: CVE-2020-7561 (Critical), CVE-2020-28215 (High), CVE-2020-28216 (High), CVE-2020-28217 (Medium), CVE-2020-28218 (Medium)

  • Multiple vulnerabilities in Schneider Electric's Modicon M221 Programmable Logic Controller (08 Dec 2020)

    Multiple vulnerabilities have been discovered in Schneider Electric's Equipment- Modicon M221 Programmable Logic Controller. Modicon M221 is a Nano Programmable Logic Controller (PLC) made to control basic automation for machines. Successful exploitation of these vulnerabilities may allow an attacker to take control over the PLC and exposure of sensitive information.
    CVE ID: CVE-2020-7565 (High), CVE-2020-7566 (High), CVE-2020-7567 (High), CVE-2020-7568 (Low), CVE-2020-28214 (Low)

  • Vulnerability Summary (07 Dec 2020)

    Summary of vulnerabilities for the week of November 30, 2020.

  • Android Security Bulletin (07 Dec 2020)

    Multiple vulnerabilities have been identified in Android, a remote attacker may exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and sensitive information disclosure on the targeted system. The affected Android versions are 8.0, 8.1, 9, 10 & 11. Security patch levels of 2020-12-05 or later address all of these issues.

  • GitLab security release (07 Dec 2020)

    Multiple vulnerabilities have been discovered in GitLab. It is recommended to update versions 13.6.2, 13.5.5 and 13.4.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).
    CVE ID: CVE-2020-26407 (Medium), CVE-2020-26408 (Medium), CVE-2020-13357 (Medium), CVE-2020-26411 (Medium), CVE-2020-26409 (Medium)

  • Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server October 2020 CPU (07 Dec 2020)

    Multiple vulnerabilities have been discovered in the IBM SDK, Java Technology Edition that is shipped with IBM WebSphere Application Server. The affected products are WebSphere Application Server Liberty version Continuous Delivery, WebSphere Application Server versions 8.5 and 9.0.
    CVE ID: CVE-2020-14781 (Low), CVE-2020-14797 (Low)

  • minidlna security update (07 Dec 2020)

    It has been discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server may result in the execution of arbitrary code. In addition minidlna was susceptible to the "CallStranger" UPnP vulnerability. It is recommended to upgrade the minidlna packages.
    CVE ID: CVE-2020-12695 (High), CVE-2020-28926 (Critical)

  • trafficserver security update (07 Dec 2020)

    Multiple vulnerabilities such as memory disclosure, and cache poisoning have been discovered in Apache Traffic Server, a reverse and forward proxy server. It is recommended to upgrade the trafficserver packages.
    CVE ID: CVE-2020-17508, CVE-2020-17509

  • ksh security update (07 Dec 2020)

    It has been discovered that certain environment variables interpreted as arithmetic expressions on startup leads to code injection vulnerability in ksh. An update for ksh is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support.
    CVE ID: CVE-2019-14868 (High)

  • salt security update (04 Dec 2020)

    Multiple vulnerabilities have been discovered in salt. It is recommended to upgrade the salt packages.
    CVE ID: CVE-2020-16846 (Critical), CVE-2020-17490 (Medium), CVE-2020-25592 (Critical)

  • Vulnerability in Mitsubishi Electric Corporation's Equipment (03 Dec 2020)

    Out-of-bounds Read vulnerability has been discovered in Mitsubishi Electric Corporation's Equipment- GOT and Tension Controller. Successful exploitation of this vulnerability may allow attackers to cause deterioration of communication performance or cause a denial-of-service condition of the TCP communication functions of the products.
    CVE ID: CVE-2020-5675 (High)

  • Multiple vulnerabilities in WECON's Equipment (03 Dec 2020)

    Multiple vulnerabilities have been discovered in WECON's LeviStudioU Equipment. Successful exploitation of these vulnerabilities may allow an attacker to execute code under the privileges of the application and obtain sensitive information.
    CVE ID: CVE-2020-16243 (High), CVE-2020-25186 (Medium), CVE-2020-25199 (High)

  • Vulnerability in CompactRIO (03 Dec 2020)

    A vulnerability has been discovered in CompactRIO-a real-time embedded industrial controller. Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that may reboot the device remotely. The affected products are CompactRIO Driver versions prior to 20.5
    CVE ID: CVE-2020-25191 (High)

  • Vulnerability in Apache Tomcat (03 Dec 2020)

    A HTTP/2 Request header mix-up vulnerability has been discovered in Apache Tomcat. A remote attacker may exploit this vulnerability to leak sensitive information. The affected versions are Apache Tomcat 10.0.0-M1 to 10.0.0-M9, Apache Tomcat 9.0.0.M5 to 9.0.39 and Apache Tomcat 8.5.1 to 8.5.59.
    CVE ID: CVE-2020-17527

  • go-toolset-1.14-golang security update (03 Dec 2020)

    Multiple vulnerabilities have been discovered in golang-Go Toolset which provides the Go programming language tools and libraries. An update for go-toolset-1.14-golang is now available for Red Hat Software Collections.
    CVE ID: CVE-2020-28362 (High), CVE-2020-28366 (High), CVE-2020-28367 (High)

  • Red Hat JBoss Enterprise Application Platform 7.3.4 security update (03 Dec 2020)

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Multiple vulnerabilities such as XML external entity, SQL injection, and memory leak per HTTP session creation have been discovered in Red Hat JBoss Enterprise Application Platform. An update is now available.
    CVE ID: CVE-2020-25649, CVE-2020-25638, CVE-2020-25644 (High)

  • Vulnerability in Snapcraft (03 Dec 2020)

    A vulnerability has been discovered in Snapcraft- easily craft snaps in Ubuntu. An intended access restriction may be bypassed in snaps built with Snapcraft.
    CVE ID: CVE-2020-27348 (Medium)

  • Google releases security updates for Chrome (02 Dec 2020)

    Google has released Chrome version 87.0.4280.88 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker may exploit to take control of an affected system.

  • Apple releases security updates for iCloud for Windows (02 Dec 2020)

    Apple has released security updates to address vulnerabilities in iCloud for Windows11.5. An attacker may exploit some of these vulnerabilities to take control of an affected system.

  • jupyter-notebook security update (02 Dec 2020)

    It has been discovered that Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server may redirect the browser to a different website. It is recommended to upgrade the jupyter-notebook packages.
    CVE ID: CVE-2020-26215 (Medium)

  • Vulnerability in Pimcore (02 Dec 2020)

    Pimcore is an open source digital experience platform. It has been discovered that in Pimcore before version 6.8.5, it is possible to modify and create website settings without having the appropriate permissions.
    CVE ID: CVE-2020-26246 (High)

  • Vulnerability in Gym Management System (02 Dec 2020)

    An SQL injection vulnerability has been discovered in Gym Management System in manage_user.php file, GET parameter 'id' is vulnerable.
    CVE ID: CVE-2020-29288 (Critical)

  • Vulnerability in Intel CPU (01 Dec 2020)

    It has been discovered that an improper buffer restrictions vulnerability in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. An attacker may exploit the improper input validation in BIOS firmware to potentially create a denial of service by way of local access. The affected products are BIG-IP i850, i2000, i4000 series.
    CVE ID: CVE-2020-0591 (Medium)

  • Multiple vulnerabilities in HPE HP-UX Web Server Suite (01 Dec 2020)

    Multiple vulnerabilities have been discovered in HPE HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities may be remotely exploited to execute code, cause denial of service, bypass access control restrictions, disclose sensitive information, add or modify data, cause memory corruption, or redirect a URL to an untrusted URL.

  • Brotli security update (01 Dec 2020)

    Brotli is a compression algorithm developed by Google and works best for text compression. A buffer overflow vulnerability has been discovered in Brotli. It is recommended to upgrade the Brotli packages.
    CVE ID: CVE-2020-8927 (Medium)

  • Multiple vulnerabilities in FortiGate products (01 Dec 2020)

    Multiple vulnerabilities have been discovered in various FortiGate products. An attacker may exploit these vulnerabilities to trigger sensitive information disclosure, cross-site scripting and bypass security restriction on the targeted system.
    CVE ID: CVE-2020-15937 (Medium), CVE-2019-15126 (Low), CVE-2020-9295 (Medium)

  • pdfresurrect security update (01 Dec 2020)

    Multiple vulnerabilities such as heap-buffer-overflow, and out-of-bounds write have been discovered in pdfresurrect-a tool for analyzing and manipulating revisions to PDF documents. It is recommended to upgrade the pdfresurrect packages.
    CVE ID: CVE-2019-14934 (High), CVE-2020-20740 (High)

  • rh-nodejs12-nodejs security update (01 Dec 2020)

    Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Multiple vulnerabilities have been discovered in nodejs. An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections.
    CVE ID: CVE-2020-7774 (High), CVE-2020-8277 (High), CVE-2020-15366 (Medium)

  • Red Hat OpenShift Container Platform bug fix and security update (01 Dec 2020)

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. A vulnerability has been discovered in kubernetes whose compromised nodes can escalate to cluster level privileges. Red Hat OpenShift Container Platform release 4.5.21 has released multiple bug fix and security update.
    CVE ID: CVE-2020-8559 (Medium)

  • rh-php73-php security, bug fix, and enhancement update (01 Dec 2020)

    PHP is a HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple vulnerabilities have been discovered in rh-php73-php. An update for rh-php73-php is now available for Red Hat Software Collections.

  • Mozilla releases security updates for Thunderbird (01 Dec 2020)

    Mozilla has released security updates to address stack overflow due to incorrect parsing of SMTP server response codes vulnerability in Thunderbird.
    CVE ID: CVE-2020-26970 (High)

  • Multiple vulnerabilities in Werkzeug (01 Dec 2020)

    Multiple vulnerabilities have been discovered in Werkzeug- collection of utilities for WSGI applications (Python 2.x). An attacker may use these issues for phishing attacks and to access sensitive information.
    CVE ID: CVE-2019-14806 (High), CVE-2020-28724 (Medium)

  • musl security update (01 Dec 2020)

    It has been discovered that the wcsnrtombs function in musl libc has multiple bugs in handling of destination buffer size when limiting the input character count, which can lead to infinite loop with no forward progress or writing past the end of the destination buffers. It is recommended to upgrade the musl packages.
    CVE ID: CVE-2020-28928

  • Xerox releases security updates for DocuShare (30 Nov 2020)

    Xerox has released security updates for DocuShare 6.6.1, 7.0, and 7.5 to address a vulnerability which can allow an unauthenticated attacker to obtain sensitive information.
    CVE ID: CVE-2020-27177

  • VIPS security update (30 Nov 2020)

    A vulnerability has been discovered in VIPS - an image processing system, version before 8.8.2. An uninitialized variable may cause the leakage of remote server path or stack address. It is recommended to upgrade the vips packages.
    CVE ID: CVE-2020-20739

  • Vulnerability Summary (30 Nov 2020)

    Summary of vulnerabilities for the week of November 23, 2020.

  • Red Hat Single Sign-On one-off security update (30 Nov 2020)

    SQL injection vulnerability has been discovered in hibernate-core of Red Hat Single Sign-On 7.4 standalone server when both hibernate.use_sql_comments and JPQL String literals are used. A security update is now available for Red Hat Single Sign-On 7.4.
    CVE ID: CVE-2020-25638

  • x11vnc security update (28 Nov 2020)

    It has been discovered that x11vnc, a VNC server allows remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker may exploit this vulnerability for information disclosure, denial of service or interfer with the VNC session of another user on the host. It is recommended to upgrade the x11vnc packages.
    CVE ID: CVE-2020-29074 (High)

  • lxml security update (27 Nov 2020)

    The lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. Multiple vulnerabilities such as XSS injection, and javascript escaping have been discovered in lxml. It is recommended to upgrade the lxml packages.
    CVE ID: CVE-2018-19787 (Medium), CVE-2020-27783

  • Multiple vulnerabilities in FreeRDP (26 Nov 2020)

    FreeRDP is a RDP client for Windows Terminal Services. It has been discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker can use these vulnerabilities to cause FreeRDP to crash, resulting in a Denial of Service, or possibly execute arbitrary code.

  • Vulnerability in Ericsson BSCS iX (26 Nov 2020)

    It has been discovered that ADMX, a web base module in Ericsson BSCS iX, a enterprise billing software, is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. This vulnerability potentially allows full account takeover, or exploiting admins' browsers by using the beef framework.
    CVE ID: CVE-2020-29145

  • Vulnerability in BigBlueButton (26 Nov 2020)

    A vulnerability has been discovered in BigBlueButton, a complete web conferencing system. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting which is protected by an access code. The affected versions are BigBlueButton through 2.2.29.
    CVE ID: CVE-2020-29042

  • Multiple vulnerabilities in Poppler (25 Nov 2020)

    It has been discovered that Poppler, a PDF rendering library, incorrectly handled certain files. If a user or automated system are tricked into opening a crafted PDF file, an attacker can cause a Denial of Service.
    CVE ID: CVE-2020-27778, CVE-2018-21009 (High), CVE-2019-10871 (Medium), CVE-2019-9959 (Medium), CVE-2019-13283 (High)

  • Vulnerability in Drupal (25 Nov 2020)

    It has been discovered that arbitrary PHP code execution vulnerability is possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. To mitigate this issue, prevent untrusted users from uploading .tar, .tar.gz,.bz2 or .tlz files.
    CVE ID: CVE-2020-28948, CVE-2020-28949

  • Vulnerability in Spice-vdagentd daemon (25 Nov 2020)

    A race condition vulnerability has been discovered in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a Denial of Service or information leakage from the host.
    CVE ID: CVE-2020-25653

  • Vulnerability in osCommerce (25 Nov 2020)

    It has been discovered that osCommerce has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters. The affected version is osCommerce 2.3.4.1.
    CVE ID: CVE-2020-29070

  • Multiple vulnerabilities in atftp (24 Nov 2020)

    It has been discovered that atftp's FTP server in Ubuntu 16.04 do not properly handler certain input. An attacker can use this to to cause a denial of service or possibly execute arbitrary code.
    CVE ID: CVE-2019-11365 (Critical), CVE-2019-11366 (Medium)

  • Vulnerability in igraph (24 Nov 2020)

    It has been discovered that igraph in Ubuntu mishandled certain malformed XML. An attacker may use this vulnerability to cause a Denial of Service.
    CVE ID: CVE-2018-20349 (Medium)

  • BIND security update (24 Nov 2020)

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. Multiple vulnerabilities have been discovered in BIND. An update for BIND is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.
    CVE ID: CVE-2020-8622, CVE-2020-8623, CVE-2020-8624

  • Vulnerability in Fuji Electric's Equipment (24 Nov 2020)

    The Fuji V-Server Lite, all versions prior to 3.3.24.0 is vulnerable to an out-of-bounds write which may allow an attacker to remotely execute arbitrary code.
    CVE ID: CVE-2020-25171 (High)

  • Multiple vulnerabilities in Rockwell Automation's Equipment (24 Nov 2020)

    Multiple vulnerabilities have been discovered in Rockwell Automation's Equipment- FactoryTalk Linx Version 6.11 and prior. Successful exploitation of these vulnerabilities may allow a Denial-of-Service condition, remote code execution, or leak information that can be used to bypass Address Space Layout Randomization (ASLR).
    CVE ID: CVE-2020-27253 (High), CVE-2020-27251 (Critical), CVE-2020-27255 (Medium)

  • Vulnerability in PDFResurrect (24 Nov 2020)

    It has been discovered that PDFResurrect incorrectly handled certain memory operations during PDF summary generation. An attacker can use this to cause out-of-bounds writes, resulting in a denial of service or arbitrary code execution.
    CVE ID: CVE-2020-9549 (High)

  • IBM Resilient Platform could allow formula injection in Excel (23 Nov 2020)

    It has been discovered that IBM Resilient may allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation. The affected product is Resilient OnPrem version IBM Security SOAR.
    CVE ID: CVE-2020-4633 (Medium)

  • Vulnerability in PulseAudio (23 Nov 2020)

    It has been discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle snap client connections. An attacker can possibly use this to expose sensitive information.
    CVE ID: CVE-2020-16123

  • Multiple vulnerabilities in libextractor (23 Nov 2020)

    Multiple vulnerabilities have been discovered in Ubuntu 16.04 libextractor-library used to extract metadata from files. An attacker can possibly use these vulnerabilities to cause a denial of service.

  • Vulnerability in VMware products (23 Nov 2020)

    A command injection vulnerability has been discovered in VMware products. A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can take control of an affected system.
    CVE ID: CVE-2020-4006 (Critical)

  • Vulnerability Summary (23 Nov 2020)

    Summary of vulnerabilities for the week of November 16, 2020.

  • Vulnerability in Linux kernel (23 Nov 2020)

    Use-after-free vulnerability has been discovered in fs/block_dev.c in Linux kernel. This vulnerability allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
    CVE ID: CVE-2020-15436

  • Vulnerability in Gitea (23 Nov 2020)

    It has been discovered that Gitea does not prevent a git protocol path which specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go. The affected versions are Gitea 0.9.99 through 1.12.x before 1.12.6.
    CVE ID: CVE-2020-28991

  • Vulnerability in Cephx authentication protocol (23 Nov 2020)

    It has been discovered that Cephx authentication protocol does not verify Ceph clients correctly and is therefore vulnerable to replay attacks in Nautilus. This vulnerability allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. The affected versions are Cephx authentication protocol before 15.2.6 and before 14.2.14.
    CVE ID: CVE-2020-25660

  • CImg security update (23 Nov 2020)

    Multiple heap buffer overflow vulnerabilities have been discovered in CImg, a C++ toolkit to load, save, process and display images. It is recommended to upgrade the cimg packages.
    CVE ID: CVE-2020-25693

  • Multiple vulnerabilities in Zabbix (21 Nov 2020)

    Multiple vulnerabilities have been discovered in Zabbix, a network monitoring solution. An attacker may remotely execute code on the zabbix server, and redirect to external links through the zabbix web frontend. It is recommended to upgrade the Zabbix packages.
    CVE ID: CVE-2016-10742 (Medium), CVE-2020-11800 (Critical)

  • Vulnerability in Libsvm (21 Nov 2020)

    It has been discovered that svm_predict_values in svm.cpp in Libsvm allows attackers to cause a Denial of Service via a crafted model Support Vector Machine (SVM) with a large value in the _n_support array. The affected version is Libsvm v324.
    CVE ID: CVE-2020-28975

  • Vulnerability in UNIX Symbolic Link (21 Nov 2020)

    It has been discovered that UNIX Symbolic Link (Symlink) following in TP-Link Archer firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router.
    CVE ID: CVE-2020-5797

  • Vulnerability in Netskope (20 Nov 2020)

    A CSV injection vulnerability has been discovered in the Admin portal for Netskope which allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system. The affected version is Netskope 75.0.
    CVE ID: CVE-2020-28845

  • Multiple vulnerabilities in VMware (19 Nov 2020)

    Multiple vulnerabilities have been discovered in VMware ESXi, Workstation and Fusion. A remote attacker can exploit some of these vulnerabilities to trigger remote code execution & elevation of privilege . The updates are available to remediate these vulnerabilities in affected VMware products.
    CVE ID: CVE-2020-4004 (Critical), CVE-2020-4005 (High)

  • Vulnerability in c-ares (19 Nov 2020)

    It has been discovered that c-ares incorrectly handled certain DNS requests. An attacker can possibly use this vulnerability to cause a Denial of Service.
    CVE ID: CVE-2020-8277

  • Vulnerability in HCL Notes (19 Nov 2020)

    HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker can exploit this vulnerability using a specially-crafted email message to hang the client. The affected versions are HCL Notes 9, 10 and 11.
    CVE ID: CVE-2020-14258

  • Jupyter-notebook security update (19 Nov 2020)

    Multiple vulnerabilities have been discovered in jupyter-notebook. It is recommended to upgrade the jupyter-notebook packages.
    CVE ID: CVE-2018-8768 (High), CVE-2018-19351 (Medium), CVE-2018-21030 (Medium)

  • Vulnerability in BIG-IP virtual server (19 Nov 2020)

    A vulnerability has been discovered in BIG-IP platforms that may allow attackers to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers.
    CVE ID: CVE-2020-5947

  • Vulnerability in Mitsubishi Electric's Equipment (19 Nov 2020)

    Uncontrolled Resource Consumption vulnerability has been discovered in Mitsubishi Electric's Equipment- MELSEC iQ-R series. Successful exploitation of this vulnerability can cause a denial-of-service condition for the affected product.
    CVE ID: CVE-2020-5668 (High)

  • Vulnerability in Huawei FusionCompute product (18 Nov 2020)

    Command injection vulnerability has been discovered in Huawei FusionCompute product. An authenticated, remote attacker may craft specific request to exploit this vulnerability. Due to insufficient verification, this may be exploited to cause the attackers to obtain higher privilege.
    CVE ID: CVE-2020-9116

  • Vulnerability in IBM POWER9 (18 Nov 2020)

    It has been discovered that IBM Power9 processors can allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. The affected products are AIX 7.1, 7.2 and VIOS 3.1.
    CVE ID: CVE-2020-4788 (Medium)

  • Remote code execution vulnerability in Drupal core (18 Nov 2020)

    A remote code execution vulnerability has been identified in Drupal, a remote user can exploit this vulnerability on the targeted system. The affected versions are Drupal 7, 8.8 or earlier, 8.9, 9.0.
    CVE ID: CVE-2020-13671

  • Multiple vulnerabilities in VMware SD-WAN Orchestrator (18 Nov 2020)

    Multiple vulnerabilities have been discovered in VMware SD-WAN Orchestrator. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2020-3984 (High), CVE-2020-3985 (High), CVE-2020-4000 (Medium), CVE-2020-4001, CVE-2020-4002 (High), CVE-2020-4003 (Medium)

  • Cisco releases security updates for multiple products (18 Nov 2020)

    Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Mozilla releases security updates for Firefox, Firefox ESR, and Thunderbird (17 Nov 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Google releases security updates for Chrome (17 Nov 2020)

    Google has released Chrome version 87.0.4280.66 for Windows and Linux, and 87.0.4280.67 for Mac. These versions address vulnerabilities which an attacker can exploit to take control of an affected system.

  • Apple releases security updates for iTunes (17 Nov 2020)

    Apple has released security updates to address vulnerabilities in iTunes 12.11 for Windows. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2020-10002, CVE-2020-27912, CVE-2020-27917, CVE-2020-27911, CVE-2020-27918, CVE-2020-27895

  • Vulnerability in Real Time Automation's Equipment (17 Nov 2020)

    Stack-based Buffer Overflow vulnerability has been discovered in Real Time Automation's Equipment- 499ES EtherNet/IP (ENIP) Adaptor Source Code. Successful exploitation of the vulnerability can cause a Denial-of-Service condition and remote code execution.
    CVE ID: CVE-2020-25159 (Critical)

  • Multiple vulnerabilities in Paradox's Equipment (17 Nov 2020)

    Multiple vulnerabilities have been discovered in Paradox's Equipment- IP150. Successful exploitation of these vulnerabilities can allow an attacker to remotely execute arbitrary code, which may result in the termination of the physical security system.
    CVE ID: CVE-2020-25189 (Critical), CVE-2020-25185 (High)

  • Vulnerability in Johnson Controls' Equipment (17 Nov 2020)

    Improper Authorization vulnerability has been discovered in Johnson Controls' Equipment- American Dynamics victor Web Client, Software House C•CURE Web Client. Successful exploitation of this vulnerability can allow an unauthenticated attacker on the network to create and sign their own JSON web token and use it to execute an HTTP API method without the need for valid authentication/authorization.
    CVE ID: CVE-2020-9049 (High)

  • Net-SNMP security update (17 Nov 2020)

    It has been discovered that Net-SNMP has improper privilege management in EXTEND MIB which may lead to privileged commands execution. An update for net-snmp is now available for Red Hat Enterprise Linux 6.
    CVE ID: CVE-2020-15862 (High)

  • OpenLDAP security update (17 Nov 2020)

    Two vulnerabilities in the certificate list syntax verification and in the handling of CSN normalization have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these vulnerabilities to cause a denial of service via specially crafted packets. It is recommended to upgrade the OpenLDAP packages.
    CVE ID: CVE-2020-25709, CVE-2020-25710

  • OpenShift Container Platform 3.11.318 jenkins-2-plugins security update (17 Nov 2020)

    Multiple vulnerabilities have been discovered in OpenShift Container Platform 3.11 jenkins-2-plugins. The affected products are Red Hat OpenShift Container Platform 3.11 x86_64 and Platform for Power 3.11 ppc64le. An update for jenkins-2-plugins is now available.
    CVE ID: CVE-2020-2252 (Medium), CVE-2020-2254 (Medium), CVE-2020-2255 (Medium)

  • Cisco releases security updates for multiple products (16 Nov 2020)

    Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2020-27130 (Critical), CVE-2020-27125 (High), CVE-2020-27131 (High), CVE-2020-26070 (High)

  • Vulnerability in Micro Focus IDOL Admin (16 Nov 2020)

    A potential vulnerability has been discovered in Micro Focus IDOL Admin. This vulnerability can be exploited to perform Persistent XSS attack to get sensitive information like cookies and credentials from the user's browser session. The affected versions are all Micro Focus IDOL versions prior to version 12.7.
    CVE ID: CVE-2020-25833 (Medium)

  • Vulnerability Summary (16 Nov 2020)

    Summary of vulnerabilities for the week of November 09, 2020.

  • Vulnerability in GitLab (16 Nov 2020)

    It has been discovered that certain SAST CiConfiguration information can be viewed by unauthorized users in GitLab EE. This information can be exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects.
    CVE ID: CVE-2020-26406 (Medium)

  • Vulnerability in PrestaShop Product Comments (16 Nov 2020)

    It has been discovered that an attacker can inject malicious web code into the PrestaShop users' web browsers by creating a malicious link. The affected version is PrestaShop 4.0.0 and this vulnerability has been fixed in PrestaShop version 4.2.0.
    CVE ID: CVE-2020-26225 (High)

  • libvncserver security update (15 Nov 2020)

    A vulnerability has been discovered in libvncserver, an API to write one's own VNC server. Due to some missing checks, a divide by zero can happen which can result in a Denial of Service. It is recommended to upgrade the libvncserver packages.
    CVE ID: CVE-2020-25708

  • Vulnerability in Volkswagen Polo (15 Nov 2020)

    It has been discovered that the update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root.
    CVE ID: CVE-2020-28656

  • Vulnerability in WPBakery plugin for WordPress (15 Nov 2020)

    It has been discovered that the WPBakery plugin for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles. The affected versions are WPBakery plugin before 6.4.1.
    CVE ID: CVE-2020-28650 (Medium)

  • libproxy security update (13 Nov 2020)

    It has been discovered that libproxy, a library for automatic proxy configuration management, is vulnerable to a buffer overflow vulnerability when receiving a large PAC file from a server without a Content-Length header in the response. It is recommended to upgrade the libproxy packages.
    CVE ID: CVE-2020-26154 (Critical)

  • Apple releases security updates for multiple products (12 Nov 2020)

    Apple has released security updates to address vulnerabilities in multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in Mitsubishi Electric's Equipment (12 Nov 2020)

    A vulnerability has been discovered in Mitsubishi Electric product MELSEC iQ-R series CPU modules. Successful exploitation of this vulnerability can cause a denial-of-service condition for the affected products.
    CVE ID: CVE-2020-5666 (Medium)

  • Vulnerability in Becton, Dickinson and Company's Equipment (12 Nov 2020)

    The BD Alaris PC Unit and BD Alaris Systems Manager are vulnerable to a network session authentication vulnerability. An attacker can perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit which lead to a drop in the wireless capability of the BD Alaris PC Unit. The affected versions are BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier & BD Alaris Systems Manager, Versions 4.33 and earlier.
    CVE ID: CVE-2020-25165 (Medium)

  • Pacemaker security update (12 Nov 2020)

    An ACL bypass vulnerability has been discovered in pacemaker, a cluster resource manager. An attacker having a local account on the cluster and in the haclient group can use IPC communication with various daemons directly to perform certain malicious tasks. It is recommended to upgrade the pacemaker packages.
    CVE ID: CVE-2020-25654

  • Vulnerability in TranzWare Payment Gateway (12 Nov 2020)

    A reflected cross-site scripting (XSS) vulnerability has been discovered in the TranzWare Payment Gateway. A remote unauthenticated attacker can execute an arbitrary HTML code via crafted url.
    CVE ID: CVE-2020-28415

  • Multiple vulnerabilities in Palo Alto Networks products (11 Nov 2020)

    Multiple vulnerabilities such as Improper Authorization, Information Exposure, OS Command Injection, Improper Input Validation, Stack-based Buffer Overflow, Improper Check for Unusual or Exceptional Conditions, and Information Exposure Through Log Files have been discovered in Palo Alto PAN-OS. A remote user can exploit some of these vulnerabilities to trigger remote code execution, obtain sensitive information and bypass security restriction on the targeted system.
    CVE ID: CVE-2020-2050 (High), CVE-2020-2022 (High), CVE-2020-2000 (High), CVE-2020-1999 (Medium), CVE-2020-2048 (Low)

  • Vulnerability in Xen (11 Nov 2020)

    It has been discovered that Xen 4.14 and earlier version don't restrict access to power/energy monitoring interfaces which should be restricted to privileged software. The interfaces are accessible to all guests.

  • Google releases security updates for Chrome (11 Nov 2020)

    Multiple vulnerabilities have been identified in Google Chrome, a remote attacker can exploit some of these vulnerabilities to trigger remote code execution on the targeted system. The affected Google Chrome Desktop versions are prior to 86.0.4240.198.
    CVE ID: CVE-2020-16013 (High), CVE-2020-16017 (High)

  • Vulnerability in Schneider Electric's Equipment (10 Nov 2020)

    Improper Privilege Management vulnerability has been discovered in Schneider Electric's Equipment- EcoStruxure Operator Terminal Expert. Successful exploitation of this vulnerability may allow unauthorized command execution by a local user of the Windows engineering workstation, which may result in loss of availability, confidentiality, and integrity of the workstation where EcoStruxure Operator Terminal Expert runtime is installed.
    CVE ID: CVE-2020-7544 (High)

  • Multiple vulnerabilities in Schneider Electric's Equipment (10 Nov 2020)

    Multiple vulnerabilities such as improper restriction of operations within the bounds of a memory buffer, out-of-bounds write and out-of-bounds read have been discovered in Schneider Electric's Equipment- Interactive Graphical SCADA System (IGSS). Successful exploitation of these vulnerabilities may result in remote code execution.

  • Citrix Virtual Apps and Desktops security update (10 Nov 2020)

    Multiple vulnerabilities such as Improper Privilege Management, and OS Command Injection have been discovered in Citrix Virtual Apps and Desktops which if exploited, result in escalation of privilege, and remote compromise of a Windows Virtual Desktop.
    CVE ID: CVE-2020-8269, CVE-2020-8270

  • Vulnerability in Apache OpenOffice (10 Nov 2020)

    A vulnerability has been discovered in Apache OpenOffice scripting events which allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally.
    CVE ID: CVE-2020-13958 (Low)

  • XSS vulnerability in Avaya Equinox Conferencing (10 Nov 2020)

    A Cross Site Scripting (XSS) vulnerability has been discovered in the Avaya Equinox Conferencing web portal which may allow authenticated users to perform XSS attacks. The affected versions are Avaya Equinox Conferencing 9.0 to 9.1.9. It is recommended to upgrade to 9.1.10 or later.
    CVE ID: CVE-2020-7033 (Medium)

  • Vulnerability in NVIDIA GeForce NOW application (10 Nov 2020)

    It has been discovered that NVIDIA GeForce NOW application software on Windows contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges. The affected versions are GeForce NOW Application all versions prior to 2.0.25.119.
    CVE ID: CVE‑2020‑5992 (High)

  • python3 security update (10 Nov 2020)

    Multiple vulnerabilities such as infinite loop in the tarfile module via crafted TAR archive, and DoS via inefficiency in IPv{4,6}Interface classes have been discovered in python3. An update for python3 is now available for Red Hat Enterprise Linux 7.
    CVE ID: CVE-2019-20907 (High), CVE-2020-14422 (Medium)

  • tomcat security update (10 Nov 2020)

    It has been discovered that mishandling of Transfer-Encoding header allows for HTTP request smuggling in tomcat. An update for tomcat is now available for Red Hat Enterprise Linux 7.
    CVE ID: CVE-2020-1935 (Medium)

  • Intel releases security updates (10 Nov 2020)

    Intel has released security updates to address vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to gain escalation of privileges.

  • SAP releases November 2020 security updates (10 Nov 2020)

    SAP has released security updates to address vulnerabilities affecting multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Microsoft releases November 2020 security updates (10 Nov 2020)

    Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Adobe releases security updates for multiple products (10 Nov 2020)

    Adobe has released security updates to address vulnerabilities in multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2020-24441, CVE-2020-24442, CVE-2020-24443

  • Vulnerability in Cisco IOS XR Software for Cisco ASR 9000 Series (10 Nov 2020)

    A vulnerability has been discovered in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers that can allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

  • Multiple vulnerabilities in Siemens' Equipment (10 Nov 2020)

    Multiple vulnerabilities have been discovered in Siemens' Equipment- UMC Stack, SIMATIC S7-300 and S7-400 CPUs, and SCALANCE W 1750D. Successful exploitation of these vulnerabilities can allow an attacker to cause a partial denial-of-service condition, credential disclosure, or remote code execution.
    CVE ID: CVE-2020-7581 (Medium), CVE-2020-7587 (Medium), CVE-2020-7588 (Medium), CVE-2020-15791 (Medium), CVE-2016-2031 (Critical)

  • Vulnerability in Schneider Electric's Equipment (10 Nov 2020)

    Improper Check for Unusual or Exceptional Conditions vulnerability has been discovered in Schneider Electric's Equipment- PLC Simulator for EcoStruxure Control Expert. Successful exploitation of this vulnerability can cause a denial-of-service condition, which can result in a failure of the EcoStruxture Control Expert Simulator.
    CVE ID: CVE-2020-7538 (High)

  • Multiple vulnerabilities in OSIsoft's PI Vision 2020 (10 Nov 2020)

    Multiple vulnerabilities such as Cross-site Scripting, and Incorrect Authorization have been discovered in OSIsoft's Equipment- PI Vision 2020. Successful exploitation of these vulnerabilities may allow a remote attacker with write access to the PI ProcessBook files to inject code that is imported into PI Vision, or disclose information to a user with insufficient privileges.
    CVE ID: CVE-2020-25163 (High), CVE-2020-25167 (Medium)

  • Vulnerability in OSIsoft's PI Interface (10 Nov 2020)

    Numeric Errors vulnerability has been discovered in OSIsoft's Equipment- PI Interface. Successful exploitation of this vulnerability can allow an attacker-controlled OPC XML-DA Server to respond with a crafted XML message and exploit the PI Interface for OPC XML-DA, resulting in code execution.
    CVE ID: CVE-2013-0006 (High)

  • podman security and bug fix update (10 Nov 2020)

    The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Multiple vulnerabilities have been discovered in podman. An update for podman is now available for Red Hat Enterprise Linux 7 Extras.
    CVE ID: CVE-2020-14040 (High), CVE-2020-14370 (Medium)

  • Vulnerability in Intel Unite Cloud Service Client (10 Nov 2020)

    Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow an authenticated user to potentially enable escalation of privilege via local access. It is recommended to update the Intel Unite App to version 4.2.12212 or later.
    CVE ID: CVE-2020-12331 (High)

  • Vulnerability Summary (09 Nov 2020)

    Summary of vulnerabilities for the week of November 02, 2020.

  • Mozilla releases security updates for Firefox, Firefox ESR, and Thunderbird (09 Nov 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2020-26950 (Critical)

  • moin security update (09 Nov 2020)

    Multiple vulnerabilities such as stored XSS and remote code execution have been discovered in moin, a Python clone of WikiWiki. It is recommended to upgrade the moin packages.
    CVE ID: CVE-2020-15275, CVE-2020-25074

  • Vulnerability in Joomla! (08 Nov 2020)

    It has been discovered that lack of input validation while handling ACL rulesets can cause write ACL violations in Joomla!. The affected products are Joomla! CMS versions 1.7.0 - 3.9.22. It is recommended to upgrade to Joomla! version 3.9.23.

  • libexif security update (08 Nov 2020)

    It has been discovered that a boundary check in libexif, a library to parse EXIF files, can be optimised away by the compiler, resulting in a potential buffer overflow. It is recommended to upgrade the libexif packages.
    CVE ID: CVE-2020-0452

  • Vulnerability in Mitel ShoreTel (08 Nov 2020)

    It has been discovered that the conferencing component on Mitel ShoreTel devices can allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the time_zone object in the HOME_MEETING& page.
    CVE ID: CVE-2020-28351

  • Vulnerability in ChirpStack Network Server (08 Nov 2020)

    It has been discovered that an inaccurate frame deduplication process in ChirpStack Network Server allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go.
    CVE ID: CVE-2020-28349

  • raptor2 security update (07 Nov 2020)

    It has been discovered that there are two heap overflow vulnerabilities in raptor2, a set of parsers for RDF files which is used, amongst others, in LibreOffice. It is recommended to upgrade raptor2 packages.
    CVE ID: CVE-2017-18926

  • krb5 security update (07 Nov 2020)

    It has been discovered that there is a denial of service vulnerability in the MIT Kerberos network authentication system, krb5. The lack of a limit in the ASN.1 decoder can lead to infinite recursion and allow an attacker to overrun the stack and cause the process to crash. It is recommended to upgrade the krb5 packages.
    CVE ID: CVE-2020-28196

  • guacamole-server security update (06 Nov 2020)

    It has been discovered that the server component of Apache Guacamole, a remote desktop gateway, does not properly validate data received from RDP servers. This can result in information disclosure or even the execution of arbitrary code. It is recommended to upgrade the guacamole-server packages.
    CVE ID: CVE-2020-9497 (Medium), CVE-2020-9498 (Medium)

  • Apple releases security updates (05 Nov 2020)

    Apple has released security updates to address vulnerabilities in multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • sddm security update (05 Nov 2020)

    A vulnerability has been discovered in sddm packages, a modern display manager for X11. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges. It is recommended to upgrade the sddm packages.
    CVE ID: CVE-2020-28049

  • Vulnerability in GNOME Display Manager (05 Nov 2020)

    A vulnerability has been discovered in the GNOME Display Manager which if not detecting any users may make GDM launch initial system setup and thereby permitting the creation of new users with sudo capabilities. It is recommended to upgrade the gdm3 packages.
    CVE ID: CVE-2020-16125

  • bouncycastle security update (05 Nov 2020)

    A vulnerability has been discovered in the bouncycastle crypto library where attackers can obtain sensitive information due to observable differences in its response to invalid input. It is recommended to upgrade the bouncycastle packages.
    CVE ID: CVE-2020-26939

  • Vulnerability in Cisco AnyConnect (04 Nov 2020)

    It has been discovered that a vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software may allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script.
    CVE ID: CVE-2020-3556 (High)

  • Multiple vulnerabilities in DB2 Recovery Expert (04 Nov 2020)

    Multiple vulnerabilities have been discovered in Oracle Java SE, Java SE, and Eclipse OpenJ9 of DB2 Recovery Expert. The affected products are DB2 Recovery Expert for LUW 5.5, 5.5 IF 1, 5.5 IF 2, and 5.5.0.1. It is recommended to upgrade to DB2 Recovery Expert LUW 5.5.0.1 IF0.

  • Cisco releases security updates for multiple products (04 Nov 2020)

    Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Linux kernel security update (04 Nov 2020)

    Multiple vulnerabilities have been discovered in Linux kernel. An update for kernel is now available for Red Hat Enterprise Linux 8.
    CVE ID: CVE-2020-24490, CVE-2020-25661, CVE-2020-25662

  • Grafana security, bug fix, and enhancement update (03 Nov 2020)

    Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Multiple vulnerabilities such as XSS, arbitrary file read, and information disclosure have been discovered in grafana. An update for grafana is now available for Red Hat Enterprise Linux 8.

  • Multiple vulnerabilities in Red Hat Identity Management (IdM) (03 Nov 2020)

    Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Multiple vulnerabilities have been discovered in idm:DL1 and idm:client modules. An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8.

  • Multiple vulnerabilities in tcpdump (03 Nov 2020)

    The tcpdump packages contain the tcpdump utility for monitoring network traffic. Multiple vulnerabilities such as SMB data printing mishandled, Out of bounds read/write, Buffer over-read, Access to uninitialized buffer, and Resource exhaustion have been discovered in tcpdump. The affected products are Red Hat Enterprise Linux for x86_64 8 x86_64, Red Hat Enterprise Linux for IBM z Systems 8 s390x, Red Hat Enterprise Linux for Power, little endian 8 ppc64le and Red Hat Enterprise Linux for ARM 64 8 aarch64.

  • SQLite security update (03 Nov 2020)

    SQLite is a C library that implements an SQL database engine. Multiple vulnerabilities have been discovered in sqlite. An update for sqlite is now available for Red Hat Enterprise Linux 8.

  • GNOME security, bug fix, and enhancement update (03 Nov 2020)

    GNOME is the default desktop environment of Red Hat Enterprise Linux. Multiple vulnerabilities have been discovered in GNOME. An update for GNOME is now available for Red Hat Enterprise Linux 8.

  • Fortinet products sensitive information disclosure vulnerability (03 Nov 2020)

    An exposure of sensitive information to an unauthorized actor vulnerability has been discovered in FortiMail. This vulnerability may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file. The affected products are FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below, and FortiMail versions 6.4.1 and below.
    CVE ID: CVE-2020-15933

  • Wordpress security update (03 Nov 2020)

    Multiple vulnerabilities have been discovered in wordpress. It is recommended to upgrade the wordpress packages.
    CVE ID: CVE-2020-28040 (Medium), CVE-2020-28039 (Critical), CVE-2020-28038 (Medium), CVE-2020-28037 (Critical), CVE-2020-28036 (Critical), CVE-2020-28035 (Critical), CVE-2020-28034 (Medium), CVE-2020-28033 (High), CVE-2020-28032 (Critical)

  • Multiple vulnerabilities in ARC Informatique's Equipment (03 Nov 2020)

    Multiple vulnerabilities such as Deserialization of Untrusted Data, Access to Critical Private Variable via Public Method, and Information Exposure of Sensitive Information to an Unauthorized Actor have been discovered in ARC Informatique's Equipment- PcVue. Successful exploitation of these vulnerabilities can allow an attacker to execute arbitrary code, expose sensitive data, and prevent legitimate users from connecting to PcVue services.
    CVE ID: CVE-2020-26867 (Critical), CVE-2020-26868 (High), CVE-2020-26869 (High)

  • Multiple vulnerabilities in NEXCOM's Equipment (03 Nov 2020)

    Multiple vulnerabilities such as Improper Input Validation, and Cleartext Transmission of Sensitive Information have been discovered in NEXCOM's Equipment- NIO 50. Successful exploitation of these vulnerabilities can allow an attacker to view sensitive information and cause a denial-of-service condition due to improper input validation.
    CVE ID: CVE-2020-25151 (Medium), CVE-2020-25155 (Medium)

  • Vulnerability in WAGO's Equipment (03 Nov 2020)

    Uncontrolled Resource Consumption vulnerability has been discovered in WAGO's Equipment- 750-88x and 750-352. Successful exploitation of this vulnerability can allow an attacker to crash the device being accessed using a denial-of-service attack.
    CVE ID: CVE-2020-12516 (High)

  • Adobe releases security updates (03 Nov 2020)

    Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerabilities in multiple BIG-IP products (03 Nov 2020)

    It has been discovered that vulnerabilities exists in multiple products of BIG-IP. An attacker can exploit these vulnerabilities to take control of an affected system.

  • Android Security Bulletin (02 Nov 2020)

    Multiple vulnerabilities have been identified in Android, a remote attacker can exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and sensitive information disclosure on the targeted system. The affected versions are Android 8.0, 8.1, 9, 10 &11.

  • Vulnerability Summary (02 Nov 2020)

    Summary of vulnerabilities for the week of October 26, 2020.

  • Google releases security updates for Chrome (02 Nov 2020)

    Google has released Chrome version 86.0.4240.183 for Windows, Mac, and Linux which will roll out over the coming days/weeks. This version addresses vulnerabilities which an attacker can exploit to take control of an affected system.
    CVE ID: CVE-2020-16004 (High), CVE-2020-16005 (High), CVE-2020-16006 (High), CVE-2020-16007 (High), CVE-2020-16008 (High), CVE-2020-16009 (High), CVE-2020-16011 (High)

  • Critical vulnerability in Oracle (01 Nov 2020)

    A critical remote code execution vulnerability CVE-2020-14750 has been discovered in Oracle WebLogic Server. A remote attacker can exploit this vulnerability to take control of an affected system. The affected products and versions are Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0.
    CVE ID: CVE-2020-14750 (Critical)

  • qtsvg-opensource-src security update (31 Oct 2020)

    The QtSvg module contains classes for displaying the contents of SVG files. The malformed SVG images are able to cause a segmentation fault in qtsvg-opensource-src. It is recommended to upgrade the qtsvg-opensource-src packages.
    CVE ID: CVE-2018-19869 (Medium)

  • Linux regression update (31 Oct 2020)

    Multiple vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks. It is recommended to upgrade the linux packages.

  • Cimg security update (30 Oct 2020)

    Multiple vulnerabilities have been discovered in cimg, a powerful image processing library. It is recommended to upgrade the cimg packages.
    CVE ID: CVE-2018-7588 (High), CVE-2018-7589 (High), CVE-2018-7637 (High), CVE-2018-7638 (High), CVE-2018-7639 (High), CVE-2018-7640 (High), CVE-2018-7641 (High), CVE-2019-1010174 (Critical)

  • Multiple vulnerabilities in Hitachi products (30 Oct 2020)

    Multiple vulnerabilities have been discovered in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center.
    CVE ID: CVE-2020-14779 (Low), CVE-2020-14781 (Low), CVE-2020-14782 (Low), CVE-2020-14792 (Medium), CVE-2020-14796 (Low), CVE-2020-14797 (Low), CVE-2020-14798 (Low), CVE-2020-14803 (Medium)

  • Multiple vulnerabilities in WECON's Equipment (29 Oct 2020)

    Multiple vulnerabilities such as Stack-based Buffer Overflow, and Improper Restriction of XML External Entity Reference have been discovered in WECON's Equipment- LeviStudioU. Successful exploitation of these vulnerabilities may allow an attacker to execute code under the privileges of the application and obtain sensitive information.
    CVE ID: CVE-2020-16243 (High), CVE-2020-25186 (Medium)

  • Multiple vulnerabilities in Mitsubishi Electric's Equipment (29 Oct 2020)

    Multiple vulnerabilities such as Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation, NULL Pointer Dereference, Improper Access Control, Argument Injection, Resource Management Errors, and Uncontrolled Resource Consumption have been discovered in Mitsubishi Electric's Equipment- MELSEC iQ-R, Q and L Series. Successful exploitation of these vulnerabilities by malicious attackers may result in network functions entering a denial-of-service condition or allow malware execution, and could cause a denial-of-service condition in the Ethernet port on the CPU module.
    CVE ID: CVE-2020-5653 (Critical), CVE-2020-5654 (High), CVE-2020-5655 (High), CVE-2020-5656 (Critical), CVE-2020-5657 (High), CVE-2020-5658 (Medium), CVE-2020-5652 (High)

  • Multiple vulnerabilities in Samba (29 Oct 2020)

    Multiple vulnerabilities have been discovered in Samba. An attacker could exploit these vulnerabilities to take control of an affected system. The affected version are Samba 3.6.0, Samba 4.0 and later.
    CVE ID: CVE-2020-14318 (Medium), CVE-2020-14323 (Medium), CVE-2020-14383 (Medium)

  • Multiple vulnerabilities in SHUN HU Technology Co. Ltd's Equipment (27 Oct 2020)

    Authentication Bypass by Capture-replay and Command Injection vulnerabilities have been discovered in JUUKO Industrial Radio Remote Control. Successful exploitation of these vulnerabilities can allow attackers to replay commands, control the device, view commands, and/or stop the device from running.
    CVE ID: CVE-2018-17932 (High), CVE-2018-19025 (High)

  • Vulnerability in WebSphere Application Server Admin Console (27 Oct 2020)

    It has been discovered that WebSphere Application Server Admin Console can allow a remote attacker to traverse directories on the system. An attacker can send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. The affected versions are WebSphere Application Server 7.0, 8.0, 8.5, and 9.0.
    CVE ID: CVE-2020-4782 (Medium)

  • Multiple vulnerabilities in Red Hat Satellite system (27 Oct 2020)

    Red Hat Satellite is a systems management tool for Linux-based infrastructure which allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Multiple vulnerabilities have been discovered in Red Hat Satellite. An update is now available for Red Hat Satellite 6.8 for RHEL 7.

  • Multiple vulnerabilities in MariaDB (27 Oct 2020)

    The MariaDB is a community-developed, commercially supported fork of the MySQL Relational Database Management System (RDBMS). Multiple vulnerabilties have been discovered in MariaDB. An attacker can use these vulnerabilities to cause a hang or frequently repeatable crash (denial of service).
    CVE ID: CVE-2020-13249, CVE-2020-15180, CVE-2020-2752, CVE-2020-2760, CVE-2020-2812, CVE-2020-2814

  • Vulnerability Summary (26 Oct 2020)

    Summary of vulnerabilities for the week of October 19, 2020.

  • Multiple vulnerabilities in java-1.8.0-openjdk (26 Oct 2020)

    Multiple vulnerabilities have been discovered in OpenJDK. An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7.
    CVE ID: CVE-2020-14779 (Low), CVE-2020-14781 (Low), CVE-2020-14782 (Low), CVE-2020-14792 (Medium), CVE-2020-14796 (Low), CVE-2020-14797 (Low), CVE-2020-14803 (Medium)

  • Vulnerability in Oracle Java SE JAXP (26 Oct 2020)

    Vulnerability has been discovered in the Java SE, Java SE Embedded product of Oracle Java SE JAXP. This vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. The affected versions are Java SE: 7u261, 8u251, 11.0.7, 14.0.1, and Java SE Embedded: 8u251.
    CVE ID: CVE-2020-14621 (Medium)

  • kpatch-patch security update (26 Oct 2020)

    kpatch-patch is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. It has been discovered that the metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt, and memory corruption in net/packet/af_packet.c leads to elevation of privilege. An update is now available for Red Hat Enterprise Linux 8.
    CVE ID: CVE-2020-14385, CVE-2020-14386

  • Multiple vulnerabilities in NTPv4 affect AIX (26 Oct 2020)

    Multiple vulnerabilities have been discovered in NTPv4 that affect AIX. An attacker can exploit some of these vulnerabilities to consume all available memory resources, cause the daemon to crash or system time change or result in a denial of service condition. The affected products are AIX 7.1, 7.2 and VIOS 3.1
    CVE ID: CVE-2020-15025 (Medium), CVE-2020-13817 (High), CVE-2020-11868 (Medium)

  • CVE - KB Correlation (26 Oct 2020)

    List of CVE IDs and corresponding Knowledge Base IDs as released by Microsoft during October 2020.

  • Fastd security update (25 Oct 2020)

    Fastd is a fast and secure tunnelling daemon. A receive buffer handling vulnerability has been discovered which allows a denial of service, when receiving packets with an invalid type code. It is recommended to upgrade the fastd packages.
    CVE ID: CVE-2020-27638

  • Multiple vulnerabilities in phpmyadmin (25 Oct 2020)

    Multiple vulnerabilities have been discovered in phpmyadmin which can result in sensitive information leak, XSS attack through the transformation feature & inject malicious SQL in to a query.
    CVE ID: CVE-2019-19617 (Critical), CVE-2020-26934 (Medium), CVE-2020-26935

  • Multiple vulnerabilities in openjdk-11 (25 Oct 2020)

    Multiple vulnerabilities have been discovered in OpenJDK Java runtime, which can result in denial of service, information disclosure, bypass of access/sandbox restrictions or the acceptance of untrusted certificates. It is recommended to upgrade the openjdk-11 packages.
    CVE ID: CVE-2020-14779 (Low), CVE-2020-14781, CVE-2020-14782 (Low), CVE-2020-14792 (Medium), CVE-2020-14796 (Low), CVE-2020-14797 (Low), CVE-2020-14798 (Low), CVE-2020-14803 (Medium)

  • Freetype security update (25 Oct 2020)

    FreeType is a popular software development library used to render text onto bitmaps, and provides support for other font-related operations. It has been discovered that a heap-based buffer overflow vulnerability occurs while handling the embedded PNG bitmaps in FreeType. Opening malformed fonts may result in denial of service or the execution of arbitrary code.
    CVE ID: CVE-2020-15999

  • Vulnerability in FruityWifi (23 Oct 2020)

    It has been discovered that FruityWifi has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system. The affected versions are FruityWifi through 2.4.
    CVE ID: CVE-2020-24848

  • Microsoft releases security update for Edge (22 Oct 2020)

    Microsoft has released a security update to address vulnerabilities in Edge (Chromium-based). An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in VMware Horizon Server and VMware Horizon Client (22 Oct 2020)

    Multiple vulnerabilities such as cross site scripting and information disclosure have been discovered in VMware Horizon Server and VMware Horizon Client for Windows respectively. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed.The affected versions are Horizon Server 7.x, 8.x and Horizon Client for Windows 5.x and prior.
    CVE ID: CVE-2020-3997 (Medium), CVE-2020-3998 (Low)

  • NVIDIA GeForce Experience security update (22 Oct 2020)

    NVIDIA has released a software security update for NVIDIA GeForce Experience, all versions prior to 3.20.5.70 software. This update addresses vulnerabilities that may lead to denial of service, escalation of privileges, code execution, or information disclosure.
    CVE ID: CVE‑2020‑5977 (High), CVE‑2020‑5978 (Low), CVE‑2020‑5990 (High)

  • Multiple vulnerabilities in B. Braun Melsungen AG's Equipment (22 Oct 2020)

    B. Braun Medical Inc., develops, manufactures, and markets innovative medical products and services. Multiple vulnerabilities have been discovered in OnlineSuite versions AP 3.0 and earlier products. Successful exploitation of these vulnerabilities can allow an attacker to escalate privileges, download and upload arbitrary files, and perform remote code execution.

  • Multiple vulnerabilities in Netty (22 Oct 2020)

    Multiple vulnerabilities have been discovered in netty-3.9 - Asynchronous event-driven network application framework. A remote attacker can use these vulnerabilities to extract sensitive information.
    CVE ID: CVE-2019-16869 (High), CVE-2019-20444 (Critical), CVE-2019-20445 (Critical), CVE-2020-7238 (High)

  • Vulnerability in LibEtPan (22 Oct 2020)

    It has been discovered that libetpan - Mail Framework for C Language, incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker can possibly use this vulnerability to perform a response injection attack.
    CVE ID: CVE-2020-15953 (High)

  • Vulnerability in pip (22 Oct 2020)

    It has been discovered that pip did not properly sanitize the filename during pip install. A remote attacker can possible use this vulnerability to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack.
    CVE ID: CVE-2019-20916 (High)

  • Multiple vulnerabilities in mod_auth_mellon (22 Oct 2020)

    It has been discovered that mod_auth_mellon incorrectly handled cookies, and requests. An attacker can possibly use these vulnerabilities to cause a Cross-Site Session Transfer attack, redirect a user to a malicious URL, or access sensitive information.
    CVE ID: CVE-2017-6807 (Medium), CVE-2019-3877 (Medium), CVE-2019-3878 (High)

  • Vulnerability in MediaWiki's FileImporter extension (22 Oct 2020)

    It has been discovered that the FileImporter extension in MediaWiki do not properly attribute various user actions to a specific user's IP address. This results in an inability to properly audit and attribute various user actions performed via the FileImporter extension. The affected versions are FileImporter extension in MediaWiki through 1.35.0.
    CVE ID: CVE-2020-27621

  • Cisco releases security updates for multiple products (21 Oct 2020)

    Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Mozilla releases security updates for Firefox, Firefox ESR, and Thunderbird (21 Oct 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Bluez security update (21 Oct 2020)

    The double-free vulnerability occur when free() is called more than once with the same memory address as an argument. Double-free vulnerability has been discovered in BlueZ, a suite of Bluetooth tools, utilities and daemons. A remote attacker can potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
    CVE ID: CVE-2020-27153 (High)

  • Mariadb security update (21 Oct 2020)

    A vulnerability has been discovered in the MariaDB database server. It is recommended to upgrade the mariadb-10.1 packages.
    CVE ID: CVE-2020-15180

  • Multiple vulnerabilities in Tomcat (21 Oct 2020)

    Multiple vulnerabilities have been discovered in Tomcat. An attacker can possibly use these vulnerabilities to cause denial of service or execute arbitrary code.
    CVE ID: CVE-2020-11996 (High), CVE-2020-13934 (High), CVE-2020-13935 (High), CVE-2020-9484 (High)

  • Vulnerability in Pam-python (21 Oct 2020)

    Pam-python enables PAM modules to be written in Python. It has been discovered that Pam-python mishandled certain environment variables. A local attacker can potentially use this vulnerability to execute programs as root.
    CVE ID: CVE-2019-16729 (High)

  • Google releases security updates for Chrome (20 Oct 2020)

    Google has released Chrome version 86.0.4240.111 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker can exploit to take control of an affected system.
    CVE ID: CVE-2020-16000 (High), CVE-2020-16001 (High), CVE-2020-16002 (High), CVE-2020-15999 (High), CVE-2020-16003 (Medium)

  • Vulnerability in Grunt (20 Oct 2020)

    Grunt is a JavaScript task runner/build system/maintainer tool. It has been discovered that Grunt did not properly load yaml files. An attacker can possibly use this vulnerability to execute arbitrary code.
    CVE ID: CVE-2020-7729 (High)

  • Oracle releases October 2020 security bulletin (20 Oct 2020)

    Oracle has released its Critical Patch Update for October 2020 to address 402 vulnerabilities across multiple products. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.

  • VMware releases security updates for multiple products (20 Oct 2020)

    Multiple vulnerabilities in VMware ESXi, Workstation, Fusion and NSX-T were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. A remote attacker can exploit one of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2020-3981 (High), CVE-2020-3982 (Medium), CVE-2020-3992 (Critical), CVE-2020-3993 (High), CVE-2020-3994 (High), CVE-2020-3995 (High)

  • Adobe releases security updates for multiple products (20 Oct 2020)

    Multiple critical vulnerabilities have been discovered in various Adobe products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2020-24420, CVE-2020-24424, CVE-2020-24421, CVE-2020-9747, CVE-2020-24416, CVE-2020-24409, CVE-2020-24414, CVE-2020-24410, CVE-2020-24411, CVE-2020-24425, CVE-2020-9748, CVE-2020-9749, CVE-2020-9750, CVE-2020-24418, CVE-2020-24419, CVE-2020-24423

  • Vulnerability in Rockwell Automation's Equipment (20 Oct 2020)

    Classic Buffer Overflow vulnerability has been discovered in Rockwell Automation's Equipment- 1794-AENT Flex I/O Series B. Successful exploitation of these vulnerabilities can crash the device being accessed, resulting in a buffer overflow condition that may allow remote code execution.
    CVE ID: CVE-2020-6083 (High), CVE-2020-6084 (High), CVE-2020-6085 (High), CVE-2020-6086 (High), CVE-2020-6087 (High)

  • Multiple vulnerabilities in WECON's Equipment (20 Oct 2020)

    Multiple vulnerabilities such as Stack-based Buffer Overflow and Improper Restriction of XML External Entity Reference have been discovered in WECON's Equipment- LeviStudioU. Successful exploitation of these vulnerabilities can allows an attacker to execute code under the privileges of the application and obtain sensitive information.
    CVE ID: CVE-2020-16243 (High), CVE-2020-25186 (Medium)

  • Vulnerability in Capsule Technologies' Equipment (20 Oct 2020)

    Protection Mechanism Failure vulnerability has been discovered in Capsule Technologies' Equipment- SmartLinx Neuron 2. Successful exploitation of this vulnerability can provide an attacker with full control of a trusted device on a hospital’s internal network.
    CVE ID: CVE-2019-5024 (High)

  • Multiple vulnerabilities in Advanced Virtualization for RHEL 8.1.1 module (20 Oct 2020)

    Multiple vulnerabilities in Advanced Virtualization for RHEL 8.1.1 module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products virt:8.1 and virt-devel:8.1 modules. The updates are now available for Advanced Virtualization for RHEL 8.1.1.
    CVE ID: CVE-2020-14364 (Medium), CVE-2020-1983 (Medium)

  • Multiple vulnerabilities in Linux kernel (20 Oct 2020)

    Multiple vulnerabilities have been discovered in Bluetooth L2CAP & A2MP implementation and in Bluetooth HCI event packet parser in the Linux kernel. A physically proximate remote attacker can use this to cause a denial of service (system crash) or possibly execute arbitrary code or expose sensitive information.
    CVE ID: CVE-2020-12351, CVE-2020-12352, CVE-2020-24490

  • Vulnerability in FlightGear (19 Oct 2020)

    It has been discovered that FlightGear can write arbitrary files if received a special nasal script. A remote attacker can exploit this with a crafted file to execute arbitrary code.
    CVE ID: CVE-2016-9956 (High)

  • Multiple vulnerabilities in Linux kernel (19 Oct 2020)

    Multiple vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks. It is recommend to upgrade linux packages.
    CVE ID: CVE-2020-12351, CVE-2020-12352, CVE-2020-25211, CVE-2020-25643, CVE-2020-25645

  • rh-python36 security, bug fix, and enhancement update (19 Oct 2020)

    Multiple vulnerabilities have been discovered in python. An update for rh-python36-python, rh-python36-python-pip, and rh-python36-python-virtualenv is now available for Red Hat Software Collections.
    CVE ID: CVE-2019-16935 (Medium), CVE-2019-18348 (Medium), CVE-2019-20907 (High), CVE-2019-20916 (High), CVE-2020-8492 (Medium), CVE-2020-14422 (Medium), CVE-2020-26116 (High)

  • Vulnerability Summary (19 Oct 2020)

    Summary of vulnerabilities for the week of October 12, 2020.

  • Juniper Networks releases security updates for multiple products (16 Oct 2020)

    Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Remote Code Execution vulnerability in Microsoft Windows Codecs Library (15 Oct 2020)

    A remote code execution vulnerability exists in Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability can execute arbitrary code.
    CVE ID: CVE-2020-17022

  • Vulnerability in Advantech's R-SeeNet (15 Oct 2020)

    SQL Injection vulnerability has been discovered in Advantech R-SeeNet Versions 1.5.1 through 2.4.10 . Successful exploitation of this vulnerability can allow remote attackers to retrieve sensitive information from the R-SeeNet database.
    CVE ID: CVE-2020-25157 (High)

  • Remote Code Execution vulnerability in Visual Studio JSON (15 Oct 2020)

    A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability can run arbitrary code in the context of the current user.
    CVE ID: CVE-2020-17023

  • Adobe releases security updates for Magento (15 Oct 2020)

    Adobe has released security updates to address vulnerabilities affecting Magento Commerce and Magento Open Source. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2020-24407(Critical), CVE-2020-24400 (Critical), CVE-2020-24402(Important), CVE-2020-24401 (Important) , CVE-2020-24404 (Important) , CVE-2020-24406(Moderate), CVE-2020-24408 (Important), CVE-2020-24405 (Important), CVE-2020-24403 (Important)

  • Vulnerability in Advantech's WebAccess/SCADA (15 Oct 2020)

    Advantech WebAccess/SCADA Versions 9.0 and prior, a browser-based SCADA software package may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
    CVE ID: CVE-2020-25161 (High)

  • Multiple Vulnerabilities in Wibu-Systems AG's Equipment (15 Oct 2020)

    Multiple vulnerabilities have been discovered in Wibu-Systems AG's Equipment- CodeMeter versions prior to 7.10a, 6.81 & 6.90 . Successful exploitation of these vulnerabilities can allow an attacker to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code execution, read heap data, and prevent normal operation of third-party software dependent on the CodeMeter.
    CVE ID: CVE-2020-14509 (Critical), CVE-2020-14517 (Critical), CVE-2020-14519 (High), CVE-2020-14513 (High), CVE-2020-14515 (High), CVE-2020-16233 (High)

  • Vulnerability in Junos OS (14 Oct 2020)

    It has been discovered that the Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This may allow an attacker to steal password hashes stored on the system. The affected Juniper Networks Junos OS on NFX350 are 19.4 versions prior to 19.4R3 & 20.1 versions prior to 20.1R1-S4, 20.1R2.
    CVE ID: CVE-2020-1669 (Medium)

  • SAP releases October 2020 security updates (14 Oct 2020)

    SAP has released security updates to address vulnerabilities affecting multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in BIG-IP (14 Oct 2020)

    The product BIG-IP version 11.x,12.x,13.x,14.x,15.x & 16.x, OpenSSH Client sessions is vulnerable to a man-in-the-middle attack.
    CVE ID: CVE-2020-14145 (Medium)

  • Vulnerability in LCDS' Equipment (13 Oct 2020)

    Out-of-bounds Read vulnerability has been discovered in LCDS' Equipment- LAquis SCADA. Successful exploitation of this vulnerability can allow an attacker to execute code under the privileges of the application.
    CVE ID: CVE-2020-25188 (High)

  • Vulnerability in Flexera's Equipment (13 Oct 2020)

    Untrusted Search Path vulnerability has been discovered in Flexera's Equipment- InstallShield. Successful exploitation of this vulnerability can allow execution of a malicious DLL.
    CVE ID: CVE-2016-2542 (High)

  • Vulnerability in Fieldcomm Group's Equipment (13 Oct 2020)

    Stack-based Buffer Overflow vulnerability has been discovered in Fieldcomm Group's Equipment- HARP-IP Developer kit Release 1.0.0.0 and hipserver Release 3.6.1. Successful exploitation of this vulnerability can crash the device being accessed or a buffer overflow condition may allow remote code execution.
    CVE ID: CVE-2020-16209 (Critical)

  • Multiple vulnerabilities in Siemens' Equipment (13 Oct 2020)

    Multiple vulnerabilities have been discovered in multiple products of Siemens. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Remote Code Execution vulnerability in Windows TCP/IP (13 Oct 2020)

    A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability can gain the ability to execute code on the target server or client.
    CVE ID: CVE-2020-16898

  • Microsoft releases October 2020 security updates (13 Oct 2020)

    Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in OpenShift Container Platform 4.4.27 openshift-jenkins-2-container (13 Oct 2020)

    Multiple vulnerabilities have been discovered in OpenShift Container Platform 4.4.27 openshift-jenkins-2-container which can lead to information disclosure & cross-site scripting. An update for openshift-jenkins-2-container is now available.
    CVE ID: CVE-2020-2231(Medium), CVE-2020-2230(Medium), CVE-2020-2229 (Medium), CVE-2019-17638 (Critical)

  • Vulnerability in dom4j (13 Oct 2020)

    A vulnerability has been discovered in dom4j - Flexible XML framework for Java. If incorrectly handled reading XML data. A remote attacker can exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code.
    CVE ID: CVE-2020-10683 (Critical)

  • Update in Adobe Flash Player (13 Oct 2020)

    Adobe has released security updates for Adobe Flash Player for Windows, macOS,Linux and Chrome OS. These updates address a critical vulnerability in Adobe Flash Player. Successful exploitation can lead to an exploitable crash,potentially resulting in arbitrary code execution in the context of the current user.
    CVE ID: CVE-2020-9746 (High)

  • Update in Karnel Red Hat Enterprise Linux Server 7 (13 Oct 2020)

    A vulnerability has been discovered in the kernel of Red Hat Enterprise Linux Server 7. An update for kernel is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.
    CVE ID: CVE-2019-19527 (Medium)

  • Multiple vulnerabilities in Red Hat JBoss Enterprise Application Platform 7.3.3 (13 Oct 2020)

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Multiple Vulnerabilities have been discovered in Red Hat JBoss Enterprise Application Platform 7.3.3 which allows Denial of Service, Provide Misleading Information, Access Confidential Data.
    CVE ID: CVE-2020-14299 (Critical), CVE-2020-14338 ( Medium ), CVE-2020-14340 , CVE-2020-1954 (Medium).

  • Access Confidential Data - Remote/Unauthenticated in Siemens SIMATIC S7-300 S7-400 CPUs (13 Oct 2020)

    A Vulnerability has been discovered in Siemens SIMATIC S7-300 S7-400 CPUs, which can allows to access confidential data. The authentication protocol between a client and a PLC via port 102/tcp insufficiently protects the transmitted password. This can allow an attacker to intercept the network traffic to obtain valid PLC credentials.
    CVE ID: CVE-2020-15791(Medium)

  • Vulnerability in Hitachi ABB Power Grids' Equipment (12 Oct 2020)

    Improper Authentication vulnerability has been discovered in Hitachi ABB Power Grids' Equipment- XMC20 Multiservice-Multiplexer. Successful exploitation of this vulnerability can allow an attacker to remotely take control of the product.
    CVE ID: CVE-2018-10933 (Critical)

  • Vulnerability in Apache Tomcat (12 Oct 2020)

    In Apache Tomcat HTTP/2 Request mix-up, it has been discovered that if an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.
    CVE ID: CVE-2020-13943

  • Linux Kernel security update (11 Oct 2020)

    Multiple vulnerabilities have been discovered in the SUSE Linux Enterprise 15 SP2 kernel. The updates have been issued for various security and bug fixes.
    CVE ID: CVE-2020-26088 (Medium), CVE-2020-25284 (Medium), CVE-2020-14390 (Medium), CVE-2020-14385 (Medium), CVE-2020-2521, CVE-2020-0432 (High), CVE-2020-0431 (High), CVE-2020-0427 (Medium), CVE-2020-0404 (High).

  • Security update in Nodejs8 (10 Oct 2020)

    Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. Security update has been released to fix this vulnerability.
    CVE ID: CVE-2020-15095 (Medium)

  • Security update in Openssl1 (10 Oct 2020)

    The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. Successful exploitation may allow an attacker to eavesdrop on all encrypted communications sent over that TLS connection. Security updates has been released to fixed this in OpenSSL.
    CVE ID: CVE-2020-1968 (Low)

  • Vulnerability in httpcomponents-client (10 Oct 2020)

    A vulnerability has been discovered in httpcomponents-client, a Java library for building HTTP-aware applications that can misinterpret a malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
    CVE ID: CVE-2020-13956

  • Vulnerability in Eclipse-wtp (10 Oct 2020)

    A vulnerability has been discovered in Eclipse Web Tools Platform, a component of the Eclipse IDE, XML and DTD files referring to external entities. It can be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.
    CVE ID: CVE-2019-17637 (High)

  • Vulnerability in Rails (09 Oct 2020)

    A potential Cross-Site Scripting (XSS) vulnerability has been discovered in rails, a ruby based MVC framework. Views that allow the user to control the default value of the `t` and `translate` helpers can be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped.
    CVE ID: CVE-2020-15169 (Medium)

  • Vulnerability in IBM® Db2® (09 Oct 2020)

    A vulnerability has been discovered in IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) which can allow an unauthenticated attacker to cause a denial of service due to a hang in the execution of a terminate command.
    CVE ID: CVE-2020-4420 (High)

  • Multiple vulnerabilities in MOXA's Equipment (08 Oct 2020)

    Multiple vulnerabilities have been discovered in MOXA's Equipment- NPort IAW5000A-I/O Series Serial Device Servers. Successful exploitation of these vulnerabilities can allow an attacker to gain access to and hijack a session, allow an attacker with user privileges to perform requests with administrative privileges, allow the use of weak passwords, allow credentials of third-party services to be transmitted in cleartext, allow the use of brute force to bypass authentication on an SSH/Telnet session and allow access to sensitive information without proper authorization.
    CVE ID: CVE-2020-25198 (High), CVE-2020-25194 (High), CVE-2020-25153 (Critical), CVE-2020-25190 (High), CVE-2020-25196 (Critical), CVE-2020-25192 (Medium)

  • Vulnerability in Johnson Controls' Equipment (08 Oct 2020)

    Johnson Controls has confirmed an arbitrary file deletion vulnerability with all versions of victor Web Client. The vulnerability can allow a remote unauthenticated attacker to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack.
    CVE ID: CVE-2020-9048 (High)

  • Vulnerability in Mitsubishi Electric's MELSEC iQ-R Series (08 Oct 2020)

    An uncontrolled resource consumption vulnerability has been discovered in Mitsubishi Electric's MELSEC iQ-R Series equipment when it gets some specially crafted packets from an attacker. Successful exploitation of this vulnerability could result in a denial-of-service condition.
    CVE ID: CVE-2020-16850

  • Go Toolset security and bug fix update (08 Oct 2020)

    Go Toolset provides the Go programming language tools and libraries. An update for go-toolset-1.13 and go-toolset-1.13-golang is now available for Red Hat Developer Tools which fixes multiple vulnerabilities.
    CVE ID: CVE-2020-16845 (High), CVE-2020-15586 (Medium), CVE-2020-14040 (High)

  • Red Hat AMQ Interconnect 1.9.0 security update (08 Oct 2020)

    Red Hat AMQ Interconnect is a component of the AMQ 7 product family. Red Hat AMQ Interconnect 1.9.0 has released packages available for A-MQ Interconnect that includes security and bug fixes, and enhancements.
    CVE ID: CVE-2020-11023 (Medium) , CVE-2020-11022 (Medium), CVE-2020-7656 (Medium)

  • Multiple vulnerabilities in Jenkins Plugins (08 Oct 2020)

    Multiple vulnerabilities such as improper authorization, stored XSS, arbitrary file read, CRSF, XXE have been discovered in Jenkins products.
    CVE ID: CVE-2020-2286, CVE-2020-2287, CVE-2020-2288 (Medium), CVE-2020-2289 (Medium), CVE-2020-2290 (Medium), CVE-2020-2291 (Low), CVE-2020-2292, CVE-2020-2293 (Medium), CVE-2020-2294 (Medium), CVE-2020-2295 (Medium), CVE-2020-2296 (Medium), CVE-2020-2297, CVE-2020-2298

  • golang-go.crypto security update (08 Oct 2020)

    Multiple vulnerabilities have been discovered in golang-go.crypto package. It is recommended to upgrade to latest release.
    CVE ID: CVE-2020-9283 (High) , CVE-2019-11841 (Medium), CVE-2019-11840 (Medium)

  • ActiveMQ security update (08 Oct 2020)

    Apache ActiveMQ, a Java message broker, uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. It is recommended to upgrade the activemq packages.
    CVE ID: CVE-2020-13920 (Medium)

  • Multiple vulnerabilities in IBM Security Access Manager and IBM Security Verify Access (08 Oct 2020)

    Multiple vulnerabilities have been identified in IBM Security Access Manager and IBM Security Verify Access products which can allow an attacker to obtain sensitive information using timing side channel attacks which can lead to further attacks against the system.
    CVE ID: CVE-2020-4699, CVE-2020-4661, CVE-2020-4660

  • Gnutls security update (08 Oct 2020)

    The update for gnutls, fixes a vulnerability of heap buffer overflow in a handshake with no renegotiation alert sent.
    CVE ID: CVE-2020-24659 (High)

  • Hexchat security update (08 Oct 2020)

    The update for hexchat fixes a vulnerability that implies a directory traversal possibility if a user can be convinced to connect to a server with a hostname with ".." in its name.
    CVE ID: CVE-2016-2087 (High)

  • Multiple vulnerabilities in Java-1_7_0-openjdk (08 Oct 2020)

    Multiple vulnerabilities like NullPointerException in - DerValue.equals(DerValue), NegativeArraySizeException in - sun.security.util.DerInputStream.getUnalignedBitString(), Less Affine Transformations etc. have been discovered in Java-1_7_0-openjdk . The update for java-1_7_0-openjdk fixes the issues.
    CVE ID: CVE-2020-14621 (Medium), CVE-2020-14593 (High), CVE-2020-14583 (High), CVE-2020-14581 (Low), CVE-2020-14579 (Low), CVE-2020-14578 (Low), CVE-2020-14577 (Low)

  • Vulnerability in Cisco Firepower Management Center (07 Oct 2020)

    Cross-Site Scripting vulnerability has been discovered in the web-based management interface of Cisco Firepower Management Center that could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
    CVE ID: CVE-2020-3320 (Medium)

  • Sympa security update (07 Oct 2020)

    Sympa, a modern mailing list manager, allows privilege escalation through setuid wrappers which can allow a local attacker to obtain root access. It is recommended to upgrade the sympa packages.
    CVE ID: CVE-2020-10936 (High)

  • Qemu security update (07 Oct 2020)

    Multiple vulnerabilities such as such as OOB access, denial of service, buffer overflow and out-of-bounds read/write have been discovered in Qemu. It is recommended to upgrade the qemu packages.
    CVE ID: CVE-2020-24352 , CVE-2020-16092 (Low) , CVE-2020-15863 (High) , CVE-2020-14364 (Medium)

  • Multiple vulnerabilities in HPE products (06 Oct 2020)

    Multiple vulnerabilities such as Remote Code Execution, Denial of Service, and Disclosure of Sensitive Information have been identified in Integrated Lights-Out 4 (iLO 4) firmware for Moonshot and Edgeline cartridges and blades, and Moonshot iLO Chassis Manager firmware.
    CVE ID: CVE-2020-11914 (Medium), CVE-2020-11912 (Medium), CVE-2020-11911 (Medium), CVE-2020-11907 (Medium), CVE-2020-11906 (Medium), CVE-2020-11900 (High), CVE-2020-11898 (Critical), CVE-2020-11896 (Critical)

  • Vulnerability in McAfee File and Removable Media Protection (FRP) (06 Oct 2020)

    An unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a policy is triggered.
    CVE ID: CVE-2020-7316 (Medium)

  • Multiple vulnerabilities in Thunderbird (06 Oct 2020)

    Multiple vulnerabilities have been discovered in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
    CVE ID: CVE-2020-15678 (High), CVE-2020-15677 (Medium), CVE-2020-15676 (Medium), CVE-2020-15673 (High)

  • Vulnerability in Tigervnc (06 Oct 2020)

    A vulnerability has been discovered in tigernvc, a Virtual Network Computing client and server implementation. The viewer implementation mishandles TLS certificate exceptions, storing the certificates as authorities, meaning that the owner of a certificate can impersonate any server after a client has added an exception.
    CVE ID: CVE-2020-26117

  • Vulnerability in Spice (06 Oct 2020)

    It has been discovered that Spice incorrectly handled QUIC image decoding. A remote attacker can use this to cause Spice to crash, resulting in a denial of service or possibly execute arbitrary code.
    CVE ID: CVE-2020-14355

  • Vulnerability in php7.0 (06 Oct 2020)

    A vulnerability has been discovered in PHP, a server-side, HTML-embedded scripting language. When PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge a cookie which is supposed to be secure.
    CVE ID: CVE-2020-7070 (Medium)

  • Vulnerabilities in Unbound of Red Hat Enterprise Linux 7.7 (06 Oct 2020)

    The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Multiple vulnerabilities such as amplification of an incoming query into a large number of queries directed to a target and infinite loop via malformed DNS answers received from upstream servers have been detected. An update for unbound is now available for Red Hat Enterprise Linux 7.7.
    CVE ID: CVE-2020-12663 (High) , CVE-2020-12662 (High)

  • Multiple vulnerabilities in Red Hat OpenShift Virtualization (06 Oct 2020)

    Multiple vulnerabilities have been identified in Red Hat Container Native Virtualization 2.4 for RHEL 8 x86_64 & 7 x86_64. Red Hat OpenShift Virtualization release 2.4.2 is available with updates to packages and images that fix all bugs and add enhancements.
    CVE ID: CVE-2019-11756 (High), CVE-2019-17006, CVE-2019-17023 (Medium), CVE-2020-12402 (Medium), CVE-2020-12825 (High), CVE-2020-14352 (High), CVE-2020-14365 (High), CVE-2020-15586 (Medium), CVE-2020-16845 (High)

  • Multiple vulnerabilities in Perl-DBI ( 05 Oct 2020 )

    Multiple vulnerabilities such as NULL profile dereference in dbi_profile ,memory corruption and stack corruption have been discovered in Perl-DBI. It is recommended to update the Perl-DBI packages.
    CVE ID: CVE-2019-20919 (Medium) , CVE-2013-7491 (Medium) , CVE-2013-7490 (Medium)

  • Multiple vulnerabilities in OpenSSH and OpenSSL shipped with IBM Security Access Manager Appliance (05 Oct 2020)

    Multiple vulnerabilities have been discovered in OpenSSH and OpenSSL shipped with IBM Security Access Manager Appliance. OpenSSH & OpenSSL can allow a remote attacker to obtain sensitive information. Affected Products and Versions are IBM Security Access Manage 7.0 & 8.0.
    CVE ID: CVE-2019-1559 (Medium) , CVE-2018-15473 (Medium)

  • Vulnerability in OpenConnect (05 Oct 2020)

    It has been discovered that OpenConnect has a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. An attacker can use it to provoke a Denial of Service attack.
    CVE ID: CVE-2019-16239 (Critical)

  • Vulnerabilities in Apache Tika (05 Oct 2020)

    Multiple vulnerabilities have been discovered in Apache Tika. It can have excessive memory usage by using a crafted or corrupt PSD file. An attacker can use it to cause a Denial of Service attack.
    CVE ID: CVE-2020-1951 (Medium), CVE-2020-1950 (Medium)

  • Vulnerability in OpenDMARC (05 Oct 2020)

    It has been discovered that OpenDMARC is prone to a signature-bypass vulnerability with multiple "From:" addresses. An attacker can use it to bypass spam and abuse filters.
    CVE ID: CVE-2019-16378 (Critical)

  • Multiple vulnerabilities affecting Android Devices (05 Oct 2020)

    Multiple vulnerabilities have been discovered in Android devices. Security patches have been issued. The most severe of these issues is a high security vulnerability in the System component that can enable a remote attacker using a specially crafted transmission to gain access to additional permissions.

  • Vulnerabilities in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository (05 Oct 2020)

    Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository. Affected products and versions are WebSphere Service Registry and Repository V8.5 & V9.0 and WebSphere Application Server V8.5.5 & V8.0.
    CVE ID: CVE-2020-4629 (Low), CVE-2020-4576

  • Security update for rh-mariadb102-mariadb and rh-mariadb102-galera fixes multiple vulnerabilities (05 Oct 2020)

    MariaDB is a multi-user, multi-threaded SQL database server. Multiple vulnerabilities have been identified in rh-mariadb102-mariadb and rh-mariadb102-galera. An update for rh-mariadb102-mariadb and rh-mariadb102-galera has been rolled out for Red Hat Software Collections.

  • Vulnerability in rh-maven35-jackson-databind (05 Oct 2020)

    The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. An update for rh-maven35-jackson-databind has been rolled out for Red Hat Software Collections.
    CVE ID: CVE-2020-24750 (High)

  • Red Hat Virtualization security, bug fix, and enhancement update (05 Oct 2020)

    An update for cockpit-ovirt, imgbased, redhat-release-virtualization-host, and redhat-virtualization-host has been rolled out for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. This update has been rated as having a security impact of Important by Red Hat Product Security.
    CVE ID: CVE-2020-14364 (Medium), CVE-2020-10713 (High)

  • Vulnerability in urllib3 (05 Oct 2020)

    The urllib3 is a powerful, user-friendly HTTP client for Python. It has been discovered that urllib3 incorrectly handled certain character sequences. A remote attacker can possibly use this issue to perform Carriage Return Line Feed (CRLF) injection.
    CVE ID: CVE-2020-26137

  • Vulnerabilities in Yaws (05 Oct 2020)

    It has been discovered that Yaws does not properly sanitize XML input and mishandled certain input when running CGI scripts. A remote attacker can use these vulnerabilities to execute an XML External Entity (XXE) injection attack and to execute arbitrary commands respectively.
    CVE ID: CVE-2020-24916 (Critical), CVE-2020-24379 (Critical)

  • Vulnerability in Brotli (05 Oct 2020)

    A vulnerability has been identified in Brotli a lossless compression algorithm and format, if incorrectly handled certain inputs an attacker can possibly use this issue to cause a crash.
    CVE ID: CVE-2020-8927 (Medium)

  • Vulnerability in Rack-cors (05 Oct 2020)

    Rack-cors provides support for Cross-Origin Resource Sharing (CORS) for Rack compatible web applications. It has been discovered that rack-cors does not properly handle relative file paths. An attacker can use this vulnerability to access arbitrary files.
    CVE ID: CVE-2019-18978 (Medium)

  • Vulnerabilities in Cyrus IMAP Server (05 Oct 2020)

    The Cyrus IMAP Server can execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name and allow users to create any mailbox with administrative privileges. An attacker can use these vulnerabilities to cause a crash or possibly execute arbitrary code and obtain sensitive information respectively.
    CVE ID: CVE-2019-19783 (Medium), CVE-2019-11356 (Critical)

  • Multiple vulnerabilities in HPE IP Console Switch G2 (02 Oct 2020)

    A potential security vulnerability has been identified in HPE IP Console Switch G2 4x1Ex32. The vulnerability can be remotely exploited to allow Stored XSS, code injection.
    CVE ID: CVE-2020-24627, CVE-2020-24628

  • Multiple vulnerabilities in Xen hypervisor (02 Oct 2020)

    Multiple vulnerabilities have been discovered in the Xen hypervisor, which can result in denial of service, guest-to-host privilege escalation or information leaks.
    CVE ID: CVE-2020-25595 (High), CVE-2020-25596 (Medium), CVE-2020-25597 (Medium), CVE-2020-25599 (High), CVE-2020-25600 (Medium), CVE-2020-25601 (Medium), CVE-2020-25602 (Medium), CVE-2020-25603 (High), CVE-2020-25604 (Medium).

  • SNMPTT Security Update (02 Oct 2020)

    It has been discovered that SNMP Trap Translator (SNMPTT) does not drop privileges as configured and does not properly escape shell commands in certain functions. A remote attacker, by sending a malicious crafted SNMP trap, can possibly execute arbitrary shell code with the privileges of the process or cause a Denial of Service condition.
    CVE ID: CVE-2020-24361 (Critical)

  • Multiple vulnerabilities in Wibu-Systems AG’s Equipment (01 Oct 2020)

    Multiple vulnerabilities such as Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature and Improper Resource Shutdown or Release have been discovered in Wibu-Systems AG’s CodeMeter Equipment. Successful exploitation of these vulnerabilities can allow an attacker to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code execution, read heap data, and prevent normal operation of third-party software dependent on the CodeMeter.
    CVE ID: CVE-2020-14509 (Critical), CVE-2020-14519 (High), CVE-2020-14517 (Critical), CVE-2020-16233 (High), CVE-2020-14513 (High), CVE-2020-14515 (High)

  • Vulnerability in IBM Security Access Manager for Enterprise Single Sign-On (01 Oct 2020)

    An information exposure vulnerability has been Identified in IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On. The affected versions are IBM Security Access Manager for Enterprise Single Sign-On 8.2.0, 8.2.1, 8.2.2.
    CVE ID: CVE-2020-4576 (Medium)

  • Vulnerability in Intel CPU SRBDS side-channel (01 Oct 2020)

    It has been discovered that an incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
    CVE ID: CVE-2020-0543 (Medium)

  • Multiple vulnerabilities in MB connect line’s Equipment (30 Sep 2020)

    Multiple Vulnerabilities such as SQL Injection, Cross-site Request Forgery and Command Injection have been discovered in MB connect line’s Equipment- mymbCONNECT24, mbCONNECT24. Successful exploitation of these vulnerabilities can allow a remote attacker to gain unauthorized access to arbitrary information or allow remote code execution.
    CVE ID: CVE-2020-24569, CVE-2020-24568, CVE-2020-24570

  • Vulnerability in Gon gem (30 Sep 2020)

    ruby-gon is a ruby library to send data to JavaScript from a Ruby application. It has been discovered that Gon gem does not properly escape certain input. An attacker can use this vulnerability to execute a cross-site scripting (XSS) attack.
    CVE ID: CVE-2020-25739 (Medium)

  • Vulnerability in MantisBT (30 Sep 2020)

    It has been discovered that crafted custom field name may be used to inject HTML into bug_actiongroup_page in MantisBT. The affected versions are MantisBT before 2.24.3.
    CVE ID: CVE-2020-25830

  • Vulnerability in Samba (30 Sep 2020)

    It has been discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker can use this issue to forge an authentication token and steal the credentials of the domain admin.
    CVE ID: CVE-2020-1472 (Critical)

  • Vulnerability in libapreq2 (30 Sep 2020)

    libapreq2 is a safe, standards-compliant, high-performance library used for parsing HTTP cookies, query-strings and POST data. It has been discovered that libapreq2 did not properly sanitize the Content-Type field in certain, crafted HTTP requests. An attacker can use this vulnerability to cause libapreq2 to crash.
    CVE ID: CVE-2019-12412

  • Vulnerability in kramdown (30 Sep 2020)

    Kramdown is a fast, pure-Ruby Markdown-superset converter for ruby library. It has been discovered that kramdown insecurely handled certain crafted input. An attacker can use this vulnerability to read restricted files or execute arbitrary code.
    CVE ID: CVE-2020-14001 (Critical)

  • Vulnerability in WebSphere Application Server (30 Sep 2020)

    It has been discovered that WebSphere Application Server is vulnerable to an information disclosure vulnerability. IBM WebSphere Application Server traditional can allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. The affected versions are WebSphere Application Server 7.0, 8.0, 8.5, and 9.0.
    CVE ID: CVE-2020-4576

  • OpenShift Container Platform 4.5.13 openshift-enterprise-console-container security update (30 Sep 2020)

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Birthday attack against 64-bit block ciphers has been discovered in SSL/TLS. An update for openshift-enterprise-console-container is now available for Red Hat OpenShift Container Platform 4.5.
    CVE ID: CVE-2016-2183 (High)

  • Vulnerability in WEBrick (29 Sep 2020)

    A potential HTTP request smuggling vulnerability has been discovered in WEBrick. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to “smuggle” a request.
    CVE ID: CVE-2020-25613

  • cloud-init security, bug fix, and enhancement update (29 Sep 2020)

    The cloud-init packages provide a set of init scripts for cloud instances. Multiple vulnerabilities have been discovered in cloud-init. An update for cloud-init is now available for Red Hat Enterprise Linux 7.
    CVE ID: CVE-2020-8631 (Medium), CVE-2020-8632 (Medium), CVE-2018-10896 (High)

  • dnsmasq security and bug fix update (29 Sep 2020)

    The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. A memory leak vulnerability has been discovered in the create_helper() function in /src/helper.c. An update for dnsmasq is now available for Red Hat Enterprise Linux 7.
    CVE ID: CVE-2019-14834 (Low)

  • SDL security update (29 Sep 2020)

    Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Multiple vulnerabilities have been discovered in SDL. An update for SDL is now available for Red Hat Enterprise Linux 7.

  • Multiple vulnerabilities in B&R Industrial Automation GmbH's Equipment (29 Sep 2020)

    Multiple vulnerabilities such as Path Traversal, Uncontrolled Resource Consumption, Information Exposure, Improper Authentication, and Information Disclosure have been discovered in B&R Industrial Automation GmbH's Equipment- SiteManager and GateManager. Successful exploitation of these vulnerabilities can allow for arbitrary information disclosure, manipulation, and a denial-of-service condition.
    CVE ID: CVE-2020-11641 (High), CVE-2020-11642 (High), CVE-2020-11643 (Medium), CVE-2020-11644 (Medium), CVE-2020-11645 (Medium), CVE-2020-11646 (Medium)

  • webkitgtk4 security, bug fix, and enhancement update (29 Sep 2020)

    Multiple vulnerabilities have been discovered in webkitgtk4. An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7.

  • libexif security, bug fix, and enhancement update (29 Sep 2020)

    The libexif packages provide a library for extracting extra information from image files. Multiple vulnerabilities have been discovered in libexif. An update for libexif is now available for Red Hat Enterprise Linux 7.
    CVE ID: CVE-2019-9278 (High), CVE-2020-0093 (Medium), CVE-2020-13113 (High), CVE-2020-13114 (High), CVE-2020-0182 (Medium), CVE-2020-12767 (Medium)

  • freerdp security, bug fix, and enhancement update (29 Sep 2020)

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Multiple vulnerabilities have been discovered in freerdp. An update for freerdp is now available for Red Hat Enterprise Linux 7.

  • mariadb security and bug fix update (29 Sep 2020)

    MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Multiple vulnerabilities such as Optimizer unspecified, C API unspecified, DML unspecified, and Stored Procedure unspecified have been discovered in mysql of MariaDB. An update for mariadb is now available for Red Hat Enterprise Linux 7.
    CVE ID: CVE-2019-2974 (Medium), CVE-2020-2752 (Medium), CVE-2020-2780 (Medium), CVE-2020-2812 (Medium), CVE-2020-2574 (Medium)

  • libxslt security update (29 Sep 2020)

    libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. It has been discovered that xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL and use after free vulnerability exits in xsltCopyText in transform.c can lead to information disclosure. An update for libxslt is now available for Red Hat Enterprise Linux 7.
    CVE ID: CVE-2019-11068 (Critical), CVE-2019-18197 (High)

  • libvirt security and bug fix update (29 Sep 2020)

    The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Multiple vulnerabilities such as potential DoS by holding a monitor job while querying QEMU guest-agent, and potential denial of service via active pool without target path have been discovered in libvirt. An update for libvirt is now available for Red Hat Enterprise Linux 7.
    CVE ID: CVE-2019-20485 (Medium), CVE-2020-10703 (Medium)

  • exiv2 security update (29 Sep 2020)

    The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. An out-of-bounds read vulnerability in CiffDirectory::readDirectory due to lack of size check has been discovered in exiv2. An update for exiv2 is now available for Red Hat Enterprise Linux 7.
    CVE ID: CVE-2019-17402 (Medium)

  • freeradius security and bug fix update(29 Sep 2020)

    FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Multiple vulnerabilities such as privilege escalation, Information leak, and DoS have been discovered in freeradius. An update for freeradius is now available for Red Hat Enterprise Linux 7.

  • glib2 and ibus security and bug fix update (29 Sep 2020)

    GLib provides the core application building blocks for libraries and applications written in C. It has been discovered that file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress and missing authorization allows local attacker to access the input bus of another user. An update for glib2 and ibus is now available for Red Hat Enterprise Linux 7.
    CVE ID: CVE-2019-12450 (Critical), CVE-2019-14822 (High)

  • subversion security update (29 Sep 2020)

    Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. A remotely triggerable DoS vulnerability has been discovered in svnserve 'get-deleted-rev'. An update for subversion is now available for Red Hat Enterprise Linux 7.
    CVE ID: CVE-2018-11782 (Medium)

  • Vulnerability Summary (28 Sep 2020)

    Summary of vulnerabilities for the week of September 21, 2020.

  • Vulnerability in libuv (28 Sep 2020)

    It has been discovered that libuv incorrectly handled certain paths. An attacker can possibly use this vulnerability to cause a crash or execute arbitrary code.
    CVE ID: CVE-2020-8252

  • Kubernetes vulnerabilities in IBM Cloud Private (28 Sep 2020)

    It has been discovered that IBM Cloud Private is vulnerable to Kubernetes vulnerabilities. The affected versions are IBM Cloud Private 3.2.1 CD and 3.2.2 CD.
    CVE ID: CVE-2020-8557 (Medium), CVE-2020-8559 (Medium)

  • libdbi-perl security update (28 Sep 2020)

    Multiple vulnerabilities have been discovered in the Perl5 Database Interface (DBI). An attacker can trigger a denial-of-service (DoS) and possibly execute arbitrary code. It is recommended to upgrade the libdbi-perl packages.
    CVE ID: CVE-2019-20919 (Medium), CVE-2020-14392 (Medium), CVE-2020-14393 (High)

  • linux-4.19 security update (28 Sep 2020)

    Multiple vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service, or information leak. It is recommended to upgrade the linux-4.19 packages.

  • qt4-x11 security update (28 Sep 2020)

    Multiple vulnerabilities have been discovered in qt4-x11, the legacy version of the Qt toolkit. It is recommended to upgrade the qt4-x11 packages.
    CVE ID: CVE-2018-15518 (High), CVE-2018-19869 (Medium), CVE-2018-19870 (High), CVE-2018-19871 (Medium), CVE-2018-19872 (Medium), CVE-2018-19873 (Critical), CVE-2020-17507 (Medium)

  • Vulnerability in libPGF (28 Sep 2020)

    libpgf is a Progressive Graphics File (PGF) library. It has been discovered that libPGF lacked proper validation when opening a specially crafted PGF file. An attacker can possibly use this vulnerability to cause a denial of service.
    CVE ID: CVE-2015-6673 (Critical)

  • Vulnerability in Teeworlds (28 Sep 2020)

    Teeworlds is an online multi-player platform 2D shooter. It has been discovered that Teeworlds server does not properly handle certain network traffic. A remote, unauthenticated attacker can use this vulnerability to cause Teeworlds server to crash.
    CVE ID: CVE-2020-12066 (High)

  • Multiple vulnerabilities in Squid (28 Sep 2020)

    It has been discovered that Squid incorrectly handled certain Content-Length headers, incorrectly validated certain data and incorrectly handled certain Cache Digest response messages sent by trusted peers. A remote attacker can possibly use these vulnerabilities to perform an HTTP request smuggling and splitting attack, resulting in cache poisoning and causes Squid to consume resources, resulting in a denial of service.
    CVE ID: CVE-2020-15049 (High), CVE-2020-15810 (Medium), CVE-2020-15811 (Medium), CVE-2020-24606 (High)

  • Vulnerability in DPDK (28 Sep 2020)

    It has been discovered that DPDK incorrectly handled vhost crypto. An attacker inside a guest can use these issues to perform multiple attacks, including denial of service attacks, obtaining sensitive information from the host, and possibly executing arbitrary code on the host.
    CVE ID: CVE-2020-14374, CVE-2020-14375, CVE-2020-14376, CVE-2020-14377, CVE-2020-14378

  • Vulnerability in SSVNC (28 Sep 2020)

    It has been discovered that the LibVNCClient vendored in SSVNC incorrectly handled certain packet lengths. A remote attacker can possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.
    CVE ID: CVE-2018-20020 (Critical), CVE-2018-20021 (High), CVE-2018-20022 (High), CVE-2018-2024 (High)

  • Multiple vulnerabilities in iTALC (28 Sep 2020)

    Multiple vulnerabilities have been discovered in iTALC. A remote attacker can exploit these vulnerabilities to expose and obtain sensitive information, cause a denial of service, or execute arbitrary code.
    CVE ID: CVE-2019-15681 (High), CVE-2018-15127 (Critial), CVE-2018-20019 (Critical), CVE-2018-20020 (Critical), CVE-2018-20021 (High), CVE-2018-20022 (High), CVE-2018-20023 (High), CVE-2018-20024 (High), CVE-2018-20748 (Critical), CVE-2018-20749 (Critical), CVE-2018-20750 (Critical), CVE-2018-7225 (Critical), CVE-2019-15681 (High)

  • yaws security update (26 Sep 2020)

    Multiple vulnerabilities have been discovered in yaws, a high performance HTTP 1.1 webserver written in Erlang. Reject external resource requests in DAV in order to avoid XML External Entity (XXE) attacks and Sanitize CGI executable in order to avoid command injection via CGI requests. It is recommended to upgrade the yaws package.
    CVE ID: CVE-2020-24379 (Critical), CVE-2020-24916 (Critical)

  • lua5.3 security update (26 Sep 2020)

    A vulnerability was discovered in lua5.3, a simple, extensible, embeddable programming language whereby a negation overflow and segmentation fault can be triggered in getlocal and setlocal. It is recommended to upgrade the lua5.3 packages.
    CVE ID: CVE-2020-24370 (Medium)

  • ruby-gon security update (26 Sep 2020)

    It has been discovered that a cross-site scripting (XSS) vulnerability in ruby-gon, a Ruby library to send/convert data to Javascript from a Ruby application. It is recommended to upgrade the ruby-gon packages.
    CVE ID: CVE-2020-25739

  • Vulnerability in Yokogawa's Equipment (25 Sep 2020)

    Buffer Copy Without Checking Size of Input vulnerability has been discovered in Yokogawa's Equipment- Main equipment. Successful exploitation of this vulnerability can terminate the program abnormally.
    CVE ID: CVE-2020-16232 (Low)

  • mediawiki security update (25 Sep 2020)

    Multiple vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work. It has been discovered that SpecialUserRights can leak whether a user existed or not, multiple code paths lacked HTML sanitisation allowing for cross-site scripting and TOTP validation applied insufficient rate limiting against brute force attempts. It is recommended to upgrade the mediawiki package.
    CVE ID: CVE-2020-25813, CVE-2020-25814, CVE-2020-25827, CVE-2020-25828

  • openssl1.0 security update (25 Sep 2020)

    It has ben discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker can possibly use this vulnerability to eavesdrop on encrypted communications. It is recommended to upgrade the openssl1.0 packages.
    CVE ID: CVE-2020-1968 (Low)

  • Multiple vulnerabilities in libquicktime (25 Sep 2020)

    It has been discovered that libquicktime incorrectly handled certain malformed MP4 files. If a user is tricked into opening a specially crafted MP4 file, a remote attacker can use this issue to cause libquicktime to crash, resulting in a denial of service.
    CVE ID: CVE-2017-9122 (Medium), CVE-2017-9123 (Medium), CVE-2017-9124 (Medium), CVE-2017-9125 (Medium), CVE-2017-9126 (Medium), CVE-2017-9127 (Medium), CVE-2017-9128 (Medium)

  • Multiple vulnerabilities in MiniUPnPd (25 Sep 2020)

    It has been discovered that MiniUPnPd does not properly validate callback addresses, incorrectly handled unpopulated user XML input, empty description when port mapping, and do not properly parse certain PCP requests. A remote attacker can possibly use this issue to expose sensitive information and cause MiniUPnPd to crash, resulting in a denial of service.
    CVE ID: CVE-2019-12107 (High), CVE-2019-12108 (High), CVE-2019-12109 (High), CVE-2019-12110 (High), CVE-2019-12111 (High)

  • Alien, Password-stealing malware is affecting hundreds of Android apps (24 Sep 2020)

    Alien is part of a new generation of Android banking trojans which have integrated remote-access features into their codebases to steal user credentials from 226 different applications. The malware is distributed via phishing sites & SMS, for example malicious page tricking the victims into downloading fake software updates or fake Corona apps  and can be purchased as a Malware-as-a-Service (MaaS) on hacker forums on the dark web.

  • Multiple vulnerabilities in 3S-Smart Software Solutions' Equipment (24 Sep 2020)

    Multiple vulnerabilities such as Improper Access Control, and Relative Path Traversal have been discovered in 3S-Smart Software Solutions' Equipment- CoDeSys. Successful exploitation of these vulnerabilities can allow an attacker to gain unauthorized access and obtain administrative privileges.
    CVE ID: CVE-2012-6068 (Critical), CVE-2012-6069 (Critical)

  • Cisco releases security updates for multiple products (24 Sep 2020)

    Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in atftpd (24 Sep 2020)

    It has been discovered that discovered that atftpd incorrectly handled certain malformed packets, and not properly lock the thread list mutex. A remote attacker can send a specially crafted packet to cause atftpd to crash, resulting in a denial of service or an attacker can send a large number of tftpd packets simultaneously when running atftpd in daemon mode to cause atftpd to crash, resulting in a denial of service.
    CVE ID: CVE-2019-11365 (Critical), CVE-2019-11366 (Medium)

  • Multiple vulnerabilities in PackageKit (24 Sep 2020)

    It has been discovered that PackageKit incorrectly handled certain methods and local deb packages. A local attacker can use this vulnerability to learn the MIME type of any file on the system or to install untrusted packages, contrary to expectations.
    CVE ID: CVE-2020-16121, CVE-2020-16122

  • Vulnerability in Aptdaemon (24 Sep 2020)

    It has been discovered that Aptdaemon incorrectly handled the Locale property. A local attacker can use this vulnerability to test for the presence of local files.
    CVE ID: CVE-2020-15703

  • Vulnerability in AWL (24 Sep 2020)

    It has been discovered that DAViCal Andrew's Web Libraries (AWL) do not properly manage session keys. An attacker can possibly use this vulnerability to impersonate a session.
    CVE ID: CVE-2020-11728 (High)

  • Multiple vulnerabilities in FortiGate and FortiNAC (23 Sep 2020)

    Insufficient logging, and improper neutralization of input vulnerability have been discovered in FortiGate and FortiNAC repectively. The affected products are FortiGate versions 6.2.4 and below, FortiGate version 6.4.0, and FortiNAC version 8.7.2 and below. It is recommended to upgrade to FortiGate 6.4.1 or above and FortiNAC 8.7.3 or above.
    CVE ID: CVE-2020-12818, CVE-2020-12816 (High)

  • Vulnerability in RDFLib (23 Sep 2020)

    RDFLib is a pure Python package for working with RDF. It has been discovered that RDFLib did not properly load modules on the command-line. An attacker can possibly use this vulnerability to cause RDFLib to execute arbitrary code.
    CVE ID: CVE-2019-7653 (Critical)

  • Vulnerability in Eaton (22 Sep 2020)

    A DLL hijacking vulnerability has been discovered in Eaton. An attacker can execute arbitrary code by replacing the vci11un6.DLL and cinpl.DLL when application tries to load the DLLs to perform normal operations. The affected product is 9000x programing and configuration software version 2.0.38 and prior.
    CVE ID: CVE-2020-6654 (High)

  • Vulnerability in Xen (22 Sep 2020)

    It has been discovered that a race condition arises in Xen when migrating timers of x86 HVM guests between its vCPU-s, the locking model used allows for a second vCPU of the same guest also operating on the timers to release a lock that it do n't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e. a Denial of Service (DoS).
    CVE ID: CVE-2020-25604

  • Vulnerability in BusyBox (22 Sep 2020)

    It has been discovered that the BusyBox wget applet incorrectly validated SSL certificates. A remote attacker can possibly use this issue to intercept secure communications.
    CVE ID: CVE-2018-1000500 (High)

  • Vulnerability in FreeType (22 Sep 2020)

    It has been discovered that FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. An attacker may be able to use a maliciously crafted file to create a buffer overflow and potentially expose small amounts of memory from the PostScript process.
    CVE ID: CVE-2015-9382 (Medium)

  • Vulnerability in LTSP Display Manager (22 Sep 2020)

    It has been discovered that the LTSP Display Manager (ldm) incorrectly handled user logins from unsupported shells. A local attacker can possibly use this issue to gain root privileges.
    CVE ID: CVE-2019-20373 (High)

  • Mozilla releases security updates for Firefox and Firefox ESR (22 Sep 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker can exploit some of these vulnerabilities to take control of an affected system.
    CVE ID: CVE-2020-15677 (Medium), CVE-2020-15676 (Medium), CVE-2020-15678 (Medium), CVE-2020-15673 (High), CVE-2020-15675 (High), CVE-2020-15674 (High)

  • Vulnerability in General Electric's(GE) Reason S20 Ethernet Switch (22 Sep 2020)

    Cross-site Scripting vulnerability has been discovered in General Electric's Equipment- Reason S20 managed Ethernet Switch. Successful exploitation of these vulnerabilities can allow unauthorized accounts manipulation and allow for remote code execution. GE recommends that S20 users upgrade to firmware Version 07A06 or higher to fix this vulnerability.
    CVE ID: CVE-2020-16242 (Medium), CVE-2020-16246 (Medium)

  • Multiple vulnerabilities in GE Digital's APM Classic (22 Sep 2020)

    Multiple vulnerabilities such as Authorization Bypass Through User-controlled Key, and Use of a One-Way Hash Without a Salt have been discovered in GE Digital's Equipment- APM Classic, a tool to analyze and process data. Successful exploitation of these vulnerabilities can allow access to sensitive information.
    CVE ID: CVE-2020-16240 (High), CVE-2020-16244 (High)

  • CVE - KB Correlation (22 Sep 2020)

    List of CVE ID and corresponding Knowledge Base IDs as released by Microsoft during September 2020.

  • Multiple vulnerabilities in DB2 Query Management Facility (21 Sep 2020)

    Multiple vulnerabilities have been discovered in DB2 Query Management Facility, Query Management Facility Classic Edition, and Query Management Facility Enterprise Edition. An unauthenticated attacker can obtain sensitive information, cause low confidentiality impact, low integrity impact, no availability impact and can cause a denial of service resulting in a low availability impact using unknown attack vectors.
    CVE ID: CVE-2020-14583 (High), CVE-2020-14593 (High), CVE-2020-14621 (Medium), CVE-2020-14556 (Medium), CVE-2020-14581 (Low), CVE-2020-14579 (Low), CVE-2020-14578 (Low), CVE-2020-14577 (Low), CVE-2019-17639 (Medium)

  • Vulnerability Summary (21 Sep 2020)

    Summary of vulnerabilities for the week of September 14, 2020.

  • Vulnerability in TNEF (21 Sep 2020)

    TNEF is a tool to unpack MIME application/ms-tnef attachments. It has been discovered that TNEF incorrectly handled filenames. If a user is tricked into opening a specially crafted email attachment, an attacker can possibly use this issue to write arbitrary files to the filesystem or cause TNEF crash, resulting in a denial of service.
    CVE ID: CVE-2019-18849 (Medium)

  • Vulnerability in FortiAnalyzer and FortiTester (21 Sep 2020)

    An improper neutralization of input vulnerability has been discovered in FortiAnalyzer and FortiTester, which may allow a remote authenticated attacker to inject script related HTML tags via the Storage Connectors Name Parameter and IPv4/IPv6 address fields respectively. The affected products are FortiAnalyzer versions 6.2.5 , 6.4.1 and below. FortiTester versions 3.8.0; 3.7.0 and below.
    CVE ID: CVE-2020-12815, CVE-2020-12817

  • Google releases security updates for Chrome (21 Sep 2020)

    Google has released Chrome version 85.0.4183.121 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker can exploit to take control of an affected system.
    CVE ID: CVE-2020-15960 (High), CVE-2020-15961 (High), CVE-2020-15962 (High), CVE-2020-15963 (High), CVE-2020-15965 (High), CVE-2020-15966 (Medium), CVE-2020-15964 (Low)

  • MISP security update (21 Sep 2020)

    It has been discovered that MISP can perform an unwanted action because of a POST operation on a form that is not linked to the login page. The affected versions are MISP before 2.4.132.
    CVE ID: CVE-2020-25766 (Medium)

  • Vulnerability in LibOFX (21 Sep 2020)

    LibOFX is a client-side implementation of Open Financial Exchange specification. It has been discovered that LibOFX does not properly check for errors in certain situations, leading to a NULL pointer dereference. A remote attacker can use this issue to cause a denial of service attack.
    CVE ID: CVE-2019-9656 (High)

  • Vulnerability in noVNC (21 Sep 2020)

    noVNC is a HTML5 VNC client - daemon and programs. It has been discovered that noVNC does not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker can use this issue to conduct cross-site scripting (XSS) attacks.
    CVE ID: CVE-2017-18635 (Medium)

  • InspIRCd security update (20 Sep 2020)

    mysql module before v3.3.0 & pgsql module of the InspIRCd IRC daemon contains vulnerability. When combined with the sqlauth or sqloper modules these vulnerabilities can be used to remotely crash an InspIRCd server by any user able to connect to a server. It is recommended to upgrade the InspIRCd packages.
    CVE ID: CVE-2019-20917 (Medium), CVE-2020-25269 (Medium)

  • Rampant Kitten – An Espionage Campaign (18 Sep 2020)

    Researchers have reported a new Android malware that targets victim's personal device data, browser credentials and Telegram messaging application files. The Android malware collects all two-factor authentication (2FA) security codes sent to devices, sniffs out Telegram credentials and launches Google account phishing attacks. The malware may be used to launch attacks on critical sector organisations.

  • Multiple vulnerabilities in MB connect line's Equipment (18 Sep 2020)

    Multiple vulnerabilities such as SQL Injection, Cross-site Request Forgery, Command Injection have been discovered in MB connect line's Equipment- mymbCONNECT24, mbCONNECT24. Successful exploitation of these vulnerabilities can allow a remote attacker to gain unauthorized access to arbitrary information or allow remote code execution.
    CVE ID: CVE-2020-24569 (High), CVE-2020-24568 (High), CVE-2020-24570 (High)

  • Vulnerability in Exim SpamAssassin (18 Sep 2020)

    It has been discovered that Exim SpamAssassin does not properly handle configuration strings. An attacker can possibly use this issue to execute arbitrary code.
    CVE ID: CVE-2019-19920 (High)

  • Modsecurity security update (18 Sep 2020)

    It has been discovered that ModSecurity v3 enabled global regular expression matching which can result in denial of service. It is recommended to upgrade the modsecurity packages.
    CVE ID: CVE-2020-15598

  • Vulnerability in Apache ZooKeeper (17 Sep 2020)

    It has been discovered that Apache ZooKeeper as used by IBM QRadar SIEM is vulnerable due to the failure to check permissions by the getACL() command to information disclosure. A remote attacker by sending a specially-crafted request, can exploit this vulnerability to obtain sensitive information.
    CVE ID: CVE-2019-0201 (Medium)

  • Vulnerability in Parallels Remote Application Server (17 Sep 2020)

    It has been discovered that Parallels Remote Application Server (RAS) has a Business Logic Error causing remote code execution. This may allow an authenticated user to tamper with requests between Parallels Clients and backend servers resulting in unintended access to any server in the Parallels RAS Farm or other servers in the same internal domain. In addition, authenticated user may be able to launch and execute applications not made available via Parallels RAS filtering in the environment.
    CVE ID: CVE-2020-15860 (Critical)

  • Vulnerability in Email-Address-List (17 Sep 2020)

    It has been discovered that Email-Address-List does not properly parse email addresses during email-ingestion. A remote attacker can use this issue to cause an algorithmic complexity attack, resulting in a denial of service.
    CVE ID: CVE-2018-18898 (High)

  • Vulnerability in PulseAudio (17 Sep 2020)

    It has been discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle memory under certain error conditions in the Bluez 5 module. An attacker can use this issue to cause PulseAudio to crash, resulting in a denial of service, or possibly execute arbitrary code.
    CVE ID: CVE-2020-15710

  • Vulnerability in Spring of VMware (17 Sep 2020)

    A RFD Protection Bypass via jsessionid vulnerability has been discovered in Spring Framework of VMware. The affected versions are Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions.
    CVE ID: CVE-2020-5421 (High)

  • Multiple vulnerabilities in Wibu-Systems AG's Equipment (17 Sep 2020)

    Multiple vulnerabilities such as Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, and Improper Resource Shutdown or Release have been discovered in Wibu-Systems AG's Equipment- CodeMeter. Successful exploitation of these vulnerabilities can allow an attacker to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code execution, read heap data, and prevent normal operation of third-party software dependent on the CodeMeter.
    CVE ID: CVE-2020-14509 (Critical), CVE-2020-14517 (Critical), CVE-2020-14519 (High), CVE-2020-14513 (High), CVE-2020-14515 (High), CVE-2020-16233 (High)

  • Vulnerability in Advantech's Equipment (17 Sep 2020)

    Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in Advantech's Equipment- WebAccess Node. Successful exploitation of this vulnerability can allow an attacker to escalate their privileges.
    CVE ID: CVE-2020-16202 (High)

  • Multiple vulnerabilities in Philips' Equipment (17 Sep 2020)

    Multiple vulnerabilities such as Cross-site Request Forgery, Improper Neutralization of Script in Attributes in a Web Page, Protection Mechanism Failure, Algorithm Downgrade, and Configuration have been discovered in Philips' Equipment- Clinical Collaboration Platform. Successful exploitation of these vulnerabilities can allow an attacker to trick a user into executing unauthorized actions or provide the attacker with identifying information that can be used for subsequent attacks.
    CVE ID: CVE-2020-14506 (Low), CVE-2020-14525 (Low), CVE-2020-16198 (Medium), CVE-2020-16200 (Medium), CVE-2020-16247 (Medium)

  • Citrix security update (17 Sep 2020)

    Multiple vulnerabilities such as HTML Injection, denial of service, and escalation of privileges have been discovered in Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP appliance.
    CVE ID: CVE-2020-8245, CVE-2020-8246, CVE-2020-8247

  • Vulnerability in xawtv (17 Sep 2020)

    It has been discovered xawtv can be made to expose sensitive information and escalateuser privileges if it received specially crafted input. A local attacker can possibly use this issue to open and write to arbitrary files and escalate privileges.
    CVE ID: CVE-2020-13696 (Medium)

  • Multiple vulnerabilities in Perl DBI module (17 Sep 2020)

    It has been discovered that Perl DBI module incorrectly handled certain inputs and file. An attacker could possibly use this issue to execute arbitrary code and expose sensitive information respectively.
    CVE ID: CVE-2013-7490 (Medium), CVE-2014-10401 (Medium)

  • Vulnerability in Python (17 Sep 2020)

    Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization has been dicovered in Python. A remote attacker may be able to use a specially crafted URL to locate cookies or authentication data and send that information to a different host than when parsed correctly. The affected versions are Python 2.7.x through 2.7.16 and 3.x through 3.7.2.
    CVE ID: CVE-2019-9636 (Critical)

  • Incomplete SSL Server Certification Validation vulnerability in Trend Micro Security (16 Sep 2020)

    An incomplete SSL server certification validation vulnerability has been discovered in the Trend Micro Security 2019 (v15) consumer family of products, which can allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. It is recommended to upgarde to the latest versions of Trend Micro Security 2020 (version 16) and the newly release 2021 (version 17).
    CVE ID: CVE-2020-15604 (Low), CVE-2020-24560 (Low)

  • Apple releases security updates (16 Sep 2020)

    Apple has released security updates to address vulnerabilities in multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in Drupal (16 Sep 2020)

    Multiple vulnerabilities such as Information disclosure, Access bypass, and Cross-site scripting have been discovered in Drupal core.
    CVE ID: CVE-2020-13670, CVE-2020-13667, CVE-2020-13669, CVE-2020-13668, CVE-2020-13666

  • Vulnerability in StoreBackup (16 Sep 2020)

    It has been discovered that StoreBackup do not properly manage lock files. A local attacker can use this vulnerability to cause a denial of service or escalate privileges and run arbitrary code. This vulnerability can be mitigated by updating the system.
    CVE ID: CVE-2020-7040 (High)

  • XSS vulnerability in FortiOS SSLVPN Portal (16 Sep 2020)

    An improper neutralization of input during web page generation has been discovered in the SSL VPN portal of FortiOS which may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS). The affected versions are FortiOS version 6.2.1 and below, 6.0.8 and below and 5.6.12 and below.
    CVE ID: CVE-2019-15706 (Medium)

  • Vulnerability in MCabber (16 Sep 2020)

    It has been discovered that MCabber, a small Jabber (XMPP) console client does not properly manage roster pushes. An attacker could possibly use this vulnerability to remotely perform man-in-the-middle attacks.
    CVE ID: CVE-2016-9928 (High)

  • Vulnerability in websocket-extensions (16 Sep 2020)

    It has been discovered that websocket-extensions do not properly parse special headers. A remote attacker can use this vulnerability to cause regex backtracking, resulting in a denial of service.
    CVE ID: CVE-2020-7663 (High)

  • Trend Micro ServerProtect for Linux security update (15 Sep 2020)

    A command injection vulnerability has been discovered in Trend Micro ServerProtect for Linux can allow an attacker to execute arbitrary code on an affected system. The affected version is ServerProtect for Linux (SPLX) 3.0. It is recommended to update to the latest builds.
    CVE ID: CVE-2020-24561

  • Vulnerability in LuaJIT (15 Sep 2020)

    LuaJIT is a Just in time compiler for Lua programming language version 5.1. It has been discovered that an out-of-bounds read vulnerability existed in LuaJIT. An attacker can use this vulnerability to cause a denial of service (application crash) or possibly expose sensitive information.
    CVE ID: CVE-2020-15890 (High)

  • Vulnerability in GUPnP (15 Sep 2020)

    It has been discovered that GUPnP incorrectly handled certain subscription requests. A remote attacker with specially crafted network traffic can possibly use this issue to exfiltrate data or use GUPnP to perform DDoS attacks.
    CVE ID: CVE-2020-12695 (High)

  • Vulnerability in bsdiff (15 Sep 2020)

    bsdiff is used to generate or apply a patch between two binary files. It has been discovered that bsdiff mishandled certain input. If a user were tricked into opening a malicious file, an attacker could cause bsdiff to crash or potentially execute arbitrary code.
    CVE ID: CVE-2014-9862 (High)

  • Vulnerability in MilkyTracker (15 Sep 2020)

    It has been discovered that MilkyTracker, music creation tool, did not properly handle certain input. And if a user is tricked into opening a malicious file, an attacker can cause MilkyTracker to crash or potentially execute arbitrary code.
    CVE ID: CVE-2019-14464 (Medium), CVE-2019-14496 (High), CVE-2019-14497 (High)

  • Multiple vulnerabilities in IPTV encoder devices (15 Sep 2020)

    Multiple vulnerabilities have been discovered in various Video Over IP (Internet Protocol) encoder devices, also known as IPTV/H.264/H.265 video encoders. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code and perform other unauthorized actions on a vulnerable system.
    CVE ID: CVE-2020-24214, CVE-2020-24215, CVE-2020-24216, CVE-2020-24217, CVE-2020-24218, CVE-2020-24219

  • Multiple vulnerabilities in ENTTEC's Equipment (15 Sep 2020)

    Multiple vulnerabilities such as Use of Hard-coded Cryptographic Key, Cross-site Scripting, Improper Access Control, and Incorrect Permission Assignment for Critical Resource have been discovered in ENTTEC's Equipment- Datagate Mk2, Storm 24, Pixelator, E-Streamer Mk2. Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized SSH/SCP access to devices, inject malicious code, run commands with root privileges, and read, write, and execute files in system directories as any user.
    CVE ID: CVE-2019-12774 (Medium), CVE-2019-12775 (High), CVE-2019-12776 (High), CVE-2019-12777 (High)

  • Adobe Media Encoder security update (15 Sep 2020)

    Out-of-bounds read vulnerability has been discovered in Adobe Media Encoder that could lead to information disclosure in the context of the current user. The affected versions are Adobe Media Encoder 14.3.2 and earlier versions. It ie recommended to upgrade to Adobe Media Encoder 14.4.
    CVE ID: CVE-2020-9739, CVE-2020-9744, CVE-2020-9745

  • Vulnerability in GitLab (14 Sep 2020)

    It has been discovered that GitLab is vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. The affected versions are GitLab before version 13.3.4.
    CVE ID: CVE-2020-13300 (Critical)

  • Multiple vulnerabilities in VMware (14 Sep 2020)

    Multiple vulnerabilities such as privilege escalation, out-of-bounds read, denial of service, and information disclosure have been discovered in VMware Workstation, Fusion and Horizon Client.
    CVE ID: CVE-2020-3980 (Medium), CVE-2020-3986 (Medium), CVE-2020-3987 (Medium), CVE-2020-3988 (Medium), CVE-2020-3989 (Low), CVE-2020-3990 (Low)

  • Netgear security update (14 Sep 2020)

    Authentication Bypass vulnerability has been discovered in multiple products of Netgear. It is recommended to upgrade to the latest firmware.

  • Path traversal vulnerability in McAfee (14 Sep 2020)

    Path Traversal vulnerability has been discovered in Web Mail User Interface in McAfee Email Gateway (MEG). This vulnerability allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory. The affected versions are McAfee Email Gateway (MEG) prior to 7.6.406 Hotfix (HF) 1264651. It is recommended to upgrade to Email Gateway 7.6.406 HF 1264651.
    CVE ID: CVE-2020-7268 (Medium)

  • Vulnerability Summary (14 Sep 2020)

    Summary of vulnerabilities for the week of September 07, 2020.

  • mysql security update (14 Sep 2020)

    MySQL is a multi-user, multi-threaded SQL database server. Multiple vulnerabilities have been discovered in mysql packages. An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.

  • Vulnerability in cryptsetup (14 Sep 2020)

    It has been discovered that cryptsetup incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
    CVE ID: CVE-2020-14382

  • Vulnerability in Private Internet Access (PIA) VPN Client for Linux (14 Sep 2020)

    A vulnerability has been discovered in the Private Internet Access (PIA) VPN Client for Linux which allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. The affected versions are PIA VPN Client for Linux 1.5 through 2.3+.
    CVE ID: CVE-2020-15590

  • dovecot security update (14 Sep 2020)

    Dovecot is an IMAP server for Linux and other UNIX-like systems. Multiple vulnerabilities such as Resource exhaustion via deeply nested MIME parts, Out of bound reads in dovecot NTLM implementation, and Crash due to assert in RPA implementation have been discovered in dovecot. An update for dovecot is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.
    CVE ID: CVE-2020-12100 (High), CVE-2020-12673 (High), CVE-2020-12674 (High)

  • python-pip security update (11 Sep 2020)

    It has been discovered that there was a directory traversal attack in pip, the Python package installer. When an URL is given in an install command, as a Content-Disposition header is permitted to have ../ components in their filename, arbitrary local files (eg. /root/.ssh/authorized_keys) can be overidden. It is recommended to upgrade the python-pip packages.
    CVE ID: CVE-2019-20916 (High)

  • httpd security update (11 Sep 2020)

    A flaw has been discovered in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove() can lead to a crash and denial of service. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability.
    CVE ID: CVE-2020-9490 (High)

  • Adobe Flash end of life and changes to Configuration Source Management of QRadar Risk Manager (11 Sep 2020)

    Administrators with QRadar Risk Manager appliances in their deployment are being alerted to changes in Configuration Source Manager due to the approaching end of life of Adobe Flash. Due to removal of Adobe Flash, the Configuration Source Management (CSM) functionality is integrated in to the Configuration Monitor. The updated Configuration Monitor interface is available to administrators who upgrade their QRadar deployment in upcoming fix pack releases.

  • Vulnerability in X.Org X Server (10 Sep 2020)

    It has been discovered that the X.Org X Server incorrectly handled the input extension protocol, XkbSelectEvents function, XRecordRegisterClients function, XkbSetNames function, and incorrectly initialized memory. A local attacker could possibly use this issue to escalate privileges and obtain sensitive information.
    CVE ID: CVE-2020-14346, CVE-2020-14347, CVE-2020-14361, CVE-2020-14362, CVE-2020-14345

  • Vulnerability in HMS Networks' Equipment (10 Sep 2020)

    Permissive Cross-domain Policy with Untrusted Domains vulnerability has been discovered in HMS Networks' Equipment- Ewon Flexy and Cosy. Successful exploitation of this vulnerability could allow attackers to retrieve limited confidential information.
    CVE ID: CVE-2020-16230 (Low)

  • Vulnerability in FATEK Automation's Equipment (10 Sep 2020)

    Stack-based Buffer Overflow vulnerability has been discovered in FATEK Automation's Equipment- PLC WinProladder. Successful exploitation of this vulnerability could crash the device being accessed; a buffer overflow condition may cause a denial-of-service event and remote code execution.
    CVE ID: CVE-2020-10597 (High)

  • Vulnerability in IBM Java SDK and IBM Java Runtime affect IBM Db2 (10 Sep 2020)

    It has been discovered that in all fix pack levels of IBM Db2 V11.1, and V11.5 editions running on all platforms of IBM Java SDK a vulnerability related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
    CVE ID: CVE-2019-2949 (Medium)

  • Multiple vulnerabilities in Philips' Equipment (10 Sep 2020)

    Multiple vulnerabilities such as Improper Neutralization of Formula Elements in a CSV File, Cross-site Scripting, Improper Authentication, Improper Check for Certificate Revocation, Improper Handling of Length Parameter Inconsistency, Improper Validation of Syntactic Correctness of Input, Improper Input Validation, and Exposure of Resource to Wrong Sphere have been discovered in Philips' Equipment- Patient Information Center iX (PICiX); PerformanceBridge Focal Point; IntelliVue Patient Monitors MX100, MX400-MX850, and MP2-MP90; and IntelliVue X2, and X3. Successful exploitation of these vulnerabilities could result in unauthorized access, interrupted monitoring, and collection of access information and/or patient data.
    CVE ID: CVE-2020-16214 (Medium), CVE-2020-16218 (Low), CVE-2020-16222 (Medium), CVE-2020-16228 (Medium), CVE-2020-16224 (Medium), CVE-2020-16220 (Low), CVE-2020-16216 (Medium), and CVE-2020-16212 (Medium)

  • Buffer overflow vulnerability in PAN-OS (10 Sep 2020)

    A buffer overflow vulnerability has been discovered in PAN-OS, which allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. The affected versions are All versions of PAN-OS 8.0, PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, PAN-OS 9.0 versions earlier than PAN-OS 9.0.9, and PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.
    CVE ID: CVE-2020-2040 (Critical)

  • Vulnerability in AVEVA's Equipment (09 Sep 2020)

    SQL Injection vulnerability has been discovered in AVEVA™ Enterprise Data ManagementWebv2019 and all prior versions formerly known as eDNAWeb. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected device.

  • Multiple vulnerabilities in Palo Alto Networks PAN-OS (09 Sep 2020)

    Multiple vulnerabilities such as reflected cross-site scripting, denial of service, OS Command Injection, buffer overflow, uncontrolled resource consumption, and information exposure have been discovered in Palo Alto Networks PAN-OS.
    CVE ID: CVE-2020-2036 (High), CVE-2020-2041 (High), CVE-2020-2037 (High), CVE-2020-2038 (high), CVE-2020-2042 (High), CVE-2020-2039 (Medium), CVE-2020-2043 (Low), CVE-2020-2044 (Low)

  • Multiple vulnerabilities in McAfee Agent (09 Sep 2020)

    Multiple vulnerabilities have been discovered such as Privilege Escalation, DLL Search Order Hijacking & DLL Injection in McAfee Agent for Windows, and Privilege Escalation in McAfee Agent for MAC. The affected versions are McAfee Agent for Windows and MAC Prior to 5.6.6.
    CVE ID: CVE-2020-7311 (High), CVE-2020-7312 (High), CVE-2020-7315 (Medium), and CVE-2020-7314 (High)

  • Twilio Authy App security update (09 Sep 2020)

    A race condition vulnerability has been discovered in the Twilio Authy 2-Factor Authentication Application, which allows a user to potentially approve/deny an access request prior to unlocking the application with a pin on older Android devices, effectively bypassing the PIN requirement. The affected products are Twilio Authy App below 24.3.7.
    CVE ID: CVE-2020-24655

  • grunt security update (09 Sep 2020)

    An arbitrary code execution vulnerability has been discovered in grunt before 1.3.0, a Javascript task runner. This vulnerability occured due to the unsafe loading of YAML documents.
    CVE ID: CVE-2020-7729 (High)

  • Vulnerability in GnuTLS (09 Sep 2020)

    It has been discovered that GnuTLS could be made to crash or run programs if it received specially crafted network traffic.
    CVE ID: CVE-2020-24659 (Medium)

  • Vulnerability in Bluetooth (09 Sep 2020)

    It has been discovered that multiple devices supporting both Bluetooth BR/EDR and LE using Cross-Transport Key Derivation (CTKD) for pairing could allow a remote attacker to conduct a man-in-the-middle attack. If a device is within wireless range of a vulnerable Bluetooth device and becomes paired or bonded on a transport and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength, an attacker could exploit this vulnerability to conduct a man-in-the-middle attack between devices previously bonded to gain access to restricted profiles or services.
    CVE ID: CVE-2020-15802

  • Microsoft releases September 2020 security updates (08 Sep 2020)

    Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Android Security Bulletin (08 Sep 2020)

    The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-09-05 or later address all of these issues.

  • Google releases security updates for Chrome (08 Sep 2020)

    Google has released Chrome version 85.0.4183.102 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
    CVE ID: CVE-2020-6573, CVE-2020-6574, CVE-2020-6575, CVE-2020-6576, CVE-2020-15959

  • Adobe releases security updates (08 Sep 2020)

    Adobe has released security updates to address vulnerabilities in Adobe Experience Manager, Adobe Framemaker and Adobe InDesign. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in Siemens' Equipment (08 Sep 2020)

    Multiple vulnerabilities have been discovered in multiple products of Siemens. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in Linux kernel (08 Sep 2020)

    It has been discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
    CVE ID: CVE-2020-14386 (High)

  • OpenShift Container Platform jenkins-2-plugins security update (08 Sep 2020)

    Multiple vulnerabilities such as Information disclosure, Cross-site scripting, and Improper masking of secrets have been discovered in jenkins plugin. An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.4.
    CVE ID: CVE-2020-2181 (Medium), CVE-2020-2182 (Medium), CVE-2020-2190 (Medium), CVE-2020-2224 (Medium), CVE-2020-2225 (Medium), CVE-2020-2226 (Medium)

  • .NET Core bugfix and security update (08 Sep 2020)

    An ASP.NET cookie prefix spoofing vulnerability has been discovered in .NET Core. An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.
    CVE ID: CVE-2020-1045

  • go-toolset:rhel8 security update (08 Sep 2020)

    Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Multiple vulnerabilities have been discovered in golang. An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
    CVE ID: CVE-2020-14040 (High), CVE-2020-15586 (Medium), CVE-2020-16845 (High)

  • PHP security, bug fix, and enhancement update (08 Sep 2020)

    PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple vulnerabilities have been discovered in php package. An update for the php:7.3 module is now available for Red Hat Enterprise Linux 8.

  • Librepo security update (08 Sep 2020)

    The librepo library provides a C and Python API to download repository metadata. It has been discovered that a missing path validation in repomd.xml may lead to directory traversal. An update for librepo is now available for Red Hat Enterprise Linux 8.
    CVE ID: CVE-2020-14352 (High)

  • Vulnerability in IBM WebSphere Application Server (07 Sep 2020)

    A cross site scripting vulnerability has been discovered in IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On. The affected products are IBM Security Access Manager for Enterprise Single Sign-On 8.2.1, 8.2.2.
    CVE ID: CVE-2020-4575 (Medium)

  • Multiple vulnerabilities in Wibu-Systems AG's Equipment (07 Sep 2020)

    Multiple vulnerabilities such as Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, and Improper Resource Shutdown or Release have been discovered in Wibu-Systems AG's Equipment- CodeMeter. Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code execution, read heap data, and prevent normal operation of third-party software dependent on the CodeMeter.
    CVE ID: CVE-2020-14513 (High), CVE-2020-14519 (High), CVE-2020-14509 (Critical), CVE-2020-14517 (Critical), CVE-2020-16233 (High), CVE-2020-14515 (High)

  • Vulnerability Summary (07 Aug 2020)

    Summary of vulnerabilities for the week of August 31, 2020.

  • Vulnerability in Rust (06 Sep 2020)

    A vulnerability has been discovered in the sized-chunks crate for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement.
    CVE ID: CVE-2020-25796

  • netty security update (04 Sep 2020)

    Multiple vulnerabilities have been discovered in netty, a Java NIO client/server socket framework. The affected version of Netty is 1:4.1.7-2+deb9u2. It is recommended to upgrade the netty packages.
    CVE ID: CVE-2019-20444 (Critical), CVE-2019-20445 (Critical), CVE-2020-7238 (High), and CVE-2020-11612 (Critical)

  • dovecot security update (03 Sep 2020)

    Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. Multiple vulnerabilities have been discovered in dovecot. An update for dovecot is now available for Red Hat Enterprise Linux 7.
    CVE ID: CVE-2020-12674 (High), CVE-2020-12673 (High), CVE-2020-12100 (High)


  • Squid security update (03 Sep 2020)

    Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It has been discovered that HTTP Request Smuggling and HTTP Request Splitting could result in cache poisoning in squid. An update for the squid:4 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.1 Extended Update Support.
    CVE ID: CVE-2020-15810, CVE-2020-15811

  • Red Hat Data Grid security update (03 Sep 2020)

    Red Hat Data Grid is a distributed, in-memory datastore. It has been discovered that compression/decompression codecs don't enforce limits on buffer allocation sizes in netty and improper validation of certificate with host mismatch in SMTP appender in log4j.
    CVE ID: CVE-2020-11612 (Critical) and CVE-2020-9488 (Low)

  • Asyncpg security update (03 Sep 2020)

    It has been discovered that asyncpg allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder. The affected versions are asyncpg before 0.21.0. It is recommended to upgrade the asyncpg packages.
    CVE ID: CVE-2020-17446 (Critical)

  • Vulnerability in Accusoft ImageGear (01 Sep 2020)

    A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear. A specially crafted malformed file can cause a memory corruption. An attacker can provide a malicious file to trigger this vulnerability. The affected version is Accusoft ImageGear 19.7.

  • OpenShift Container Platform openshift security update (01 Sep 2020)

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. It has been discovered a Node disk DOS vulnerability exists while writing to container /etc/hosts. An update for openshift is now available for Red Hat OpenShift Container Platform 4.4.

  • Vulnerability in Mitsubishi Electric's Equipment (31 Aug 2020)

    Predictable Exact Value from Previous Values vulnerability has been discovered in Mitsubishi Electric's various equipments. Successful exploitation of this vulnerability could be used to hijack TCP sessions and allow remote command execution.

  • EAP Continuous Delivery Technical Preview Release 20 security update (31 Aug 2020)

    Red Hat JBoss Enterprise Application Platform (EAP) CD20 is a platform for Java applications based on the WildFly application runtime. Multiple vulnerabilities have been discovered in JBoss EAP Continuous Delivery 20.

  • Vulnerability Summary (31 Aug 2020)

    Summary of vulnerabilities for the week of August 24, 2020.

  • Vulnerability in Python-RSA (31 Aug 2020)

    It has been discovered that Python-RSA incorrectly handled certain ciphertexts. An attacker could possibly use this issue to obtain sensitive information.

  • apache2 security update (31 Aug 2020)

    Multiple vulnerabilities have been discovered in Apache HTTPD server. The apache2 packages are affected by these vulnerabilities. It is recommended to upgrade the apache2 packages.

  • Vulnerability in Shadankun Server Security Type (31 Aug 2020)

    It has been discovered that Shadankun Server Security Type is vulnerable to Denial of Service because newly detected attack source IP addresses can not be added as blocking targets for a certain time. The affected versions are Attack blocking Kun server security type Target product version 1.5.3 and earlier.

  • git security update (31 Aug 2020)

    Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. An update for git is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.

  • Vulnerability in flask-cors (31 Aug 2020)

    It has been discovered that flask-cors allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. The affected versions are flask-cors before 3.0.9.

  • Vulnerability in Bitdefender Endpoint Security Tools and Endpoint Security SDK (30 Aug 2020)

    It has been observed an improper authentication vulnerability in Bitdefender Endpoinit Security Tools for Windows and Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product’s security settings. This vulnerability affects Bitdefender Endpoinit Security Tools for Windows versions prior to 6.6.18.261; Endpoint Security SDK versions prior to 6.6.18.261.

  • Vulnerability in Kleopatra (30 Aug 2020)

    Kleopatra is a certificate manager and a universal crypto GUI. It has been discovered that the Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr and URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.

  • Multiple vulnerabilities in Cisco IOS XR Software DVMRP (29 Aug 2020)

    Multiple vulnerabilities have been discovered in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. These vulnerabilities could allow an unauthenticated, remote attacker to exhaust process memory of an affected device.

  • lilypond security update (29 Aug 2020)

    It has been discovered that Lilypond, a program for typesetting sheet music, do not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which can result in the execution of arbitrary code when rendering a typesheet file with embedded Postscript code. It is recommended to upgrade the lilypond packages.

  • openexr security update (29 Aug 2020)

    Multiple vulnerabilities have been discovered in OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files. It is recommended to upgrade the openexr packages.

  • mupdf security update (29 Aug 2020)

    A heap-based buffer overflow vulnerability has been discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if a malformed PDF file is opened.It is recommended to upgrade the mupdf packages.

  • Multiple vulnerabilities in baserCMS (27 Aug 2020)

    Multiple vulnerabilities such as Remote Code Execution (RCE) and Cross-Site Scripting(XSS) have been discovered in the management screen of baserCMS 4.3.6 and earlier. It is recommended to upgrade to the new version 4.3.7 or apply patch.

  • Multiple vulnerabilities in Squid (27 Aug 2020)

    It has been discovered that Squid incorrectly validated certain data and incorrectly handled certain Cache Digest response messages sent by trusted peers. A remote attacker could possibly use these vulnerabilities to perform an HTTP request smuggling attack, resulting in cache poisoning or cause Squid to consume resources, resulting in denial of service.

  • Vulnerability in Network Security Service library (27 Aug 2020)

    It has been discovered that NSS incorrectly handled some inputs. An attacker could possibly use this vulnerability to expose sensitive information.

  • bind9 security update (27 Aug 2020)

    Multiple vulnerabilities in BIND, a DNS server implementation, have been discovered. These vulnerabilities affected the bind9 packages. It is recommended to upgrade the bind9 packages.

  • Multiple vulnerabilities in OpenClinic GA Equipment (27 Aug 2020)

    Multiple vulnerabilities such as Authentication Bypass Using an Alternate Path or Channel, Improper Restriction of Excessive Authentication Attempts, Improper Authentication, Missing Authorization, Execution with Unnecessary Privileges, Unrestricted Upload of File with Dangerous Type, Path Traversal, Improper Authorization, Cross-site Scripting, Use of Unmaintained Third-Party Components, Insufficiently Protected Credentials, and Hidden Functionality have been discovered in OpenClinic GA Equipment. Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, discover restricted information, view/manipulate restricted database information, and/or execute malicious code.

  • Multiple vulnerabilities in Red Lion's Equipment (27 Aug 2020)

    Multiple vulnerabilities such as Reflected Cross-site Scripting, Stored Cross-site Scripting, Cross-site Request Forgery, Hidden Functionality, and Use of Unmaintained Third-Party Components have been discovered in Red Lion's Equipment- N-Tron 702-W / 702M12-W. Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to sensitive information, execute system commands, and perform actions in the context of an attacked user.

  • Cisco releases security updates for multiple products (26 Aug 2020)

    Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in NITORI App (26 Aug 2020)

    An Improper access control vulnerability has been discovered in NITORI App. A remote attacker may lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. The affected versions are NITORI App for Android versions 6.0.4 and earlier, and NITORI App for iOS versions 6.0.2 and earlier. It is recommended to update the App to the latest version.

  • Vulnerability in libmysofa (26 Aug 2020)

    It has been discovered that libmysofa incorrectly handled certain input files. An attacker could possibly use this vulnerability to cause a denial of service or other unspecified impact.

  • nginx security update (26 Aug 2020)

    It has been discovered that the Lua module for Nginx, a high-performance web and reverse proxy server, is prone to a HTTP request smuggling vulnerability. It is recommended to upgrade the nginx packages.

  • Multiple vulnerabilities in BIG-IP (26 Aug 2020)

    Multiple vulnerabilities have been discovered in BIG-IP products. An attacker could exploit these vulnerabilities to take control of an affected system.

  • CVE - KB Correlation (26 Aug 2020)

    List of CVE ID and corresponding Knowledge Base IDs as released by Microsoft during July 2020.

  • CVE - KB Correlation (26 Aug 2020)

    List of CVE ID and corresponding Knowledge Base IDs as released by Microsoft during June 2020.

  • Vulnerability in Nova live migration (26 Aug 2020)

    A vulnerability has been discovered in Nova live migration. This vulnerability occurs while performing soft reboot of an instance which has previously undergone live migration. The affected versions are Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0.

  • Vulnerability in ZTE Product (25 Aug 2020)

    It has been discovered that a ZTE product is impacted by the cryptographic vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability to account credential enumeration attack or brute-force attack for password guessing. The affected versions is ZXIPTV-WEB-PV5.09.08.04. It is recommended to upgrade to ZXIPTV-WEB-PV5.09.08.04P3 or later.

  • Vulnerability in McAfee Application and Change Control (25 Aug 2020)

    Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. It is recommended to upgrade to MACC 8.3.1.

  • Vulnerability in Joomla! (25 Aug 2020)

    It has been discovered that lack of escaping in mod_latestactions allows XSS attacks in Joomla!. The affected versions are Joomla! CMS versions 3.9.0 to 3.9.20. It is recommended to upgrade to version 3.9.21.

  • Google releases security updates for Chrome (25 Aug 2020)

    Google has released Chrome version 85.0.4183.83 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Mozilla releases security updates for Firefox, Firefox ESR, and Thunderbird (25 Aug 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in Aruba (25 Aug 2020)

    Multiple vulnerabilities such as Remote Unauthorized Access and Cross-Site Scripting have been discovered in the Aruba Intelligent Edge Switches web management interface. Successful exploitation of these vulnerabilities could result in unauthorized administrative access to the switch.

  • Vulnerability in WECON's Equipment (25 Aug 2020)

    Stack-based Buffer Overflow vulnerability has been discovered in WECON's Equipment- LeviStudioU. Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application.

  • Vulnerability in Emerson's Equipment (25 Aug 2020)

    Inadequate Encryption Strength vulnerability has been discovered in Emerson's Equipment- OpenEnterprise SCADA Software. Successful exploitation of this vulnerability could allow an attacker access to credentials held by OpenEnterprise used for accessing field devices and external systems.

  • Vulnerability in Advantech's Equipment (25 Aug 2020)

    Path Traversal vulnerability has been discovered in Advantech's Equipment- iView. Successful exploitation of this vulnerability could allow an attacker to read/modify information, execute arbitrary code, limit system availability, and/or crash the application.

  • kernel security and bug fix update (25 Aug 2020)

    The kernel packages contain the Linux kernel, the core of any Linux operating system. Null pointer dereference in search_keyring and heap-based buffer overflow in lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c have been discovered in kernel. An update for kernel is now available for Red Hat Enterprise Linux 6.

  • Buffer Overflow vulnerability in Dell EMC Isilon OneFS and Dell EMC PowerScale OneFS (24 Aug 2020)

    It has been discovered that Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart.

  • Citrix Hypervisor security update (24 Aug 2020)

    Multiple vulnerabilities have been identified in Citrix Hypervisor that may, in certain configurations, allow privileged code in an HVM guest VM to execute code in the control domain, potentially compromising the host. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix Hypervisor 8.2 LTSR.

  • Vulnerability Summary (24 Aug 2020)

    Summary of vulnerabilities for the week of August 17, 2020.

  • icingaweb2 security update (24 Aug 2020)

    A directory traversal vulnerability has been discovered in Icinga Web 2, a web interface for Icinga, which could result in the disclosure of files readable by the process. It is recommended to upgrade the icingaweb2 packages.

  • libjackson-json-java security update (24 Aug 2020)

    Several vulnerabilities have been discovered in libjackson-json-java, a Java JSON processor. It is recommended to upgrade the libjackson-json-java packages.

  • inetutils security update (24 Aug 2020)

    It has been discovered that in inetutils-telnetd, an implementation of a telnet daemon, arbitrary remote code execution might have been possible via short writes or urgent data. It is recommended to upgrade the inetutils-telnetd packages.

  • Vulnerability in wolfSSL TLS Client (24 Aug 2020)

    It has been discovered that wolfSSL incorrectly implements the TLS 1.3 client state machine. An attacker in a privileged position can read or modify communications between clients using the wolfSSL library and TLS 1.3 servers.

  • sqlite3 security update (22 Aug 2020)

    Multiple vulnerabilities have been discovered in sqlite3, a C library that implements an SQL database engine. It is recommended to upgrade the sqlite3 packages.

  • software-properties security update (22 Aug 2020)

    It has been discovered that an ansi escape sequence injection exists in software-properties, a manager for apt repository sources. An attacker could manipulate the screen of a user prompted to install an additional repository (PPA). It is recommended to upgrade the software-properties packages.

  • proftpd-dfsg security update (22 Aug 2020)

    Several memory leaks were discovered in proftpd-dfsg, a versatile, virtual-hosting FTP daemon, when mod_facl or mod_sftp is used which could lead to memory exhaustion and a denial-of-service. It is recommended to upgrade the proftpd-dfsg packages.

  • Foxit Studio Photo security update (21 Aug 2020)

    A vulnerability has been discovered in Foxit Studio Photo that could expose the application to Out-of-Bounds Write Information Disclosure vulnerability and crash if users were using PSD File tampered. The affected versions are Foxit Studio Photo 3.6.6.927 and earlier.

  • Multiple vulnerabilities in VMware (20 Aug 2020)

    Multiple vulnerabilities such as partial denial of service vulnerability in VMware ESXi and vCenter Server and Stored Cross-Site Scripting (XSS) vulnerability affecting VMware App Volumes have been discovered in VMware. The affected versions are ESXi 6.5, 6.7 and 7.0, vCenter Server 6.5, 6.7 and 7.0, Cloud Foundation (ESXi and vCenter) 3.x.x and 4.x.x, App Volumes 2.x and 4.

  • Multiple vulnerabilities in Treck Inc's Equipment (20 Aug 2020)

    Multiple vulnerabilities such as Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, and Improper Access Control have been discovered in Treck Inc's Equipment- TCP/IP. Successful exploitation of these vulnerabilities may allow remote code execution or exposure of sensitive information.

  • Multiple vulnerabilities in Philips' Equipment (20 Aug 2020)

    Multiple vulnerabilities such as Improper Input Validation, Improper Access Control, and Improper Authentication have been discovered in Philips' Equipment- SureSigns VS4. Successful exploitation of these vulnerabilities could allow an attacker access to administrative controls and system configurations, which could allow changes to system configuration items causing patient data to be sent to a remote destination.

  • Multiple vulnerabilities in Exment (19 Aug 2020)

    Multiple cross-site scripting vulnerabilities have been discovered in Exment. The affected versions are Exment versions below v3.6.0. It is recommended to upgrade to versions above v3.6.0.

  • Cisco releases security updates for multiple products (19 Aug 2020)

    Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • ruby-websocket-extensions security update (19 Aug 2020)

    It has been discovered that websocket-extensions ruby module allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. It is recommended to upgrade the ruby-websocket-extensions packages.

  • Multiple vulnerabilities in QEMU (19 Aug 2020)

    Multiple vulnerabilities have been discovered in QEMU. An attacker inside a guest or a remote attacker could possibly use these vulnerabilities to leak host memory to obtain sensitive information, cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code.

  • Vulnerability in curl (19 Aug 2020)

    It has been discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information.

  • Red Hat Quay security update (19 Aug 2020)

    It has been discovered that the build triggers in quay can disclose robot account names and existence of private repos within namespaces. An update is now available for Red Hat Quay 3.3.

  • Vulnerability in IBM Content Navigator (19 Aug 2020)

    It has been discovered that IBM Content Navigator is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. The affected versions are IBM Content Navigator 3.0.7 and 3.0.8.

  • Vulnerability in Rangee GmbH (19 Aug 2020)

    It has been discovered that the Kommbox component in Rangee GmbH RangeeOS could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible. The affected version is RangeeOS 8.0.4.

  • Google releases security updates for Chrome (18 Aug 2020)

    Google has released Chrome version 84.0.4147.135 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

  • Multiple vulnerabilities in Voidtools Everything Service (18 Aug 2020)

    Multiple vulnerabilities such as Privilege Escalation, Whitelist Bypass, and Persistancy have been discovered in voidtools Everything service. An attacker could take advantage of these vulnerabilities to achieve privilege escalation, persistence and possible whitelist bypass by using the technique of implanting an arbitrary unsigned dynamic link library which is executed by a signed service that runs as NT AUTHORITY\SYSTEM. All Everything versions prior to 1.4.1.990 that include the Everything service feature are affected by these vulnerabilities.

  • OpenShift Container Platform security update (18 Aug 2020)

    Stored XSS vulnerability has been discovered in jenkins-2-plugins of matrix project and DoS in python RSA. An update for jenkins-2-plugins and python-rsa is now available for Red Hat OpenShift Container Platform 4.5.

  • Vulnerability in GNOME Shell (18 Aug 2020)

    It has been discovered that GNOME Shell incorrectly handled the login screen password dialog. Sensitive information could possibly be exposed during user logout.

  • Multiple vulnerabilities in Linux kernel (18 Aug 2020)

    It has been discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions and the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A local attacker could possibly use these vulnerabilities to cause a denial of service.

  • Vulnerability in Ark (18 Aug 2020)

    It has been discovered that Ark did not properly sanitize zip archive files before performing extraction. An attacker could use this vulnerability to construct a malicious zip archive that, when opened, would create files outside the extraction directory.

  • Red Hat Ceph Storage security update (18 Aug 2020)

    Red Hat Ceph Storage is a scalable, open, software-defined storage platform. A HTTP header injection via CORS ExposeHeader tag has been discovered in radosgw of ceph. An update is now available for Red Hat Ceph Storage 3.3 on Ubuntu 16.04.

  • Dell EMC ECS Security Update (18 Aug 2020)

    Dell EMC ECS contains remediation for an Exposure of Resource Vulnerability that could be exploited by malicious users to compromise the affected system. The affected version is Dell EMC ECS versions prior to 3.5.

  • Vulnerability Summary (17 Aug 2020)

    Summary of vulnerabilities for the week of August 10, 2020.

  • libvncserver security update (17 Aug 2020)

    LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. A websocket decoding buffer overflow vulnerability has been discovered in libvncserver. An update for libvncserver is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.

  • Vulnerability in Oniguruma (17 Aug 2020)

    It has been discovered that Oniguruma incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact.

  • sane-backends security update (17 Aug 2020)

    Multiple vulnerabilities such as out-of-bounds read, heap buffer overflow, and NULL pointer dereference have been discovered in the epson2 and epsonds backends of SANE, a library for scanners. A malicious remote device could exploit these to trigger information disclosure, denial of service and possibly remote code execution. The affected versions are SANE Backends before 1.0.30. It is recommended to upgrade the sane-backends packages.

  • posgresql-9.6 security update (17 Aug 2020)

    An issue has been discovered in the PostgreSQL database system where an uncontrolled search path could allow users to run arbitrary SQL functions with elevated priviledges when a superuser runs certain `CREATE EXTENSION' statements. It is recommended to upgrade the posgresql-9.6 packages.

  • Vulnerability in Software Properties (17 Aug 2020)

    It has been discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen.

  • Apache Shiro security update (17 Aug 2020)

    It has been discovered that when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. The affected version is Apache Shiro 1.6.0.

  • libetpan security update (16 Aug 2020)

    It has been discovered that in libEtPan, a mail library, a STARTTLS response injection affects IMAP, SMTP, and POP3. It is recommended to upgrade the libetpan packages.

  • lucene-solr security update (16 Aug 2020)

    It has been discovered that the DataImportHandler of lucene-solr, has a feature in which the whole DIH configuration can come from a request's dataConfig parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. It is recommended to upgrade the lucene-solr packages.

  • htmlunit security update (15 Aug 2020)

    It has been discovered that a malicious JavaScript code was able to execute arbitrary Java code on htmlunit. It is recommended to upgrade the htmlunit packages.

  • Vulnerability in madlib-object-utils package (14 Aug 2020)

    madlib-object-utils is a small set of utility functions for working with objects. It has been discovered that madlib-object-utils package is vulnerable to Prototype Pollution via setValue. It is recommended to upgrade madlib-object-utils to version 0.1.7 or higher.

  • Vulnerability in Cloud Foundry CAPI (13 Aug 2020)

    It has been discovered that Cloud Foundry CAPI (Cloud Controller), when used in a deployment where an app domain is also the system domain, is vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer’s app handling some requests that were expected to go to certain system components. The affected Cloud Foundry Products are CAPI all versions prior to 1.97.0 and CF Deployment all versions prior to 13.12.0.

  • Multiple vulnerabilities in Salt (13 Aug 2020)

    It has been discovered that Salt allows remote attackers to determine which files exist on the server, bypass authentication perform command injection, incorrectly validated method calls and sanitized paths. An attacker could use these to extract sensitive information, execute arbitrary code or crash the server, and access some methods without authentication.

  • Multiple Vulnerabilities in Struts2 (13 Aug 2020)

    Multiple vulnerabilities have been discovered in Struts2. The affected versions are Struts 2.0.0 - 2.5.20. It is recommended to upgrade to Struts 2.5.22.

  • Vulnerability in Dell Encryption and Dell Endpoint Security Suite (12 Aug 2020)

    It has been discovered that Dell Encryption and Dell Endpoint Security Suite contain a privilege escalation vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. The affected products are Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8.

  • Multiple Vulnerabilities in Jenkins (12 Aug 2020)

    Multiple vulnerabilities have been discovered in Jenkins core and its plugins. The affected versions are Jenkins weekly up to and including 2.251, Jenkins LTS up to and including 2.235.3, Email Extension Plugin up to and including 2.73, Flaky Test Handler Plugin up to and including 1.0.4, Pipeline Maven Integration Plugin up to and including 3.8.2, and Yet Another Build Visualizer Plugin up to and including 1.11.

  • dovecot security update (12 Aug 2020)

    Multiple vulnerabilities have been discovered in the Dovecot email server. It is recommended to upgrade the dovecot packages.

  • Vulnerability in PAN-OS (12 Aug 2020)

    It has been discovered that when SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on the decrypted HTTPS web transactions but does not consider Server Name Indication (SNI) field within the TLS Client Hello handshake. This allows a compromised host in a protected network to evade any security policy that uses URL filtering on a firewall configured with SSL Decryption in the Forward Proxy mode. A malicious actor can then use this technique to evade detection of communication on the TLS handshake phase between a compromised host and a remote malicious server.

  • Vulnerability in Fuel CMS (12 Aug 2020)

    It has been discovered that Fuel CMS allows SQL Injection via parameter 'col' in pages/items, permissions/items, navigation/items and logs/items. Exploiting this vulnerability could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The affected versions are Fuel CMS 1.4.7.

  • Vulnerability in Concourse for VMware Tanzu (11 Aug 2020)

    It has been discovered that Concourse for VMware Tanzu in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. The affected versions are Concourse for VMware Tanzu 6.3 versions prior to 6.3.1. It is recommended to upgrade to Concourse for VMware Tanzu 6.3.1.

  • Vulnerability in Teradici PCoIP Management Console (11 Aug 2020)

    Reflected Cross Site Scripting vulnerability has been discovered in Teradici PCoIP Management Console that could allow an attacker to take over the user's active session if the user is exposed to a malicious payload. The affected versions are Teradici PCoIP Management Console prior to 20.07. It is recommended to update to Management Console 20.07 or later.

  • Vulnerability in IBM Event Streams (11 Aug 2020)

    It has been discovered that a vulnerability exists in the IBM Event Streams schema registry that allows unauthorized access to create, edit and delete schemas. The affected version is IBM Event Streams 10.0.0.

  • Citrix Endpoint Management (CEM) security update (11 Aug 2020)

    Multiple vulnerabilities have been discovered in Citrix Endpoint Management (CEM), also referred to as XenMobile. The versions of Citrix Endpoint Management (CEM) affected by these vulnerabilities are XenMobile Server 10.12 before RP2, XenMobile Server 10.11 before RP4, XenMobile Server 10.10 before RP6, XenMobile Server 10.11 before RP6, XenMobile Server 10.12 before RP3, and XenMobile Server before 10.9 RP5.

  • Adobe releases security updates (11 Aug 2020)

    Adobe has released security updates to address vulnerabilities affecting Adobe Acrobat, Reader, and Lightroom. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Microsoft releases August 2020 security updates (11 Aug 2020)

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Spoofing vulnerability in Windows (11 Aug 2020)

    It has been discovered that a spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.

  • Scripting Engine Memory Corruption vulnerability in Microsoft (11 Aug 2020)

    It has been discovered that a remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

  • SAP releases August 2020 security updates (11 Aug 2020)

    SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. This includes a cross-site scripting vulnerability (CVE-2020-6284) in NetWeaver (Knowledge Management).

  • Multiple vulnerabilities in Siemens' Equipment (11 Aug 2020)

    Multiple vulnerabilities have been discovered in multiple products of Siemens. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in Tridium's Equipment (11 Aug 2020)

    Synchronous Access of Remote Resource without Timeout vulnerability has been discovered in Tridium's Equipment- Niagara. Successful exploitation of this vulnerability could result in a denial-of-service condition.

  • Vulnerability in Schneider Electric's Equipment (11 Aug 2020)

    Path Traversal vulnerability has been discovered in Schneider Electric's Equipment- APC Easy UPS On-Line. Successful exploitation of these vulnerabilities could lead to remote code execution.

  • Multiple vulnerabilities in Yokogawa's Equipment (11 Aug 2020)

    Multiple vulnerabilities such as Improper Authentication, and Path Traversal have been discovered in Yokogawa's Equipment- CENTUM. Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to send tampered communication packets or create/overwrite any file and run any commands.

  • Multiple vulnerabilities in CyberMail (11 Aug 2020)

    It has been discovered that an arbitrary script may be executed on the user's web browser, and when accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. The affected versions are CyberMail Ver.6.x, and CyberMail Ver.7.x.

  • McAfee Security Bulletin (11 Aug 2020)

    Multiple vulnerabilities such as Improper Authorization, Cross site scripting, Unrestricted Upload of File with Dangerous Type, Cross-site request forgery, Privilege escalation vulnerability, and Unprotected Storage of Credentials have been discovered in Data Loss Prevention for Mac agent and Data Loss Prevention ePO extension of McAfee.

  • Multiple vulnerabilities in Intel products (11 Aug 2020)

    Multiple vulnerabilities have been discovered in multiple products of Intel.

  • Apple releases security updates for iCloud for Windows (10 Aug 2020)

    Apple has released security updates to address vulnerabilities in iCloud for Windows 7.20 (for Windows 7 and later) and 11.3 (for Windows 10 and later). An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Google releases security updates for Chrome (10 Aug 2020)

    Google has released Chrome version 84.0.4147.125 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Vulnerability Summary (10 Aug 2020)

    Summary of vulnerabilities for the week of August 03, 2020.

  • libvncserver security update (10 Aug 2020)

    LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. A websocket decoding buffer overflow vulnerability has been discovered in libvncserver. An update for libvncserver is now available for Red Hat Enterprise Linux 8.

  • Vulnerability in Network Security Service (10 Aug 2020)

    It has been discovered that Network Security Service (NSS) incorrectly handled certain signatures. An attacker could possibly use this vulnerability to expose sensitive information.

  • bind security update (10 Aug 2020)

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. It has been discovered that BIND does not sufficiently limit the number of fetches performed when processing referrals and a logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c. An update for bind is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support.

  • Vulnerability in Samba (10 Aug 2020)

    Samba is a SMB/CIFS file, print, and login server for Unix. It has been discovered that Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT server. A remote attacker could possibly use this vulnerability to cause Samba to crash, resulting in a denial of service.

  • ruby-kramdown security update (09 Aug 2020)

    It has been discovered that ruby-kramdown processes the template option inside Kramdown documents by default, which allows unintended read access or unintended embedded Ruby code execution. It is recommended to upgrade the ruby-kramdown packages.

  • Vulnerability in User Portal of XG Firewall (07 Aug 2020)

    Post-authentication command injection vulnerability has been discovered in the User Portal of Sophos XG Firewall. The affected versions are Sophos XG Firewall v18.0 MR1-Build396 and older and Sophos XG Firewall v17.5 MR12 and older. It is recommended to upgrade the XG Firewall to SFOS v18.

  • CloudForms 5.0.7 bug fix and enhancement update (06 Aug 2020)

    Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. Multiple vulnerabilities have been discovered in CloudForms. An update is now available for CloudForms Management Engine 5.11.

  • firejail security update (06 Aug 2020)

    Multiple vulnerabilities have been discovered in firejail, a sandbox program to restrict the running environment of untrusted applications. It is recommended to upgrade the firejail packages.

  • Multiple vulnerabilities in Delta Electronics' Equipment (06 Aug 2020)

    Multiple vulnerabilities such as Out-of-bounds Read, Stack-based Buffer Overflow, Heap-based Buffer Overflow, Write-what-where Condition, and Improper Input Validation have been discovered in Delta Electronics' Equipment- TPEditor. Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.

  • Vulnerability in Geutebrück's Equipment (06 Aug 2020)

    OS Command Injection vulnerability has been discovered in Geutebrück's Equipment- G-Cam and G-Code. Successful exploitation of this vulnerability could allow remote code execution as root.

  • Vulnerability in Multiple Trailer and Brake Manufacturers' Equipment (06 Aug 2020)

    Exposure of Sensitive Information Through Sent Data vulnerability has been discovered in Multiple Trailer and Brake Manufacturers' Equipment- Power Line Communications Bus / PLC4TRUCKS / J2497. Successful exploitation of these vulnerabilities could make it possible to read PLC signals using active antennas reliably at 6 feet and up to 8 feet away, subject to environmental conditions.

  • gupnp security update (06 Aug 2020)

    A vulnerability has been discovered in the SUBSCRIBE method of UPnP, a network protocol for devices to automatically discover and communicate with each other. Insuficient checks on this method allowed attackers to use vulnerable UPnP services for DoS attacks or possibly to bypass firewalls. It is recommended to upgrade the gupnp packages.

  • Multiple vulnerabilities in Advantech's Equipment (06 Aug 2020)

    Multiple vulnerabilities such as Heap-based Buffer Overflow, Out-of-bounds Read, Out-of-bounds Write, Type Confusion, Stack-based Buffer Overflow, and Double Free have been discovered in Advantech's Equipment- WebAccess HMI Designer. Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.

  • GitLab security update (05 Aug 2020)

    Multiple vulnerabilities have been discovered in GitLab. GitLab has released versions 13.2.3, 13.1.6 and 13.0.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important security fixes, and it is strongly recommended that all GitLab installations be upgraded to one of these versions immediately.

  • Multiple vulnerabilities in temi (05 Aug 2020)

    Multiple vulnerabilities such as Use of Hard-Coded Credentials, Origin Validation Error, Missing Authentication for Critical Function, and Authentication Bypass Using an Alternate Path of Channel have been discovered in temi, a teleconference robot produced by Robotemi Global Ltd. These vulnerabilities could be used by a malicious actor to spy on temi’s video calls, intercept calls intended for another user, and even remotely operate temi – all with zero authentication.

  • Cisco releases security updates for multiple products (05 Aug 2020)

    Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • MySQL security update (05 Aug 2020)

    Multiple vulnerabilities have been discovered and fixed in MySQL. The new upstream version changed compiler options and caused a regression in certain scenarios. These vulnerabilities have been fixed in the updated version of MySQL 8.0.21 and MySQL 5.7.31.

  • json-c security update (05 Aug 2020)

    An integer overflow vulnerability has been discovered in the json-c JSON library, which could result in denial of service or potentially the execution of arbitrary code if large malformed JSON files are processed. It is recommended to upgrade the json-c packages.

  • Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server (05 Aug 2020)

    Multiple vulnerabilities have been discovered in the IBM SDK, Java Technology Edition that is shipped with IBM WebSphere Application Server. These vulnerabilities might affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition.

  • Vulnerability in PCRE (04 Aug 2020)

    It has been discovered that libpcre in PCRE allows an integer overflow via a large number after a (?C substring. An attacker may be able cause an integer overflow that negatively impacts applications. The affected versions are PCRE before 8.44.

  • Multiple vulnerabilities in Delta Electronics' Equipment (04 Aug 2020)

    Multiple vulnerabilities such as Stack-based Buffer Overflow, Out-of-bounds Read, and Access of Uninitialized Pointer have been discovered in Delta Electronics' Equipment- Industrial Automation CNCSoft ScreenEditor. Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.

  • Multiple vulnerabilities in Treck Inc's Equipment (04 Aug 2020)

    Multiple vulnerabilities such as Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, and Improper Access Control have been discovered in Treck Inc's Equipment- TCP/IP. Successful exploitation of these vulnerabilities may allow remote code execution or exposure of sensitive information.

  • Vulnerability in libvirt (04 Aug 2020)

    It has been discovered that the libvirt package sets incorrect permissions on the UNIX domain socket. A local attacker could use this vulnerability to access libvirt and escalate privileges.

  • Vulnerability in Point-to-Point Protocol (04 Aug 2020)

    It has been discovered that that Point-to-Point Protocol (ppp) incorrectly handled module loading. A local attacker could use this vulnerability to load arbitrary kernel modules and possibly execute arbitrary code.

  • Multiple vulnerabilities in Whoopsie (04 Aug 2020)

    It has been discovered that Whoopsie incorrectly handled memory and parsing files. A local attacker could use these vulnerabilities to cause Whoopsie to consume memory or crash, resulting in a denial of service or possibly execute arbitrary code.

  • Multiple vulnerabilities in Apport (04 Aug 2020)

    It has been discovered that Apport incorrectly dropped privileges when making certain D-Bus calls, parsed configuration files, and implemented certain checks. A local attacker could use these vulnerabilities to read arbitrary files, cause Apport to crash, escalate privileges and run arbitrary code.

  • libx11 security update (04 Aug 2020)

    An integer overflows vulnerability exists in libX11, that could lead to heap corruption when processing crafted messages from an input method. It is recommended to upgrade the libx11 packages.

  • net-snmp security update (04 Aug 2020)

    A privilege escalation vulnerability has been discovered in Net-SNMP, a set of tools for collecting and organising information about devices on computer networks, due to incorrect symlink handling. It is recommended to upgrade the net-snmp packages.

  • kpatch-patch security update (04 Aug 2020)

    kpatch-patch is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Multiple vulnerabilities have been discovered in kpatch's kernel. An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.

  • Android Security Bulletin (03 Aug 2020)

    The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-08-05 or later address all of these issues.

  • Taidoor malware (03 Aug 2020)

    It has been spotted that Taidoor malware is being used in new attacks. The new Taidoor samples have versions for 32- and 64-bit systems and are usually installed on a victim's systems as a service dynamic link library (DLL). This DLL file, in turn, contains two other files. The first file is a loader, which is started as a service. The loader decrypts the second file, and executes it in memory, which is the main Remote Access Trojan (RAT).

  • Android Security Bulletin (03 Aug 2020)

    The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-08-05 or later address all of these issues.

  • Information disclosure vulnerability in Atlassian FishEye (03 Aug 2020)

    It has been discovered that Atlassian FishEye allow remote attackers to view the HTTP password of a repository via an information disclosure vulnerability in the logging feature. The affected versions are Atlassian FishEye version < 4.8.3. The fixed versions are Atlassian FishEye version 4.8.3 and 4.9.0.

  • Vulnerability Summary (03 Aug 2020)

    Summary of vulnerabilities for the week of July 27, 2020.

  • zabbix security update (03 Aug 2020)

    It has been discovered that there was a potential cross-site scripting vulnerability via iframe HTML elements in Zabbix, a PHP-based monitoring system. It is recommended to upgrade the zabbix packages.

  • Multiple vulnerabilities in Squid (03 Aug 2020)

    It has been discovered that Squid incorrectly handled caching certain requests, URN requests, URL decoding, and input validation. A remote attacker could possibly use these vulnerabilities to perform cache-injection attacks or gain access to reverse proxy features, bypass access checks, bypass certain rule checks, and cause Squid to crash, resulting in a denial of service respectively.

  • BIND security update (03 Aug 2020)

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. It has been discovered that BIND does not sufficiently limit the number of fetches performed when processing referrals. An update for bind is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.

  • Multiple vulnerabilities in SQLite (03 Aug 2020)

    It has been discovered that SQLite incorrectly handled certain shadow tables, corrupt records, and errors during parsing. An attacker could exploit these vulnerabilities to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

  • Vulnerability in Ghostscript (03 Aug 2020)

    It has been discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code.

  • libvncserver security update (03 Aug 2020)

    LibVNCServer is a C library that enables to implement VNC server functionality into own programs. A websocket decoding buffer overflow vulnerability has been discovered that libvncserver. An update for libvncserver is now available for Red Hat Enterprise Linux 7.

  • Privilege escalation vulnerability in SKYSEA Client View (03 Aug 2020)

    It has been discovered that SKYSEA Client View provided by Sky Co. LTD. is vulnerable to privilege escalation. A user who can login to the PC where the product is installed may obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations. The affected products are SKYSEA Client View Version 12.200.12n to 15.210.05f. It is recommended to apply the patch.

  • evolution-data-server security update (03 Aug 2020)

    It has been discovered that Evolution Data Server has a vulnerability that allows a malicious server to crash the mail client. It is recommended to upgrade the evolution-data-server packages.

  • libopenmpt security update (02 Aug 2020)

    It has been discovered that in libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow. It is recommended to upgrade the libopenmpt packages.

  • libpam-radius-auth security update (01 Aug 2020)

    It has been discovered that `add_password` in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors. It is recommended to upgrade the libpam-radius-auth packages.

  • Pre-authentication command injection on R8300 (31 Jul 2020)

    NETGEAR has released a fix for a pre-authentication command injection security vulnerability in R8300. The affected versions are R8300 running firmware versions prior to 1.0.2.134.

  • ark security update (31 Jul 2020)

    It has been discovered that the Ark archive manager did not sanitize extraction paths, which could result in maliciously crafted archives writing outside the extraction directory. It is recommended to upgrade the ark packages.

  • Multiple vulnerabilities in IBM Java SDK (31 Jul 2020)

    Multiple vulnerabilities have been discovered in IBM SDK Java Technology Edition. The affected Versions are 7, 7.1, and 8 used by AIX.

  • Multiple vulnerabilities in Hitachi products (31 Jul 2020)

    Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center.

  • Vulnerability in Philips' Equipment (30 Jul 2020)

    Insertion of Sensitive Information into Log File vulnerability has been discovered in Philips' Equipment- DreamMapper. Successful exploitation of this vulnerability could allow an attacker access to the log file information containing descriptive error messages.

  • Red Hat build of Quarkus 1.3.4 SP1 release and security update (30 Jul 2020)

    Multiple vulnerabilities such as XML external entity (XXE), and Caching routes have been discovered in PgSQLXML and RootNode respectively of Quarkus. An update is now available for Red Hat build of Quarkus.

  • kdepim-runtime security update (30 Jul 2020)

    It was discovered that there was an issue where kdepim-runtime would default to using unencrypted POP3 communication despite the UI indicating that encryption was in use. It is recommended to upgrade the kdepim-runtime packages.

  • Multiple vulnerabilities DaviewIndy (30 Jul 2020)

    Multiple vulnerabilities such as Use-After-Free, and Heap-based overflow have been discovered in DaviewIndy. An attackers could exploit these vulnerabilities to cause arbitrary code execution. It is recommended to update software over DaviewIndy 8.98.8 version or higher.

  • Vulnerability in Inductive Automation's Equipment (30 Jul 2020)

    Missing Authorization vulnerability has been discovered in Inductive Automation's Equipment- Ignition 8. Successful exploitation of this vulnerability could allow an attacker to gain access to sensitive information.

  • Multiple vulnerabilities in Mitsubishi Electric's Equipment (30 Jul 2020)

    Multiple vulnerabilities such as Permission Issues, Path Traversal, and Unquoted Search Path or Element have been discovered in Mitsubishi Electric's Equipment- Multiple Factory Automation Engineering Software products, Factory Automation products, and Factory Automation Engineering products. Successful exploitation of this vulnerability may enable the reading of arbitrary files, allow execution of a malicious binary, obtain unauthorized information, tamper the information, and cause a denial-of-service condition.

  • Multiple vulnerabilities in WebKitGTK and WPE WebKit (29 Jul 2020)

    Multiple vulnerabilities such as command injection, use-after-free, out-of-bounds read, access issue, and cross site scripting have been discovered in WebKitGTK and WPE WebKit. The affected versions are WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4.

  • Vulnerability in Toyota Motor's Global TechStream (29 Jul 2020)

    It has been discovered that Toyota Motor's Global TechStream (GTS) contains a buffer overflow vulnerability. An attacker may execute arbitrary code or cause a denial of service (DoS) condition. The affected products are Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earlier.

  • Red Hat Process Automation Manager 7.8.0 security update (29 Jul 2020)

    Multiple vulnerabilities have been discovered in Red Hat Process Automation Manager 7.7.1. It is recommended to upgrade to Red Hat Process Automation Manager 7.8.0.

  • Cisco releases security updates for multiple products (29 Jul 2020)

    Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • openstack-tripleo-heat-templates security update (29 Jul 2020)

    openstack-tripleo-heat-templates is a collection of OpenStack Orchestration templates and tools (codename heat), which can be used to help deploy OpenStack. It has been discovered that there is no sVirt protection for OSP16 VMs due to disabled SELinux in openstack-tripleo-heat-templates. An update for openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 16.1 (Train).

  • grub2 security update (29 Jul 2020)

    Multiple vulnerabilities such as arbitrary code execution, arithmetic overflow, heap-based buffer overflow, and use-after-free have been discovered in the GRUB2 bootloader. It is recommended to upgrade the grub2 packages.

  • Netwalker ransomware (28 Jul 2020)

    It has been discovered that once an actor has infiltrated a network with Netwalker, a combination of malicious programs may be executed to harvest administrator credentials, steal valuable data, and encrypt user files. In order to encrypt the user files on a victim network, the actors typically launch a malicious PowerShell script embedded with the Netwalker ransomware executable. Two of the most common vulnerabilities exploited by actors using Netwalker are Pulse Secure VPN (CVE-2019-11510) and Telerik UI (CVE-2019-18935).

  • Stored XSS vulnerability in Nagios Log Server (28 Jul 2020)

    Nagios Log Server is a popular Centralized Log Management, Monitoring, and Analysis software that allows organizations to view, sort, and configure logs. It has been discovered that Nagios Log Server version 2.1.6 was vulnerable to Stored XSS. An attacker (in this case, an authenticated regular user) could exploit this vulnerability to execute malicious JavaScript aimed to steal cookies, redirect users, perform arbitrary actions on the victim’s (in this case, an admin’s) behalf, logging their keystroke and more. It is recommended to update the application to the latest version.

  • Mozilla releases security updates for multiple products (28 Jul 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox 79, Firefox for iOS 28, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Magento security update (28 Jul 2020)

    Magento has released updates for Magento Commerce 2 (formerly known as Magento Enterprise Edition) and Magento Open Source 2 (formerly known as Magento Community Edition). Successful exploitation could lead to arbitrary code execution and signature verification bypass.

  • Multiple vulnerabilities in Delta Electronics' Equipment (28 Jul 2020)

    Multiple vulnerabilities such as Out-of-bounds Read, and Heap-based Buffer Overflow have been discovered in Delta Electronics' Equipment- Delta Industrial Automation DOPSoft. Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.

  • luajit security update (28 Jul 2020)

    luajit is a just in time compiler for Lua. It has been discovered that an out-of-bounds read could happen if __gc handler frame traversal is mishandled. It is recommended to upgrade the luajit packages.

  • Multiple vulnerabilities in Softing Industrial Automation's Equipment (28 Jul 2020)

    Multiple vulnerabilities such as Heap-based Buffer Overflow, and Uncontrolled Resource Consumption have been discovered in Softing Industrial Automation's Equipment- OPC. Successful exploitation of these vulnerabilities could crash the device being accessed. A buffer-overflow condition may also allow remote code execution.

  • Multiple vulnerabilities in Sympa (28 Jul 2020)

    Sympa is a modern mailing list manager. It has been discovered that Sympa incorrectly handled HTTP GET/POST requests, URL parameters and environment variables. An attacker could possibly use this issue to insert, edit or obtain sensitive information, perform XSS attacks and gain root privileges respectively.

  • postgresql-jdbc security update (28 Jul 2020)

    PostgreSQL is an advanced object-relational database management system. XML external entity (XXE) vulnerability has been discovered in PgSQLXML of postgresql-jdbc. An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8.

  • curl security update (28 Jul 2020)

    curl is a command line tool for transferring data with URL syntax. It has been discovered that when using -J (--remote-header-name) and -i (--include) in the same command line, a malicious server could force curl to overwrite the contents of local files with incoming HTTP headers. It is recommended to upgrade the curl packages.

  • salt security update (28 Jul 2020)

    Multiple vulnerabilities have been discovered in salt, these vulnerabilities are related to remote hackers bypassing authentication to execute arbitrary commands and getting informations about files on the server. It is recommended to upgrade the salt packages.

  • Multiple vulnerabilities in Secomea's Equipment (28 Jul 2020)

    Multiple vulnerabilities such as Improper Neutralization of Null Byte or NUL Character, Off-by-one Error, Use of Hard-coded Credentials, and Use of Password Hash with Insufficient Computational Effort have been discovered in Secomea's Equipment- GateManager. Successful exploitation of these vulnerabilities could allow a remote attacker to gain remote code execution on the device.

  • Google releases security updates for Chrome (27 Jul 2020)

    Google has released Chrome version 84.0.4147.105 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Vulnerability Summary (27 Jul 2020)

    Summary of vulnerabilities for the week of July 20, 2020.

  • Vulnerability in SQLite (27 Jul 2020)

    It has been discovered that SQLite incorrectly handled query-flattener optimization. An attacker could use this vulnerability to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

  • Vulnerability in libslirp (27 Jul 2020)

    It has been discovered that libslirp incorrectly handled replying to certain ICMP echo requests. A remote attacker could possibly use this issue to cause libslirp to crash, resulting in a denial of service.

  • Multiple vulnerabilities in librsvg (27 Jul 2020)

    It has been discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use these vulnerabilities to cause librsvg to consume resources or crash, resulting in a denial of service.

  • MilkyTracker security update (27 Jul 2020)

    Multiple vulnerabilities such as Heap-based buffer overflow, Stack-based buffer overflow, and Use-after-free have been fixed in MilkyTracker, a music tracker for composing music in the MOD and XM module file formats. It is recommended to upgrade the milkytracker packages.

  • Multiple vulnerabilities in Pulse Connect Secure and Pulse Policy Secure (27 Jul 2020)

    Multiple vulnerabilities have been discovered and resolved in Pulse Connect Secure and Pulse Policy Secure. It is recommended to upgrade the Pulse Connect Secure and Pulse Policy Secure server software version to the 9.1R8.

  • Vulnerability in IBM QRadar Advisor (23 Jul 2020)

    It has been discovered that the IBM QRadar Advisor with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. The affected versions are Qradar Advisor 1.1 - 2.5.2. It is recommended to update to 2.5.3.

  • Poppler security update (23 Jul 2020)

    Multiple vulnerabilities have been discovered in Poppler, a PDF rendering library, that could lead to denial of service or possibly other unspecified impact when processing maliciously crafted documents. It is recommended to upgrade the poppler packages.

  • Vulnerability in Pillow (23 Jul 2020)

    It has been discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted image file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service.

  • Improper Authorization vulnerability in Huawei smartphones (22 Jul 2020)

    It has been discovered that there is an improper authorization vulnerability in several Huawei smartphones. The software does not properly restrict certain operation in certain scenario, the attacker should do certain configuration before the user turns on student mode function. Successful exploitation could allow the attacker to bypass the limit of student mode function. The affected products are HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8).

  • openstack-keystone security update (22 Jul 2020)

    The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. It has been discovered that EC2 and credential endpoints are not protected from a scoped context and Credentials endpoint policy logic allows changing credential owner and target project ID. An update for openstack-keystone is now available for Red Hat OpenStack Platform 10 (Newton).

  • Cross-site scripting vulnerability in IBM FileNet Content Manager (22 Jul 2020)

    It has been discovered that IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • java-1.8.0-openjdk security update (22 Jul 2020)

    The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple vulnerabilities have been discovered in openjdk. An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.

  • Multiple vulnerabilities in FFmpeg (22 Jul 2020)

    It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data, incorrectly handled sscanf failures, WEBM files, AVI files, JPEG files, M3U8 files. An attacker could possibly use these issues to cause denial of service, obtain sensitive data or other unspecified impact.

  • Cisco releases security updates for ASA and FTD software (22 Jul 2020)

    A vulnerability has been discovered in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software that could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system.

  • Vulnerability in Jetty (21 Jul 2020)

    It has been discovered that when a specific response header has a value that is too long, Jetty will throw an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. This may lead to disclosure of sensitive data. The affected versions are 9.4.27.v20200227, 9.4.28.v20200408, and 9.4.29.v20200521.

  • Adobe releases security updates for multiple products (21 Jul 2020)

    Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Citrix releases security updates for Workspace App for Windows (21 Jul 2020)

    A vulnerability has been discovered in the automatic update service of Citrix Workspace app for Windows that could result in a local user escalating their privilege level to that of an administrator on the computer running Citrix Workspace app for Windows and a remote compromise of the computer running Citrix Workspace app when Windows file sharing (SMB) is enabled. The affected versions are Citrix Workspace app for Windows 1912 LTSR and Citrix Workspace app for Windows 2002.

  • Multiple vulnerabilities in Treck Inc.'s Equipment (21 Jul 2020)

    Multiple vulnerabilities such as Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, and Improper Access Control have been discovered in Treck Inc.'s Equipment- TCP/IP. Successful exploitation of these vulnerabilities may allow remote code execution or exposure of sensitive information.

  • Vulnerability in fast-http package (20 Jun 2020)

    fast-http is a library that allows you to create a tiny web server. It has been discovered that the fast-http packages are vulnerable to Directory Traversal. There is no path sanitization in the path provided at fs.readFile in index.js.

  • Vulnerability in Uvicorn (20 Jul 2020)

    Uvicorn is a lightning-fast ASGI server. It has been discovered that Uvicorn's implementation of the HTTP protocol for the httptools parser is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.

  • Vulnerability Summary (20 Jul 2020)

    Summary of vulnerabilities for the week of July 13, 2020.

  • Multiple vulnerabilities in SAINT (17 Jul 2020)

    Multiple vulnerabilities such as SQL injection and cross-site scripting have been discovered in SAINT. An attacker would need an account on the SAINT system in order to exploit the SQL injection vulnerabilities. An authenticated SAINT user would need to click on a malicious link or button provided by an attacker in order for the cross-site scripting vulnerabilities to be exploited. It is recommended to upgrade to SAINT 9.8.21 or higher.

  • Mozilla releases security update for Thunderbird (16 Jul 2020)

    Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Elevation of Privilege vulnerability in Microsoft Edge (16 Jul 2020)

    An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when DLL files are allowed to download without prompting additional warning to the user. An attacker who successfully exploited this vulnerability could drop the DLL files on the users Download folder (or equivalent) and gain elevated privileges.

  • Vulnerability in HMS Industrial Networks AB's Equipment (15 Jul 2020)

    Stack-based Buffer Overflow vulnerability has been discovered in HMS Industrial Networks AB's Equipment- eCatcher. Successful exploitation of this vulnerability could crash the device being accessed. In addition, a buffer overflow condition may allow remote code execution with highest privileges.

  • Information disclosure vulnerability in IBM Verify Gateway (15 Jul 2020)

    It has been discovered that IBM Verify Gateway (IVG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. The affected versions of IBM Verify Gateway are RADIUS 1.0.0, PAM 1.0.0, 1.0.1 and WinLogin 1.0.0, 1.0.1.

  • Cisco releases security updates for multiple products (15 Jul 2020)

    Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Apple releases security updates (15 Jul 2020)

    Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in Capsule Technologies' Equipment (14 Jul 2020)

    Protection Mechanism Failure vulnerability has been discovered in Capsule Technologies' Equipment- SmartLinx Neuron 2. Successful exploitation of this vulnerability could provide an attacker with full control of a trusted device on a hospital’s internal network.

  • Multiple vulnerabilities in Siemens' Equipment (14 Jul 2020)

    Multiple vulnerabilities have been discovered in multiple products of Siemens. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Adobe releases security updates for multiple products (14 Jul 2020)

    Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Microsoft releases July 2020 security updates (14 Jul 2020)

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Remote Code Execution vulnerability in Windows DNS Server (14 Jul 2020)

    A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.

  • Google releases security updates for Chrome (14 Jul 2020)

    Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Oracle releases July 2020 security bulletin (14 Jul 2020)

    Oracle has released its Critical Patch Update for July 2020 to address 433 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Apache releases security advisories for Apache Tomcat (14 Jul 2020)

    The Apache Software Foundation has released security advisories to address multiple vulnerabilities in Apache Tomcat. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

  • Vulnerability in Capsule Technologies' Equipment (14 Jul 2020)

    Protection Mechanism Failure vulnerability has been discovered in Capsule Technologies' Equipment- SmartLinx Neuron 2. Successful exploitation of this vulnerability could provide an attacker with full control of a trusted device on a hospital’s internal network.

  • Multiple vulnerabilities in Java affect the IBM FlashSystem 900 (13 Jul 2020)

    It has been discovered that multiple vulnerabilities in Java affects the IBM FlashSystem 900. An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, no availability impact, and a concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.

  • Vulnerability Summary (13 Jul 2020)

    Summary of vulnerabilities for the week of July 06, 2020.

  • Multiple vulnerabilities in IBM QRadar SIEM (13 Jul 2020)

    Multiple vulnerabilities such as denial of service, XML External Entity Injection, cross-site scripting, command injection, and out-of-bound vulnerabilities have been discovered in IBM QRadar SIEM.

  • Multiple vulnerabilities in Netty (13 Jul 2020)

    It has been discovered that Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers, which leads to HTTP request smuggling and Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace and a later Content-Length header. These vulnerabilities result in HTTP request smuggling. When malformed or abnormal HTTP requests are interpreted, the system can interpret them inconsistently, allowing the attacker to 'smuggle' a request to one device while the other device is unaware of it.

  • jbig2dec security update (13 Jul 2020)

    jbig2dec is a decoder implementation of the JBIG2 image compression format. A heap-based buffer overflow vulnerability has been discovered in jbig2_image_compose in jbig2_image.c. An update for jbig2dec is now available for Red Hat Enterprise Linux 8.

  • dbus security update (13 Jul 2020)

    D-Bus is a system for sending messages between applications. A denial of service via file descriptor leak has been discovered in dbus. An update for dbus is now available for Red Hat Enterprise Linux 7.

  • dovecot security update (13 Jul 2020)

    Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It has been discovered that malformed NOOP commands leads to DoS in dovecot. An update for dovecot is now available for Red Hat Enterprise Linux 8.

  • openjpeg2 security update (11 Jul 2020)

    Multiple vulnerabilities such as denial of service, heap-based buffer overflow, and use-after-free have been discovered in openjpeg2. It is recommended to upgrade the openjpeg2 packages.

  • mailman security update (11 Jul 2020)

    It has been discovered that /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection and GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. It is recommended to upgrade the mailman packages.

  • ruby-rack security update (11 Jul 2020)

    It has been discovered that there exists a directory traversal vulnerability in rack < 2.2.0 that allows an attacker to perform directory traversal vulnerability in the Rack::Directory app which could result in information disclosure and reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

  • Multiple vulnerabilities in Hitachi products (10 Jul 2020)

    Multiple vulnerabilities such as Server Side Request Forgery and Cross-site Scripting have been discovered in Hitachi Ops Center Analyzer viewpoint and Hitachi Infrastructure Analytics Advisor/Hitachi Ops Center Analyzer respectively. The affected products are Hitachi Ops Center Analyzer viewpoint version 10.0.0-00 or more and less than 10.3.0-00, Hitachi Infrastructure Analytics Advisor 2.0.0-00 or more and less than 10.3.0-00 and Hitachi Ops Center Analyzer 10.0.0-00 or more and less than 10.3.0-00.

  • Vulnerability in Atlassian Jira Server and Data Center (09 Jul 2020)

    It has been discovered that the affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are version < 7.13.16, 8.0.0 ≤ version < 8.5.7, 8.6.0 ≤ version < 8.9.2, and 8.10.0 ≤ version < 8.10.1.

  • Juniper Networks releases security updates for multiple products (09 Jul 2020)

    Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in Rockwell Automation's Equipment (09 Jul 2020)

    Improper Restriction of XML External Entity Reference vulnerability has been discovered in Rockwell Automation's Equipment- Logix Designer Studio 5000. Successful exploitation of this vulnerability could allow an unauthenticated attacker to craft a malicious file, which when parsed, could lead to some information disclosure of hostnames or other resources from the program.

  • VMware releases security updates for multiple products (09 Jul 2020)

    VMware Fusion, VMRC for Mac and Horizon Client for Mac contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC for Mac or Horizon Client for Mac is installed.

  • fwupd security update (09 Jul 2020)

    It has been discovered that there was a possible signature verification issue in firmware update daemon library fwupd as the return value of gpgme_op_verify_result was not being checked. It is recommended to upgrade the fwupd packages.

  • OS command injection vulnerability in GlobalProtect portal (08 Jul 2020)

    It has been discovered that an OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network-based attacker to execute arbitrary OS commands with root privileges. An attacker would require some level of specific information about the configuration of an impacted firewall or perform brute-force attacks to exploit this issue.

  • Cross Site Scripting vulnerability in IBM QRadar SIEM (07 Jul 2020)

    It has been discovered that Carbon Black Response application add on to IBM QRadar SIEM is vulnerable to cross site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. The affected versions are Carbon Black Response 1.0.1 - 1.3.0.

  • nghttp2 security update (07 Jul 2020)

    libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. It has been discovered that an overly large SETTINGS frames in nghttp2 can lead to DoS. An update for nghttp2 is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.

  • SQL-injection vulnerability in VeloCloud (07 Jul 2020)

    An SQL-injection vulnerability has been discovered in VeloCloud. The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.

  • Citrix security update (07 Jul 2020)

    Multiple vulnerabilities have been discovered in Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in a number of security issues. It is recommended to update to the required versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP.

  • Multiple vulnerabilities in Grundfos Pumps Corporation's Equipment (07 Jul 2020)

    Multiple vulnerabilities such as Missing Authentication for Critical Function, and Unprotected Storage of Credentials have been discovered in Grundfos Pumps Corporation's Equipment- CIM 500. Successful exploitation of these vulnerabilities could allow access to cleartext credential data.

  • Vulnerability Summary (06 Jul 2020)

    Summary of vulnerabilities for the week of June 29, 2020.

  • Android Security Bulletin (06 Jul 2020)

    The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-07-05 or later address all of these issues.

  • Multiple vulnerabilities in Mitsubishi Electric's Equipment (03 Jul 2020)

    Multiple vulnerabilities such as Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation, NULL Pointer Dereference, Improper Access Control, Argument Injection, and Resource Management Errors have been discovered in Mitsubishi Electric's Equipment- GOT2000 Series. Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition or remote code execution.

  • Multiple vulnerabilities in Phoenix Contact's Equipment (02 Jul 2020)

    Multiple vulnerabilities such as Stack-based Buffer Overflow, and Out-of-Bounds Read have been discovered in Phoenix Contact's Equipment- Automation Worx Software Suite. Successful exploitation could allow an attacker to execute arbitrary code under the privileges of the application.

  • Samba releases security updates (02 Jul 2020)

    Samba has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in ABB's Equipment (02 Jul 2020)

    Cross-site Scripting vulnerability has been discovered in ABB's Equipment- System 800xA Information Manager. Successful exploitation of this vulnerability could allow an attacker to inject and execute arbitrary code on the information manager server.

  • Multiple vulnerabilities in Nortek's Equipment (02 Jul 2020)

    Multiple vulnerabilities such as Path Traversal, Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, and Improper Authentication have been discovered in Nortek's Equipment- Linear eMerge 50P/5000P. Successful exploitation of these vulnerabilities could allow a remote attacker to gain full system access.

  • Multiple vulnerabilities in OpenClinic GA's Equipment (02 Jul 2020)

    Multiple vulnerabilities have been discovered in OpenClinic GA's Equipment- OpenClinic GA. Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, discover restricted information, view/manipulate restricted database information, and/or execute malicious code.

  • docker.io security update (02 Jul 2020)

    It has been discovered that Docker, a Linux container runtime, created network bridges which by default accept IPv6 router advertisements. This could allow an attacker with the CAP_NET_RAW capability in a container to spoof router advertisements, resulting in information disclosure or denial of service. It is recommended to upgrade the docker.io packages.

  • Vulnerability in Apache Guacamole (02 Jul 2020)

    It has been discovered that Apache Guacamole 1.1.0 and older may mishandle pointers involved in processing data received via RDP static virtual channels. If a user connects to a malicious or compromised RDP server, a series of specially-crafted PDUs could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. It is recommended to upgrade from Apache Guacamole 1.1.0 to 1.2.0.

  • Cisco releases security updates for multiple products (01 Jul 2020)

    Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • RCE vulnerability in BIG-IP TMUI (01 Jul 2020)

    It has been discovered that the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. An attacker could exploit this vulnerability to take control of an affected system.

  • Multiple vulnerabilities in Delta Electronics' Equipment (30 Jun 2020)

    Multiple vulnerabilities such as Out-of-bounds Read, and Heap-based Buffer Overflow have been discovered in Delta Electronics' Equipment- Delta Industrial Automation DOPSoft. Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.

  • Multiple vulnerabilities in Mitsubishi Electric's Equipment (30 Jun 2020)

    Multiple vulnerabilities such as Improper Restriction of XML External Entity Reference and Uncontrolled Resource Consumption have been discovered in Mitsubishi Electric's Equipment- Factory Automation Engineering Software Products. Successful exploitation of these vulnerabilities could allow a local attacker to send files outside of the system as well as cause a denial-of-service condition.

  • Mozilla releases security updates for Firefox, Firefox ESR and Thunderbird (30 Jun 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Remote Code Execution vulnerability in Microsoft Windows Codecs Library (30 Jun 2020)

    A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

  • Palo Alto releases security updates for PAN-OS (29 Jun 2020)

    It has been discovered that when Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability. This vulnerability affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). This issue does not affect PAN-OS 7.1.

  • Vulnerability Summary (29 Jun 2020)

    It has been discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information.

  • Vulnerability in glib-networking (29 Jun 2020)

    It has been discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information.

  • zziplib security update (28 Jun 2020)

    Multiple vulnerabilities have been fixed in zziplib, a library providing read access on ZIP-archives. They are basically all related to invalid memory access and resulting crash or memory leak. It is recommended to upgrade the zziplib packages.

  • pngquant security update (28 Jun 2020)

    It has been discovered that pngquant, a PNG (Portable Network Graphics) image optimising utility, is susceptible to a buffer overflow write issue triggered by a maliciously crafted png image, which could lead into denial of service or other issues. It is recommended to upgrade the pngquant packages.

  • libtirpc security update (28 Jun 2020)

    It has been discovered that libtiprc, a transport-independent RPC library, could be used for a denial of service or possibly unspecified other impact by a stack-based buffer overflow due to a flood of crafted ICMP and UDP packets. It is recommended to upgrade the libtirpc packages.

  • libtasn1-6 security update (28 Jun 2020)

    A vulnerability has been discovered in Libtasn1, a library to manage ASN.1 structures, allowing a remote attacker to cause a denial of service against an application using the Libtasn1 library. It is recommended to upgrade the libtasn1-6 packages.

  • mcabber security update (28 Jun 2020)

    It has been discovered that there was a "roster push attack" in mcabber, a console-based Jabber (XMPP) client. This is identical to CVE-2015-8688 for gajim. It is recommended to upgrade the mcabber packages.

  • picocom security update (28 Jun 2020)

    It has been discovered that there was a command injection vulnerability in picocom, a minimal dumb-terminal emulation program. It is recommended to upgrade the picocom packages.

  • Denial of Service vulnerability in Apache Tomcat (25 Jun 2020)

    It has been discovered that a specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. An attacker could exploit this vulnerability to cause a denial-of-service condition. The affected versions are Apache Tomcat 8.5.0 to 8.5.55, 9.0.0.M1 to 9.0.35 and 10.0.0-M1 to 10.0.0-M5.

  • Multiple vulnerabilities in Schneider Electric's Equipment (22 Jun 2020)

    Multiple vulnerabilities such as Cleartext Transmission of Sensitive Information, Uncontrolled Resource Consumption, Hidden Functionality, and Improper Access Control have been discovered in Schneider Electric's Equipment- Triconex TriStation and Triconex Tricon Communication Module. Successful exploitation of these vulnerabilities may allow an attacker to view clear text data on the network, cause a denial-of-service condition, or allow improper access.

  • Vulnerability Summary (22 Jun 2020)

    Summary of vulnerabilities for the week of June 15, 2020.

  • ngircd security update (21 Jun 2020)

    It has been discovered that there was an out-of-bounds access vulnerability in the server-server protocol in the ngircd Internet Relay Chat (IRC) server. It is recommended to upgrade the ngircd packages.

  • lynis security update (21 Jun 2020)

    It has been discovered that there was a vulnerability in lynis, a security auditing tool. The license key could be obtained by simple observation of the process list when a data upload is being performed. It is recommended to upgrade the lynis packages.

  • Multiple vulnerabilities in DB2 (19 Jun 2020)

    Multiple vulnerabilities have been discovered in DB2 which affect IBM i2 EIA. The affected versions are IBM i2 Analyze 4.3.0, 4.3.1 and 4.3.2.

  • Multiple vulnerabilities in BIOTRONIK's Equipment (18 Jun 2020)

    Multiple vulnerabilities such as Improper Authentication, Cleartext Transmission of Sensitive Information, Missing Encryption of Sensitive Data, and Storing Passwords in a Recoverable Format have been discovered in BIOTRONIK's Equipment- CardioMessenger II-S T-Line and CardioMessenger II-S GSM. Successful exploitation of these vulnerabilities could allow an attacker with physical access to the CardioMessenger to obtain sensitive data, obtain transmitted medical data from implanted cardiac devices with the implant’s serial number or impact Cardio Messenger II product functionality. Successful exploitation of these vulnerabilities could allow an attacker with adjacent access to influence communications between the Home Monitoring Unit (HMU) and the Access Point Name (APN) gateway network.

  • Multiple vulnerabilities in Baxter's Equipment (18 Jun 2020)

    Multiple vulnerabilities have been discovered in Baxter's Equipment- Baxter ExactaMix EM 2400 & EM 1200, Phoenix Hemodialysis Delivery System, PrismaFlex and PrisMax, and Sigma Spectrum Infusion Pumps. Successful exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

  • Multiple vulnerabilities in Mitsubishi Electric's Equipment (18 Jun 2020)

    Multiple vulnerabilities have been discovered in Mitsubishi Electric's Equipment- MC Works64 and MC Works32. Successful exploitation of these vulnerabilities may allow remote code execution, a denial-of-service condition, information disclosure, or information tampering.

  • Vulnerability in Johnson Controls' Equipment (18 Jun 2020)

    Improper Verification of Cryptographic Signature vulnerability has been discovered in Johnson Controls' Equipment- exacqVision. Successful exploitation of this vulnerability could allow an attacker with administrative privileges to potentially download and run a malicious executable that could allow the execution of operating system commands on the system.

  • Multiple vulnerabilities in Treck Inc's Equipment (18 Jun 2020)

    Multiple vulnerabilities such as Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, and Improper Access Control have been discovered in Treck Inc's Equipment- TCP/IP. Successful exploitation of these vulnerabilities may allow remote code execution or exposure of sensitive information.

  • Multiple vulnerabilities in Rockwell Automation's FactoryTalk View SE (18 Jun 2020)

    Multiple vulnerabilities such as Improper Input Validation, Improper Restriction of Operations Within The Bounds of a Memory Buffer, Permissions, Privileges, and Access Controls, and Exposure of Sensitive Information to an Unauthorized Actor have been discovered in Rockwell Automation's Equipment- FactoryTalk View SE. Successful exploitation of these vulnerabilities may allow a remote authenticated attacker to manipulate data of affected devices.

  • Vulnerability in Rockwell Automation's FactoryTalk Services Platform (18 Jun 2020)

    Improper Input Validation vulnerability has been discovered in Rockwell Automation's Equipment- FactoryTalk Services Platform. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute remote COM objects with elevated privileges.

  • Multiple vulnerabilities in ICONICS' Equipment (18 Jun 2020)

    Multiple vulnerabilities such as buffer overflow or memory corruption have been discovered in ICONICS' Equipment- GENESIS64 and GENESIS32. Successful exploitation of these vulnerabilities may allow remote code execution or denial of service.

  • Vulnerability in McAfee Advanced Threat Defense (18 Jun 2020)

    Improper Access Control vulnerability has been discovered in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 that allows local users to view sensitive files via a carefully crafted HTTP request parameter. It is recommended to upgrade to Advanced Threat Defense (ATD) 4.10.0.

  • Vulnerability in VMware Tools for macOS (18 Jun 2020)

    It has been discovered that VMware Tools for macOS contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs.

  • Drupal releases security updates (17 Jun 2020)

    Drupal has released security updates to address multiple vulnerabilities such as Access bypass, Arbitrary PHP code execution and Cross Site Request Forgery affecting Drupal 7, 8.8, 8.9, and 9.0. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in BIND (17 Jun 2020)

    Multiple vulnerabilities have been discovered affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The affected versions are BIND 9.16.0 to 9.16.3, BIND 9.11.14 to 9.11.19, BIND 9.14.9 to 9.14.12, BIND 9.16.0 to 9.16.3 and versions 9.11.14-S1 to 9.11.19-S1 of BIND Supported Preview Edition.

  • Cisco releases multiple security updates (17 Jun 2020)

    Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Elevation of Privilege vulnerability in Windows Spatial Data Service (17 Jun 2020)

    It has been discovered that an elevation of privilege vulnerability exists in Windows 10 version 1903 when the Windows Spatial Data Service improperly handles objects in memory. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation.

  • Adobe releases security updates for multiple products (16 Jun 2020)

    Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Untrusted Search Path RCE vulnerability in Trend Micro Security 2020 (Consumer) (15 Jul 2020)

    It has been discovered that an untrusted search patch vulnerability exists in Trend Micro Security 2020 that could allow an attacker to run arbitrary code on a vulnerable system. The affected versions are Premium Security 2020 for Windows v16.0.1146 and earlier, Maximum Security 2020 for Windows v16.0.1146 and earlier, Internet Security 2020 for Windows v16.0.1146 and earlier, and Antivirus+ 2020 for Windows v16.0.1146 and earlier. It is recommended to upgrade all Trend Micro Security 2020 versions to v16.0.1373.

  • Vulnerability Summary (15 Jun 2020)

    Summary of vulnerabilities for the week of June 08, 2020.

  • Google releases security updates for Chrome (15 Jun 2020)

    Google has released Chrome version 83.0.4103.106 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Vulnerability in Hitachi Automation Director and Hitachi Ops Center Automator (12 Jun 2020)

    A Path Traversal vulnerability has been discovered in Hitachi Automation Director and Hitachi Ops Center Automator. The affected versions are Hitachi Automation Director 8.1.1-00 or more and less than 10.1.1-00 (Windows), Hitachi Automation Director 8.2.0-00 or more and less than 10.1.1-00 (Linux) and Hitachi Ops Center Automator 10.0.0-00 or more and less than 10.1.0-00 (Windows, Linux). It is recommended to upgrade to the appropriate version.

  • Multiple vulnerabilities in Citrix Workspace app and Receiver for Windows (11 Jun 2020)

    Multiple vulnerabilities have been discovered in Citrix Workspace app and Receiver for Windows that could result in a local user escalating their privilege level to administrator during the uninstallation process. These vulnerabilities do not affect Citrix Workspace app and Receiver on any other platforms.

  • Vulnerability in Philips' Equipment (11 Jun 2020)

    It has been discovered that unencrypted user credentials were stored in transaction logs in Philips' Equipment- IntelliBridge Enterprise (IBE) system. Successful exploitation of this vulnerability may allow an existing administrator and/or high privileged system user access to credentials to the hospital’s clinical information systems.

  • Multiple vulnerabilities in Rockwell Automation's Equipment (11 Jun 2020)

    Multiple vulnerabilities such as Improper Input Validation, Path Traversal, and Unrestricted Upload of File with Dangerous Type have been discovered in Rockwell Automation's Equipment- FactoryTalk Linx Software. Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition, obtain remote code execution, and read sensitive information.

  • Vulnerability in OSIsoft's Equipment (11 Jun 2020)

    Cross-site Scripting vulnerability has been discovered in OSIsoft's Equipment- PI Web API 2019. Successful exploitation of this vulnerability could allow a remote authenticated attacker with write access to a PI Server to trick a user into interacting with a PI Web API endpoint that executes arbitrary JavaScript in the user’s browser, resulting in view, modification, or deletion of data as allowed for by the victim’s user permissions.

  • mysql-connector-java security update (11 Jun 2020)

    Multiple vulnerabilities have been discovered in the MySQL Connector/J JDBC driver. It is recommended to upgrade the mysql-connector-java packages.

  • roundcube security update (11 Jun 2020)

    It has been discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform a Cross-Side Scripting (XSS) attack leading to the execution of arbitrary code. It is recommended to upgrade the roundcube packages.

  • libphp-phpmailer security update (11 Jun 2020)

    It has been discovered that PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. It is recommended to upgrade the libphp-phpmailer packages.

  • Red Hat JBoss Enterprise Application Platform 7.3.1 security update (10 Jun 2020)

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Multiple vulnerabilities have been discovered in Red Hat JBoss Enterprise Application Platform 7.3.0. An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8 that includes bug fixes and enhancements.

  • expat security update (10 Jun 2020)

    Expat is a C library for parsing XML documents. An Integer overflow leading to buffer overflow in XML_GetBuffer() of expat has been discovered. An update for expat is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.

  • WordPress releases security and maintenance update (10 Jun 2020)

    WordPress 5.4.1 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. It is recommended to upgrade to WordPress 5.4.2.

  • pcs security and bug fix update (10 Jun 2020)

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Unsafe Object Creation vulnerability in JSON has been discovered. An update for pcs is now available for Red Hat Enterprise Linux 8.

  • Multiple vulnerabilities in Intel (09 Jun 2020)

    Potential security vulnerabilities in Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Dynamic Application Loader (DAL) may allow escalation of privilege, denial of service or information disclosure. Intel recommends that users of Intel CSME, Intel SPS, Intel TXE, Intel AMT, Intel ISM and Intel DAL update to the latest versions provided by the system manufacturer that address these issues.

  • VMware releases security update for Horizon Client for Windows (09 Jun 2020)

    A privilege escalation vulnerability affecting VMware Horizon Client for Windows has been discovered. A local user on the system where the software is installed may exploit this vulnerability to run commands as any user.

  • Adobe releases security updates (09 Jun 2020)

    Adobe has released security updates to address vulnerabilities in Flash Player, Experience Manager, and Framemaker. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Microsoft releases June 2020 security updates (09 Jun 2020)

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in Philips' Equipment (09 Jun 2020)

    Multiple vulnerabilities such as Improper Input Validation, and Use of Hard Coded Credentials have been discovered in Philips' Equipment- PageWriter TC10, TC20, TC30, TC50, and TC70 Cardiographs. Successful exploitation of these vulnerabilities could allow buffer overflows, or allow an attacker to access and modify settings on the device.

  • Multiple vulnerabilities in Siemens' Equipment (09 Jun 2020)

    Multiple vulnerabilities have been discovered in multiple Siemens' Equipments. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in OSIsoft's Equipment (09 Jun 2020)

    Multiple vulnerabilities such as Uncontrolled Search Path Element, Improper Verification of Cryptographic Signature, Incorrect Default Permissions, Uncaught Exception, Null Pointer Dereference, Improper Input Validation, Cross-site Scripting, and Insertion of Sensitive Information into Log File have been discovered in OSIsoft's Equipment- PI System. Successful exploitation of these vulnerabilities could allow an attacker to access unauthorized information, delete or modify local processes, and crash the affected device.

  • Vulnerability in Mitsubishi Electric's Equipment (09 Jun 2020)

    Resource Exhaustion vulnerability has been discovered in Mitsubishi Electric's Equipment- MELSEC iQ-R series. Successful exploitation of this vulnerability could cause the Ethernet port to enter a denial-of-service condition.

  • Vulnerability in Advantech's Equipment (09 Jun 2020)

    Stack-based Buffer Overflow vulnerability has been discovered in Advantech's Equipment- WebAccess Node. Successful exploitation of this vulnerability could crash the application being accessed; a buffer overflow condition may allow remote code execution.

  • Vulnerability Summary (08 Jun 2020)

    Summary of vulnerabilities for the week of June 01, 2020.

  • Vulnerability in Universal Plug and Play (08 Jun 2020)

    The Universal Plug and Play (UPnP) protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using SUBSCRIBE functionality, leading to amplified DDoS attacks and data exfiltration.

  • Information disclosure vulnerability in OTRS (08 Jun 2020)

    It has been discovered that the BCC recipients are visible in article detail on external interface. This information disclosure vulnerability affects OTRS 7.0.17 and prior versions, and OTRS 8.0.3 and prior versions. It is recommended to upgrade to OTRS 7.0.18 or OTRS 8.0.4.

  • cups security update (07 Jun 2020)

    It has been discovered that the `ippReadIO` function may under-read an extension field and there was a heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c. It is recommended to upgrade the cups packages.

  • graphicsmagick security update (07 Jun 2020)

    A vulnerability has been discovered in graphicsmagick, a collection of image processing tools, that results in a heap buffer overwrite when magnifying MNG images. It is recommended to upgrade the graphicsmagick packages.

  • nodejs security update (06 Jun 2020)

    Multiple vulnerabilities have been discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code. It is recommended to upgrade the nodejs packages.

  • dbus security update (05 Jun 2020)

    It has been discovered that there was a file descriptor leak in the D-Bus message bus. An unprivileged local attacker could use this to attack the system DBus daemon, leading to denial of service for all users of the machine. It is recommended to upgrade the dbus packages.

  • Vulnerability in Bitdefender Antivirus Free (05 Jun 2020)

    It has been discovered that a vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178. An automatic update to Bitdefender Antivirus Free version 1.0.17.178 or newer fixes this vulnerability.

  • Vulnerability in WSO2 (05 Jun 2020)

    It has been discovered that the Management Console is vulnerable to a XXE attack when adding and updating a Lifecycle. The XXE attacks can affect any trusted system respective to the machine where the parser is located. This attack may result in disclosing local files, denial of service, server-side request forgery, port scanning and other system impacts on affected systems.

  • Vulnerability in SQLite (05 Jun 2020)

    It has been discovered that resetAccumulator of SQLite is vulnerable to Use after free.

  • Vulnerability in WinGate (04 Jun 2020)

    WinGate is a sophisticated integrated Internet gateway and communications server. It has been discovered that WinGate has insecure permissions for the installation directory, which allows local users ability to gain privileges by replacing an executable file with a Trojan horse. The affected versions are WinGate v9.4.1.5998.

  • Vulnerability in GnuTLS (04 Jun 2020)

    It has been discovered that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2. The affected versions are below GnuTLS 3.6.14.

  • Vulnerability in WebSphere Application Server (04 Jun 2020)

    It has been discovered that WebSphere Application Server is vulnerable to a remote code execution vulnerability. The IBM WebSphere Application Server traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects.

  • Vulnerability in HPE Edgeline Integrated System Manager (03 Jun 2020)

    Potential security vulnerabilities have been discovered in HPE Edgeline Integrated System Manager. These vulnerabilities, known as the "TCP SACK Panic", could be remotely exploited to cause a remote denial of service. The affected versions are HPE Edgeline EL300 Converged Edge System - Running HPE Edgeline Integrated System Manager Prior to 2.06.

  • Vulnerability in IBM QRadar (03 Jun 2020)

    It has been discovered that IBM QRadar is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. The affected products and versions are all SDEE protocol versions before 7.3.0-QRADAR-PROTOCOL-SDEE-7.3-20200429181957 and all SDEE protocol versions before 7.4.0-QRADAR-PROTOCOL-SDEE-7.4-20200429181942.

  • Multiple vulnerabilities in FortiGuard products (03 Jun 2020)

    An improper neutralization of input and an unquoted service path vulnerability has been discovered in FortiAnalyzer and FortiSIEM Windows Agent respectively. The affected versions are FortiAnalyzer version 6.2.3 and below and FortiSIEMWindowsAgent version 3.1.2 and below. It is recommended to upgrade to FortiAnalyzer version 6.2.4 or above or 6.4.0 or above and FortiSIEMWindowsAgent version 3.2.0 or above.

  • Google releases security updates for Chrome (03 Jun 2020)

    Google has released Chrome version 83.0.4103.97 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Cisco releases security updates for multiple products (03 Jun 2020)

    Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Jenkins security advisory (03 Jun 2020)

    Jenkins announced vulnerabilities in multiple Jenkins deliverables.

  • Vulnerability in Huawei Smartphones (03 Jun 2020)

    It has been discovered that there is an improper handling of exceptional condition vulnerability in Huawei Smartphones. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones.

  • Django security update (03 Jun 2020)

    Multiple vulnerabilities such as data leakage and XSS have been discovered in Django. The affected versions are Django master branch, Django 3.1 (currently at alpha status), Django 3.0, and Django 2.2. It is recommended to upgrade to Django 3.0.7 or Django 2.2.13.

  • Multiple vulnerabilities in Joomla! CMS (02 Jun 2020)

    Multiple vulnerabilities such as XSS and CSRF have been discovered in Joomla! CMS. An attacker could exploit these vulnerabilities to take control of an affected system.

  • Vulnerability in url-regex (02 Jun 2020)

    url-regex is a package with regular expression for matching URLs. It has been discovered that the affected versions of url-regex package are vulnerable to Regular Expression Denial of Service (ReDoS). An attacker providing a very long string in String.test can cause a Denial of Service.

  • IP-in-IP encapsulation vulnerability (02 Jun 2020)

    It has been discovered that IP Encapsulation within IP (RFC2003 IP-in-IP) can be abused by an unauthenticated attacker to unexpectedly route arbitrary network traffic through a vulnerable device.

  • Mozilla releases security updates for Firefox, Firefox ESR and Thunderbird (02 Jun 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in GE's Equipment (02 Jun 2020)

    Missing Authentication for Critical Function vulnerability has been discovered in GE's Equipment- Grid Solutions Reason RT Clocks. Successful exploitation of this vulnerability could allow access to sensitive information, execution of arbitrary code, and cause the device to become unresponsive.

  • Vulnerability in SWARCO TRAFFIC SYSTEMS' Equipment (02 Jun 2020)

    An Improper Access Control vulnerability has been discovered in SWARCO TRAFFIC SYSTEMS' Equipment- CPU LS4000. Successful exploitation of this vulnerability could allow access to the device and disturb operations with connected devices.

  • Calico and Calico Enterprise security update (01 Jun 2020)

    It has been discovered that clusters using IPv4 may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with default privilege is able to reconfigure the node’s IPv6 interface and redirect traffic from the node to the compromised pod. It is recommended to upgrade to the latest Calico or Calico Enterprise releases.

  • Vulnerability in Apache Ant (01 Jun 2020)

    Ant is a java based build tool like make. It has been discovered that Apache Ant created temporary files with insecure permissions. An attacker could use this vulnerability to read sensitive information leaked into /tmp, or potentially inject malicious code into a project that is built with Apache Ant.

  • Android security bulletin (01 Jun 2020)

    The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-06-05 or later address all of these issues.

  • Vulnerability in Flask (01 Jun 2020)

    Flask is a micro web framework based on Werkzeug and Jinja2. It has been discovered that Flask incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.

  • ca-certificates update (01 Jun 2020)

    ca-certificates is common CA certificates. It has been discovered that ca-certificates package contained an expired CA certificate that caused connectivity issues. This update removes the "AddTrust External Root" CA.

  • Use of Hard-coded Cryptographic Key vulnerability in FortiClient (01 Jun 2020)

    It has been discovered that use of a hard-coded cryptographic key to encrypt security sensitive data in configuration in FortiClient for Windows may allow an attacker with access to the configuration or the backup file to decrypt the sensitive data via knowledge of the hard-coded key. The affected versions are FortiClient for Windows below 6.4.0. It is recommended to upgrade to FortiClient for Windows 6.4.0.

  • Vulnerability in QEMU (01 Jun 2020)

    An Out-Of-Bound (OOB) access vulnerability has been discovered in the Message Signalled Interrupt (MSI-X) device support of QEMU. This vulnerability could occur while performing MSI-X mmio operations when a guest sent address goes beyond the mmio region. A guest user/process may use this vulnerability to crash the QEMU process resulting in DoS scenario.

  • Kubernetes cluster vulnerable to man-in-the-middle attacks (01 Jun 2020)

    It has been discovered that a Kubernetes cluster using an affected networking implementation is vulnerable to man-in-the-middle (MitM) attacks. Kubernetes itself is not vulnerable.

  • Multiple vulnerabilities in IBM Planning Analytics Workspace (01 Jun 2020)

    Multiple vulnerabilities have been discovered in the Planning Analytics Workspace component of IBM Planning Analytics. An attacker could exploit one of these vulnerabilities to take control of an affected system.

  • Vulnerability Summary (01 Jun 2020)

    Summary of vulnerabilities for the week of May 25, 2020.

  • Apple releases security updates (01 Jun 2020)

    Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected system.

  • Vulnerability in Cisco NX-OS Software (01 Jun 2020)

    A vulnerability has been discovered in the network stack of Cisco NX-OS Software that could allow an unauthenticated, remote attacker to bypass certain security boundaries or cause a denial of service (DoS) condition on an affected device.

  • Multiple vulnerabilities in ABB's Equipment (29 May 2020)

    Multiple vulnerabilities have been discovered in multiple products of ABB. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • freerdp security update (28 May 2020)

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Multiple vulnerabilities such as Out-of-bounds write and Integer overflow have been discovered in freerdp. An update for freerdp is now available for Red Hat Enterprise Linux 7.

  • Vulnerability in Teradici PCoIP Standard Agent and PCoIP Graphics Agent for Windows (28 May 2020)

    A security vulnerability in the exchange of information through Windows Named Pipes has been discovered in PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows. This would allow the interception of sensitive information. Additionally, if the user account had windows impersonation enabled, then the attacker could elevate privilege to execute as Windows System. The affected versions are PCoIP Agent (Standard or Graphics) for Windows 19.11.1 and earlier, and PCoIP Agent (Standard or Graphics) for Windows 2.7.8 and earlier. It is recommended to update the PCoIP Agent for Windows to 19.11.2 (or later) or the 2.7.9 patch.

  • bbPress 2.6.5 released (28 May 2020)

    Multiple vulnerabilities have been discovered in bbPress 2.6. These vulnerabilities have been fixed in bbPress 2.6.5. It is recommended to update from bbPress 2.6 to bbPress 2.6.5.

  • CVE - KB Correlation (27 May 2020)

    List of CVE ID and corresponding Knowledge Base IDs as released by Microsoft during May 2020.

  • Multiple vulnerabilities in Unbound (27 May 2020)

    Unbound is a validating, recursive, and caching DNS resolver. It has been discovered that Unbound incorrectly handled certain queries and malformed answers. A remote attacker could use these vulnerabilities to perform an amplification attack directed at a target or cause Unbound to crash, resulting in a denial of service.

  • Multiple vulnerabilities in Bosch Recording Station (27 May 2020)

    Multiple vulnerabilities such as EternalBlue, BlueKeep, Improper Access Control, and lack of Full Disk Encryption have been discovered in Bosch Recording Station (BRS). Bosch strongly recommends to operate the BRS system in a closed network and prevent unauthorized direct access to the BRS server.

  • Apple releases security updates (26 May 2020)

    Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • High-severity vulnerability in Android devices (26 May 2020)

    A new elevation of privilege vulnerability has been discovered in Android that allows hackers to gain access to almost all apps. This vulnerability has been named StrandHogg 2.0 due to its similarities with the infamous StrandHogg vulnerability.

  • Stored XSS vulnerability in File Picker at CMSMS (26 May 2020)

    A Stored XSS vulnerability has been discovered in the File Picker area under Extensions in CMS Made Simple Admin Console. This vulnerability affects the CMS Made Simple latest version (2.2.14) and below.

  • Multiple vulnerabilities in Inductive Automation's Equipment (26 May 2020)

    Multiple vulnerabilities such as Missing Authentication for Critical Function and Deserialization of Untrusted Data have been discovered in Inductive Automation's Equipment- Ignition. Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information and perform remote code execution with SYSTEM privileges.

  • Vulnerability in Johnson Controls' Equipment (26 May 2020)

    A system permissions vulnerability has been discovered in all versions of Tyco Kantech EntraPass Security Management Software Editions. An attacker with authorized access to a low-privileged user account could exploit this vulnerability to gain full system level privileges.

  • sqlite3 security update (26 May 2020)

    An integer overflow vulnerability has been discovered in the sqlite3_str_vappendf function of the src/printf.c file of sqlite3 from version 3.8.3. It is recommended to upgrade the sqlite3 packages.

  • Red Hat Data Grid 7.3.6 security update (26 May 2020)

    Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. Multiple vulnerabilities have been discovered in Red Hat Data Grid 7.3.5. These vulnerabilities have been fixed in new release Red Hat Data Grid 7.3.6.

  • httpd24-httpd and httpd24-mod_md security and enhancement update (26 May 2020)

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The mod_rewrite configurations of httpd is vulnerable to open redirect vulnerability. An update for httpd24-httpd and httpd24-mod_md is now available for Red Hat Software Collections.

  • rh-haproxy18-haproxy security, bug fix, and enhancement update (26 May 2020)

    HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. A HTTP request smuggling vulnerability with transfer-encoding header containing an obfuscated "chunked" value has been discovered in haproxy and HTTP/2 implementation of haproxy is vulnerable to intermediary encapsulation attacks. An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections.

  • Vulnerability in SELinux (25 May 2020)

    A vulnerability has been discovered in the Linux kernels SELinux LSM hook implementation where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.

  • Vulnerability Summary (25 May 2020)

    Summary of vulnerabilities for the week of May 18, 2020.

  • Vulnerability in Cybozu Desktop for Windows (25 May 2020)

    Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.

  • Multiple vulnerabilities in FortiGuard products (25 May 2020)

    Multiple vulnerabilities such as Improper Access Control, Privilege Escalation, and Unauthorized code execution have been discovered in FortiClient and FortiGateCloud of FortiGuard. The affected products are FortiClient for Windows 6.2.1 and below and FortiGateCloud version 4.4.

  • netqmail security update (24 May 2020)

    Multiple vulnerabilities have been discovered in qmail which could result in the execution of arbitrary code, bypass of mail address verification and a local information leak whether a file exists or not. It is recommended to upgrade the netqmail packages.

  • ruby-rack security update (23 May 2020)

    Directory traversal vulnerability has been discovered in the Rack::Directory app that is bundled with Rack. If certain directories exist in a director that is managed by `Rack::Directory`, an attacker could, using this vulnerability, read the contents of files on the server that were outside of the root specified in the Rack::Directory initializer. It is recommended to upgrade the ruby-rack packages.

  • HTTP Request Smuggling vulnerability in meinheld (22 May 2020)

    Meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.

  • Multiple vulnerabilities in Schneider Electric's Equipment (21 May 2020)

    Multiple vulnerabilities such as SQL Injection, Path Traversal, and Argument Injection have been discovered in Schneider Electric's Equipment- EcoStruxure Operator Terminal Expert. Successful exploitation of these vulnerabilities could allow unauthorized write access or remote code execution.

  • Vulnerability in Johnson Controls' Equipment (21 May 2020)

    Cleartext Storage of Sensitive Information vulnerability has been discovered in Johnson Controls' Equipment- Software House C-CURE 9000 and American Dynamics victor Video Management System. Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application.

  • Slurm security update (21 May 2020)

    A race condition for systems with Message Aggregation enabled has been discovered in Slurm. This race condition vulnerability could allow a user to launch a process as an arbitrary user. This vulnerability has been fixed in Slurm versions 20.02.3 and 19.05.7.

  • Apple releases security update for Xcode (20 May 2020)

    Apple has released a security update to address a vulnerability in Xcode. A remote attacker could exploit this vulnerability to take control of an affected system.

  • Drupal releases security updates (20 May 2020)

    Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.7, and 8.8. A remote attacker could exploit these vulnerabilities to take control of an affected system.

  • Remote Code Execution in Apache Tomcat (20 May 2020)

    It has been discovered in Apache Tomcat that using a specifically crafted request an attacker will be able to trigger remote code execution via deserialization of the file under their control. The affected versions are Apache Tomcat 10.0.0-M1 to 10.0.0-M4, Apache Tomcat 9.0.0.M1 to 9.0.34, Apache Tomcat 8.5.0 to 8.5.54 and Apache Tomcat 7.0.0 to 7.0.103.

  • Cisco releases security updates (20 May 2020)

    Cisco has released security updates to address multiple vulnerabilities affecting various Cisco products. An attacker could exploit these vulnerabilities to take control of an affected system.

  • Vulnerability in Fortinet products (20 May 2020)

    It has been discovered that in some Fortinet products the TCP stacks that lack RFC 5961 3.2 & 4.2 support (or have it disabled at application level) may allow remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST or SYN packet. The affected products are FortiAnalyzer 6.2.3 and below and FortiManager 6.2.3 and below. It is recommended to upgrade FortiAnalyzer to 6.2.4 or above and FortiManager to 6.2.4 or above.

  • Security update for Trend Micro InterScan Web Security Virtual Appliance (19 May 2020)

    Trend Micro has released a new Critical Patch (CP) for Trend Micro InterScan Web Security Appliance (IWSVA) 6.5. This CP resolves multiple vulnerabilities related to cross-site scripting (XSS), directory traversal information disclosure, authenticated command injection and authentication bypass.

  • Multiple vulnerabilities in Rockwell Automation's Equipment (19 May 2020)

    Multiple vulnerabilities such as Improper Restriction of Operations within the Bounds of a Memory Buffer, and SQL Injection have been discovered in Rockwell Automation's Equipment- EDS Subsystem. Successful exploitation of these vulnerabilities could lead to a denial-of-service condition.

  • Vulnerability in RAONWIZ Inc K Upload (19 May 2020)

    Arguments modification via missing support for integrity check vulnerability has been discovered in RAONWIZ Inc K Upload. Automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it.

  • Multiple vulnerabilities in Emerson's Equipment (19 May 2020)

    Multiple vulnerabilities such as Missing Authentication for Critical Function, Improper Ownership Management, and Inadequate Encryption Strength have been discovered in Emerson's Equipment- OpenEnterprise SCADA Software. Successful exploitation of these vulnerabilities could allow an attacker access to OpenEnterprise configuration services or access passwords for OpenEnterprise user accounts.

  • Multiple vulnerabilities in Bind (19 May 2020)

    Bind is an Internet Domain Name Server. It has been discovered that Bind incorrectly limited certain fetches and incorrectly handled checking TSIG validity. A remote attacker could possibly use this issue to cause Bind to consume resources or cause Bind to crash, resulting in a denial of service.

  • Vulnerability in Exim (19 May 2020)

    Exim is a mail transport agent. It has been discovered that Exim incorrectly handled certain inputs. A remote attacker could possibly use this vulnerability to access sensitive information or authentication bypass.

  • Multiple vulnerabilities in HPE products (19 May 2020)

    Multiple vulnerabilities have been discovered in HPE Superdome Flex Server Remote Management Controller (RMC) and HPE NimbleStorage. A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system.

  • Vulnerability in jquery (19 May 2020)

    It has been discovered that jquery is vulnerable to Cross-site Scripting (XSS). The affected versions are jquery prior to 1.9.0. It is recommended to upgrade jquery to version 1.9.0 or higher.

  • Adobe releases security updates (19 May 2020)

    Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain sensitive information or perform remote code execution.

  • Google releases security updates for Chrome (19 May 2020)

    Google has released Chrome version 83.0.4103.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • VMware releases security update for Cloud Director (19 May 2020)

    A code injection vulnerability has been discovered in VMware Cloud Director. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution.

  • Microsoft releases security advisory for Windows DNS Servers (19 May 2020)

    Microsoft has discovered a vulnerability involving packet amplification that affects Windows DNS servers. An attacker who successfully exploits this vulnerability could cause the DNS Server service to become nonresponsive.

  • Vulnerability in Signal Messenger App (19 May 2020)

    It has been discovered that Signal Messenger App has a vulnerability which allows a remote non-contact to ring a user's Signal phone and disclose the Signal user's current DNS server. This can result in a remote attacker obtaining coarse information via leaking DNS server IP of a Signal user, which may disclose coarse location as well as changes in internet connections at any given moment.

  • WordPress Plugin "Paid Memberships Pro" vulnerable to SQL injection (19 May 2020)

    It has been discovered that WordPress Plugin "Paid Memberships Pro" contains SQL injection vulnerability. An attacker who can access the administrative page of Paid Membership Pro may obtain and/or alter the information stored in the database. It is recommended to upgrade the plugin to version 2.3.3.

  • Dell EMC Isilon OneFS security update (18 May 2020)

    Multiple vulnerabilities such as SNMPv2 and remotesupport have been discovered in Dell EMC Isilon OneFS. These vulnerabilities could be exploited by malicious users to compromise the affected system. The affected verions are Dell EMC Isilon OneFS 8.2.2 and earlier.

  • Vulnerability Summary (18 May 2020)

    Summary of vulnerabilities for the week of May 11, 2020.

  • Multiple vulnerabilities in Moodle (18 May 2020)

    Multiple vulnerabilities such as stored XSS and remote code execution have been discovered in MathJax and SCORM package of Moodle respectively. The affected versions are 3.8 to 3.8.2, 3.7 to 3.7.5, 3.6 to 3.6.9, 3.5 to 3.5.11 and earlier unsupported versions.

  • Red Hat build of Thorntail 2.5.1 security and bug fix update (18 May 2020)

    Multiple vulnerabilities have been discovered in Red Hat build of Thorntail. An update is now available for Red Hat build of Thorntail. This release of Red Hat build of Thorntail 2.5.1 includes security updates, bug fixes, and enhancements.

  • Multiple vulnerabilities in DPDK (18 May 2020)

    DPDK is a set of libraries for fast packet processing. It has been discovered that DPDK incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. These vulnerabilities affects Ubuntu 20.04 LTS, Ubuntu 19.10 and Ubuntu 18.04 LTS.

  • Multiple vulnerabilities in Dovecot (18 May 2020)

    Sending malformed NOOP command or sending command followed by sufficient number of newlines or sending mail with empty quoted localpart can cause crash in submission, submission-login or lmtp service, causing denial of service attack. The affected verions are Dovecot prior to 2.3.10.1.

  • Vulnerability in Ivanti Workspace Control (18 May 2020)

    It has been discovered that a locally authenticated user with low privileges in Ivanti Workspace Control v10.3 and v10.4 can acquire admin privileges by changing certain user registry entries. This allows an attacker to start applications with elevated privileges. This only applies to configurations where administrator rights have been added to an application by using Dynamic Privileges. This vulnerability has been resolved in Ivanti Workspace Control 10.4.40.0.

  • Multiple vulnerabilities in Bluetooth devices supporting LE and BR/EDR implementation (18 May 2020)

    Multiple vulnerabilities such as Pairing Method Confusion and Bluetooth Impersonation Attacks have been discovered in Bluetooth devices supporting LE and BR/EDR implementation. The affected versions are Core Spec, v2.1 to v5.2.

  • Vulnerability in OpenEDX (18 May 2020)

    Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info" feature.

  • log4net security update (15 May 2020)

    An XML external entity vulnerability has been discovered in log4net, a logging API for the ECMA Common Language Infrastructure (CLI), sometimes referred to as "Mono". It is recommended to upgrade the log4net packages.

  • Multiple vulnerabilities in Hitachi products (15 May 2020)

    Multiple vulnerabilities have been discovered in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center, Hitachi Compute Systems Manager, JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2.

  • Vulnerability in SQL affects IBM i (15 May 2020)

    IBM i users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. The issue can be fixed by applying a PTF to the IBM i Operating System. It is recommended that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.

  • openstack-manila security update (14 May 2020)

    OpenStack Shared Filesystem Service (Manila) provides services to manage network filesystems for use by Virtual Machine instances. User with share-network UUID is able to show create and delete shares. An update for openstack-manila is now available for Red Hat OpenStack Platform 16 (Train).

  • kpatch-patch security update (13 May 2020)

    kpatch is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. A null pointer dereference while receiving CIPSO packet with null category may cause kernel panic. An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.

  • .NET Core security update (13 May 2020)

    .NET Core is a managed-software framework. A denial of service vulnerability via untrusted input has been discovered in dotnet. An update for .NET Core is now available for Red Hat Enterprise Linux 8. The updated version is .NET Core Runtime 2.1.18 and SDK 2.1.514.

  • Vulnerability in IPRoute (13 May 2020)

    It has been discovered that IPRoute incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

  • Vulnerability in PAN-OS Panorama management service (13 May 2020)

    An improper restriction of XML external entity reference (XXE) vulnerability has been discovered in Palo Alto Networks Panorama management service which allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This vulnerability affects all versions of PAN-OS for Panorama 7.1 and 8.0, PAN-OS for Panorama 8.1 versions earlier than 8.1.13, and PAN-OS for Panorama 9.0 versions earlier than 9.0.7.

  • Access bypass vulnerability in reCAPTCHA v3 (13 May 2020)

    The reCaptcha v3 module enables to protect forms using the Google reCaptcha V3. If the reCaptcha v3 challenge succeeds, all the other form validations are bypassed. This makes it possible for attackers to submit invalid or incomplete forms. This vulnerability only affects forms that are protected by reCaptcha v3 and have server side validation steps. It is recommended to upgrade to the latest version of reCAPTCHA v3.

  • Vulnerability in Pivotal Concourse (13 May 2020)

    Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse.

  • McAfee Security Bulletin (12 May 2020)

    McAfee has released security bulletin for ePolicy Orchestrator to fix Java vulnerabilities such as Denial of Service and Improper Access Control.

  • Adobe releases security updates for multiple products (12 May 2020)

    Adobe has released security updates to address vulnerabilities affecting Adobe DNG Software Development Kit, Acrobat, and Reader. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Microsoft releases May 2020 security updates (12 May 2020)

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in 3S-Smart Software Solutions GmbH's Equipment (12 May 2020)

    Cross-site Scripting vulnerability has been discovered in 3S-Smart Software Solutions GmbH's Equipment- CODESYS V3 Library Manager. Successful exploitation of this vulnerability may allow malicious content from manipulated libraries to be displayed or executed.

  • Multiple vulnerabilities in Interpeak's Equipment (12 May 2020)

    Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Injection, and Null Pointer Dereference have been discovered in different Equipments- OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River. Successful exploitation of these vulnerabilities could allow remote code execution.

  • Multiple vulnerabilities in OSIsoft's Equipment (12 May 2020)

    Multiple vulnerabilities such as Uncontrolled Search Path Element, Improper Verification of Cryptographic Signature, Incorrect Default Permissions, Uncaught Exception, Null Pointer Dereference, Improper Input Validation, Cross-site Scripting, and Insertion of Sensitive Information into Log File have been discovered in OSIsoft's Equipment- PI System. Successful exploitation of these vulnerabilities could allow an attacker to access unauthorized information, delete or modify local processes, and crash the affected device.

  • Multiple vulnerabilities in Eaton's Equipment (12 May 2020)

    Multiple vulnerabilities such as Improper Input Validation and Incorrect Privilege Assignment have been discovered in Eaton's Equipment- Intelligent Power Manager. Successful exploitation of these vulnerabilities could allow an attacker to perform command injection or code execution and allow non-administrator users to manipulate the system configurations.

  • podman security update (12 May 2020)

    The podman tool manages pods, container images, and containers. Crafted input tar file may lead to local file overwrite during image build process and Use-after-free in GPGME bindings during container image pull. An update for podman is now available for Red Hat Enterprise Linux 7 Extras.

  • TCP/IP Stack vulnerabilities in Siemens Power Meters (12 May 2020)

    Siemens low & high voltage power meters are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. The vulnerability could allow an attacker to execute a variety of exploits for the purpose of Denial-of-Service (DoS), data extraction, RCE, etc. targeting both availability and confidentiality of the devices and data.

  • ClamAV 0.102.3 security patch released (12 May 2020)

    A vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 and PDF-parsing module in ClamAV 0.101 - 0.102.2 that could cause a denial-of-service condition has been fixed. Other issues such as "Attempt to allocate 0 bytes" error when parsing some PDF documents and some minor memory leaks have also been fixed. The libclamunrar has been updated to UnRAR 5.9.2. It is recommended to upgrade ClamAV to 0.102.3.

  • Vulnerability Summary (11 May 2020)

    Summary of vulnerabilities for the week of May 04, 2020.

  • wordpress security update (11 May 2020)

    Multiple vulnerabilities have been discovered in the src wordpress package. An attacker could exploit these vulnerabilities to take control of an affected system. It is recommended to upgrade the wordpress packages.

  • qemu-kvm-ma security update (11 May 2020)

    The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. A heap buffer overflow vulnerability has been discovered during packet reassembly in slirp of QEMU. An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

  • Symantec Endpoint Protection security update (11 May 2020)

    Multiple vulnerabilities such as Out of Bounds, Directory Traversal, and Elevation of Privilege have been discovered in the Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Manager (SEPM). It is recommended to upgrade SEP and SEPM to 14.3.

  • libntlm security update (10 May 2020)

    It has been discovered that libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. It is recommended to upgrade the libntlm packages.

  • Multiple vulnerabilities in VMWare vRealize Operations Manager (08 May 2020)

    Multiple vulnerabilities such as Authentication Bypass and Directory Traversal have been discovered in Salt, an open source project by SaltStack, which have been determined to affect VMware vRealize Operations Manager (vROps). The affected versions are 8.1.0, 8.0.x, and 7.5.0.

  • Vulnerability in mkhomedir tool (07 May 2020)

    A race condition has been discovered in the mkhomedir tool shipped with the oddjob package. This vulnerability allows an attacker to leverage this flaw by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.

  • Multiple vulnerabilities in Wordpress Elementor Pro (07 May 2020)

    Multiple vulnerabilities have been discovered in Wordpress Elementor Pro. These vulnerabilities allows any logged-in user to upload and execute PHP scripts on the blog and a vulnerability in Ultimate Addons for Elementor allows for subscriber registration. It is recommended to upgrade to Elementor Pro 2.9.4.

  • Multiple vulnerabilities in Advantech's Equipment (07 May 2020)

    Multiple vulnerabilities such as Improper Validation of Array Index, Relative Path Traversal, SQL Injection, Stack-based Buffer Overflow, Heap-based Buffer Overflow, and Out-of-bounds Read have been discovered in Advantech's Equipment- WebAccess Node. Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, and compromise system availability.

  • Vulnerability in WSO2 (07 May 2020)

    In WSO2, it has been discovered that the Management Console is vulnerable to a XXE attack when updating an EventPublisher. The XXE attacks can affect any trusted system respective to the machine where the parser is located. This attack may result in disclosing local files, denial of service, server-side request forgery, port scanning and other system impacts on affected systems.

  • Zulip Desktop 5.2.0 security release (06 May 2020)

    A vulnerability has been discovered in Zulip Desktop 0.5.10, a certification validation handler inadvertently disabled all certificate validation whether or not ignoreCerts was enabled, except during initial association with the server. All versions of Zulip Desktop from 0.5.10 through 5.1.0 are affected. It is recommended to upgrade to latest release.

  • Cisco releases security updates for multiple products (06 May 2020)

    Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • keystone security update (06 May 2020)

    A vulnerability has been discovered in the EC2 credentials API of Keystone, the OpenStack identity service: Any user authenticated within a limited scope (trust/oauth/application credential) could create an EC2 credential with an escalated permission, such as obtaining "admin" while the user is on a limited "viewer" role. It is recommended to upgrade the keystone packages.

  • Vulnerability in ManageEngine DataSecurity Plus Application and Xnode Server (05 May 2020)

    ManageEngine DataSecurity Plus application uses default admin credentials to communicate with Dataengine Xnode server. This allows an attacker to bypass authentication for Dataengine Xnode server and execute all operations in the context of admin user.

  • Google releases security updates for Chrome (05 May 2020)

    Google has released Chrome version 81.0.4044.138 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Multiple vulnerabilities in SAE IT-systems' Equipment (05 May 2020)

    Multiple vulnerabilities such as Cross-site Scripting, and Path Traversal have been discovered in SAE IT-systems' Equipment- FW-50 Remote Telemetry Unit (RTU). Successful exploitation of these vulnerabilities may allow an attacker to execute remote code, disclose sensitive information, or cause a denial-of-service condition.

  • Vulnerability in Fazecast's Equipment (05 May 2020)

    Uncontrolled Search Path Element vulnerability has been discovered in Fazecast's Equipment- jSerialComm. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on a targeted system.

  • sqlite security update (05 May 2020)

    SQLite is a C library that implements an SQL database engine.The fts3 of sqlite has an improve shadow table corruption detection. An update for sqlite is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

  • Citrix ShareFile security update (05 May 2020)

    Muliple vulnerabilities have been discovered in customer-managed Citrix ShareFile storage zone controllers. These vulnerabilities, if exploited, would allow an unauthenticated attacker to compromise the storage zones controller potentially giving an attacker the ability to access ShareFile users’ documents and folders.

  • roundcube security update (05 May 2020)

    It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform either a Cross-Site Request Forgery (CSRF) forcing an authenticated user to be logged out, or a Cross-Side Scripting (XSS) leading to execution of arbitrary code. It is recommended to upgrade the roundcube packages.

  • Mozilla releases security update for Thunderbird, Firefox and Firefox ESR (05 May 2020)

    Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in ServiceNow IT Service Management (05 May 2020)

    The ServiceNow product is affected by a Stored Cross-Site Scripting vulnerability on one of the parameters issued by the client when opening a new Incident Request. By exploiting this vulnerability, an attacker can create a malicious Incident Request which can then be sent out to users in the platform via a direct link to the Request.

  • Android Security Bulletin (04 May 2020)

    The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-05-05 or later address all of these issues.

  • Vulnerability Summary (04 May 2020)

    Summary of vulnerabilities for the week of Apr 27, 2020.

  • Zimbra security update (04 May 2020)

    A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring (including the quotes) followed immediately by a DOM event listener such as onmouseover. This is fixed in 9.0.0 Patch 2.

  • Launch import security update (04 May 2020)

    A vulnerability has been discovered in JUnit XML launch import starting from version 3.1.0. The XML parser was not configured properly to prevent XML external entity (XXE) attacks. This allows a user to import a specifically-crafted XML file that uses external entities for extraction of secrets from Report Portal service-api module or server-side request forgery. It is recommended to install the latest releases.

  • openldap security update (02 May 2020)

    A vulnerability was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. LDAP search filters with nested boolean expressions can result in denial of service (slapd daemon crash). It is recommended to upgrade the openldap packages.

  • Vulnerability in SimpliSafe (SS3) (01 May 2020)

    A vulnerability has been discovered in SimpliSafe SS3 which is an incomplete fix to TRA-2020-03. An attacker, with physical access, can add PINs without prior knowledge of the PIN. This allows the attacker to disarm the system.

  • SaltStack patches critical vulnerabilities in Salt (01 May 2020)

    Salt is an open-source remote task and configuration management framework widely used in data centers and cloud servers. SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2. A remote attacker could exploit these vulnerabilities to take control of an affected system.

  • miniupnpc security update (30 Apr 2020)

    It has been discovered that there was an integer signedness error in the miniupnpc UPnP client that could allow remote attackers to cause a denial of service attack. It is recommended to upgrade the miniupnpc packages.

  • vlc security update (30 Apr 2020)

    Multiple security vulnerabilities have been discovered in the microdns plugin of the VLC media player, which could result in denial of service or potentially the execution of arbitrary code via malicious mDNS packets. It is recommended to upgrade the vlc packages.

  • Vulnerability in Apache OFBiz (30 Apr 2020)

    Apache OFBiz is vulnerable to Host header injection by accepting arbitrary hosts. It is recommended to upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583.

  • Cisco releases security updates for IOS XE SD-WAN Software (29 Apr 2020)

    A vulnerability has been discovered in the CLI of Cisco IOS XE SD-WAN Software that could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

  • WordPress releases security update (29 Apr 2020)

    WordPress 5.4 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. It is recommended to upgrade to WordPress 5.4.1.

  • Invalid Pointer Access vulnerability in Huawei OceanStor product (29 Apr 2020)

    An invalid pointer access vulnerability has been discovered in Huawei OceanStor 5310 product. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot.

  • Adobe releases security updates for multiple products (28 Apr 2020)

    Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Resource Management Error vulnerability in a ZTE product (28 Apr 2020)

    ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it results in no response for a long time and there is a memory overflow risk.

  • libtiff security update (28 Apr 2020)

    The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. An integer overflow vulnerability has been discovered in _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c. An update for libtiff is now available for Red Hat Enterprise Linux 8.

  • libmspack security and bug fix update (28 Apr 2020)

    The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. A buffer overflow vulnerability has been discovered in function chmd_read_headers(). An update for libmspack is now available for Red Hat Enterprise Linux 8.

  • glib2 and ibus security and bug fix update (28 Apr 2020)

    GLib provides the core application building blocks for libraries and applications written in C and Intelligent Input Bus (IBus) is an input method framework for multilingual input in Unix-like operating systems. A missing authorization allows local attacker to access the input bus of another user. An update for glib2 and ibus is now available for Red Hat Enterprise Linux 8.

  • wavpack security update (28 Apr 2020)

    WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Multiple vulnerabilities have been discovered in wavpack that could lead to crashing or Denial of Service. An update for wavpack is now available for Red Hat Enterprise Linux 8.

  • irssi security update (28 Apr 2020)

    Irssi is a modular IRC client with Perl scripting. Use after free vulnerability has been discovered in irssi when sending SASL login to server. An update for irssi is now available for Red Hat Enterprise Linux 8.

  • liblouis security and bug fix update (28 Apr 2020)

    Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. Multiple vulnerabilities such as Stack-based buffer overflow and Segmentation fault have been discovered in liblouis. An update for liblouis is now available for Red Hat Enterprise Linux 8.

  • edk2 security, bug fix, and enhancement update (28 Apr 2020)

    EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. Numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib has been discovered in edk2. An update for edk2 is now available for Red Hat Enterprise Linux 8.

  • dnsmasq security, bug fix, and enhancement update (28 Apr 2020)

    The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. A memory leak in the create_helper() function in /src/helper.c has been discovered in dnsmasq. An update for dnsmasq is now available for Red Hat Enterprise Linux 8.

  • Multiple vulnerabilities in LCDS' Equipment (28 Apr 2020)

    Multiple vulnerabilities such as Exposure of Sensitive Information to an Unauthorized Actor, and Improper Input Validation have been discovered in LCDS' Equipment- LAquis SCADA. Successful exploitation of these vulnerabilities could allow unauthorized attackers to view sensitive information and create files in arbitrary locations.

  • VMware releases security updates for ESXi (28 Apr 2020)

    A Stored Cross-Site Scripting (XSS) vulnerability has been discovered in VMware ESXi. A malicious actor with access to modify the system properties of a virtual machine from inside the guest os may be able to inject malicious script which will be executed by a victim's browser when viewing this virtual machine via the ESXi Host Client.

  • Genius Bytes security update (28 Apr 2020)

    A critical vulnerability has been discovered in Genius Server v. 3.2.2. An authenticated function allows the attacker with administrative privileges to execute arbitrary commands. It is recommended to upgrade to Genius Server version 3.2.8.

  • Samba releases security updates (28 Apr 2020)

    Samba has released security updates to address multiple vulnerabilities such as Use-after-free and Denial of Service in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.

  • Vulnerability in re2c (28 Apr 2020)

    re2c is a tool for generating fast C-based recognizers. It has been discovered that re2c could be made to execute arbitrary code if it received a specially crafted file. This vulnerability affects Ubuntu 20.04 LTS releases of Ubuntu and its derivatives.

  • ruby-json security update (28 Apr 2020)

    An unsafe object creation vulnerability has been discovered in ruby-json before 2.3.0. When parsing certain JSON documents, the json gem (including the one bundled with Ruby) can be coerced into creating arbitrary objects in the target system. It is recommended to upgrade the ruby-json packages.

  • Multiple vulnerabilities in Tiny File Manager 2.4.1 (28 Apr 2020)

    Multiple vulnerabilities such as Path Traversal Recursive Directory Listing and Absolute File Backup Copy have been discovered in Tiny File Manager 2.4.1. Both vulnerabilities are exploitable only while authenticated as a non-readonly user, or while authentication is disabled.

  • Vulnerability in Onkyo TX-NR585 (28 Apr 2020)

    A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow.

  • SQL Injection vulnerability in Sophos XG Firewall devices (27 Apr 2020)

    A SQL injection vulnerability was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone.

  • IntelMQ Manager 2.1.1 security bugfix release (27 Apr 2020)

    It has been discovered that the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue to execute arbitrary code with the privileges of the webserver.

  • Juniper releases security updates for Junos OS (27 Apr 2020)

    A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. An attacker can exploit this vulnerability to inject commands into the httpd.log, read files with 'world' readable file permission or obtain J-Web session tokens. Software releases have been updated to resolve this specific issue.

  • Google releases security updates for Chrome (27 Apr 2020)

    Google has released Chrome version 81.0.4044.129 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Vulnerability in FortiMail and FortiVoiceEntreprise (27 Apr 2020)

    An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.

  • CVE - KB Correlation (27 Apr 2020)

    List of CVE ID and corresponding Knowledge Base IDs as released by Microsoft during April 2020.

  • Vulnerability Summary (27 Apr 2020)

    Summary of vulnerabilities for the week of Apr 20, 2020.

  • Vulnerability in Apache Traffic Server (27 Apr 2020)

    It has been discovered that Apache Traffic Server (ATS) is vulnerable to a HTTP/2 slow read attack. The affected versions are ATS 6.0.0 to 6.2.3, ATS 7.0.0 to 7.1.9 and ATS 8.0.0 to 8.0.6.

  • mailman security update (26 Apr 2020)

    It has been discovered that it is possible to create a cross site scripting attack on the webarchives of the Mailman mailing list manager, by sending a special type of attachment. It is recommended to upgrade the mailman packages.

  • php5 security update (26 Apr 2020)

    Multiple vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. It is recommended to upgrade the php5 packages.

  • rzip security update (26 Apr 2020)

    A heap buffer overflow write vulnerability has been discovered in the rzip program (a compression program for large files) when uncompressing maliciously crafted files. It is recommended to upgrade the rzip packages.

  • libgsf security update (25 Apr 2020)

    It has been discovered that there is a null pointer dereference exploit in libgsf, an I/O abstraction library for GNOME. An error within the "tar_directory_for_file()" function could be exploited to trigger a null pointer dereference and subsequently cause a crash via a crafted TAR file.

  • jsch security update (25 Apr 2020)

    It has been discovered that there was a path traversal vulnerability in jsch, a pure Java implementation of the SSH2 protocol. It is recommended to upgrade the jsch packages.

  • ncmpc security update (25 Apr 2020)

    It has been discovered that a NULL pointer dereference could happen in ncmpc, an ncurses-based audio player. This could result in a crash and a denial of service. It is recommended to upgrade the ncmpc packages.

  • eog security update (25 Apr 2020)

    It has been discovered that eog (Eye of GNOME) incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this vulnerability to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code. It is recommended to upgrade the eog packages.

  • Radicale security update (25 Apr 2020)

    Radicale, a simple calendar and addressbook server - daemon, is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. It is recommended to upgrade the radicale packages.

  • python-reportlab security update (25 Apr 2020)

    It was discovered that python-reportlab, a Python library to create PDF documents, is prone to a code injection vulnerability while parsing a color attribute. An attacker can take advantage of this vulnerability to execute arbitrary code if a specially crafted document is processed. It is recommended to upgrade the python-reportlab packages.

  • Multiple vulnerabilities in Hitachi products (24 Apr 2020)

    Multiple vulnerabilities have been discovered in Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer.

  • Vulnerability in QEMU (24 Apr 2020)

    An integer overflow vulnerability has been discovered in QEMU in the way it implemented the ATI VGA emulation. A malicious guest could exploit this vulnerability to crash the QEMU process, resulting in a denial of service.

  • Vulnerability in BIG-IQ Grafana (24 Apr 2020)

    A remote access vulnerability has been discovered that may allow a remote user to run shell commands on affected systems using HTTP requests to the BIG-IQ user interface. A remote attacker may be able to leverage the Grafana component to run local shell commands on the system.

  • Multiple vulnerabilities in HPE UIoT (24 Apr 2020)

    Multiple vulnerabilities have been discovered in HPE UIoT version 1.4.2 and earlier that could allow unauthorized remote access and access to sensitive data. The versions affected are HPE IOT + GCP 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.

  • Multiple vulnerabilities in Sierra Wireless' Equipment (23 Apr 2020)

    Multiple vulnerabilities such as OS Command Injection, Use of Hard-coded Credentials, Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Cross-site Request Forgery, Information Exposure, and Missing Encryption of Sensitive Data have been discovered in Sierra Wireless' Equipment- AirLink ALEOS. Successful exploitation of these vulnerabilities could allow attackers to remotely execute code, discover user credentials, upload files, or discover file paths.

  • Multiple issues in ESI Response processing in Squid (23 Apr 2020)

    Due to incorrect buffer handling Squid is vulnerable to multiple vulnerabilities such as cache poisoning, remote execution, and denial of service attacks when processing ESI responses. The affected versions are Squid 3.x - 3.5.28, Squid 4.x - 4.10 and Squid 5.x - 5.0.1. The vulnerabilities have been fixed in Squid 4.11 and Squid 5.0.2.

  • Multiple issues in HTTP Digest authentication in Squid (23 Apr 2020)

    Due to an integer overflow bug Squid is vulnerable to credential replay and remote code execution attacks against HTTP Digest Authentication tokens. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden.

  • python-twisted-web security update (23 Apr 2020)

    Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. A HTTP request smuggling vulnerability has been discovered in python-twisted when presented with a Content-Length and a chunked Transfer-Encoding header. An update for python-twisted-web is now available for Red Hat Enterprise Linux 7.

  • Multiple vulnerabilities in dependent libraries affect IBM Db2 (23 Apr 2020)

    Multiple vulnerabilities in dependent libraries affect IBM Db2 leading to denial of service or privilege escalation. These vulnerabilities affects the Db2 versions V11.1 and V11.5.

  • Vulnerability in NGINX Controller (23 Apr 2020)

    The communication between NGINX Controller and NGINX Plus instances skip TLS verification by default. This vulnerability enables a man-in-the-middle (MITM) attack that can intercept the communication channel and read/modify data in transit.

  • kernel security update (22 Apr 2020)

    The kernel packages contain the Linux kernel, the core of any Linux operating system. The rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow vulnerability and the offset2lib allows for the stack guard page to be jumped over. An update for kernel is now available for Red Hat Enterprise Linux 6.

  • Apple iOS Zero-day vulnerabilities (22 Apr 2020)

    An Out-of-Bound Write and Heap Overflow vulnerabilities have been discovered in Apple iOS 13.4.1 and previous versions. These vulnerabilities allows remote code execution capabilities and enables an attacker to remotely infect a device by sending emails that consume significant amount of memory.

  • Multiple vulnerabilities in OpenJDK (22 Apr 2020)

    Multiple vulnerabilities have been discovered in OpenJDK. An attacker could exploit these vulnerabilities to take control of an affected system.

  • Vulnerability in GNU binutils (22 Apr 2020)

    Binutils is GNU assembler, linker and binary utilities. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code.

  • Google releases security updates for Chrome (21 Apr 2020)

    Google has released Chrome version 81.0.4044.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • OpenSSL releases security update (21 Apr 2020)

    Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. OpenSSL version 1.1.1g has been released to address the vulnerability affecting versions 1.1.1d, 1.1.1e, and 1.1.1f. An attacker could exploit this vulnerability in a Denial of Service attack.

  • Vulnerability in Inductive Automation's Equipment (21 Apr 2020)

    An Improper Access Control vulnerability has been discovered in Inductive Automation's Equipment- Ignition 8 Gateway. Successful exploitation of this vulnerability could allow an attacker to write endless log statements into the database, which could result in a denial-of-service condition.

  • http-parser security update (21 Apr 2020)

    The http-parser package provides a utility for parsing HTTP messages. HTTP request smuggling using malformed Transfer-Encoding header has been discovered. An update for http-parser is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

  • Multiple vulnerabilities in Python (21 Apr 2020)

    It has been discovered that Python incorrectly stripped certain characters from requests and incorrectly handled certain HTTP requests. A remote attacker could use these vulnerabilities to perform CRLF injection and cause a denial of service respectively.

  • Vulnerability in ipfw (21 Apr 2020)

    The ipfw system facility allows filtering, redirecting, and other operations on IP packets travelling through network interfaces. Incomplete packet data validation may result in accessing out-of-bounds memory or may access memory after it has been freed. Access to out of bounds or freed mbuf data can lead to a kernel panic or other unpredictable results. It is recommended to upgrade the vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot.

  • Vulnerability in SysAid (21 Apr 2020)

    It has been discovered that SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack.

  • Vulnerability in HCL AppScan Enterprise Edition (21 Apr 2020)

    HCL AppScan Enterprise Edition contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

  • Joomla! security update (21 Apr 2020)

    An issue has been discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups. It is recommended to upgrade to version 3.9.17.

  • Vulnerability Summary (20 Apr 2020)

    Summary of vulnerabilities for the week of Apr 13, 2020.

  • Multiple vulnerabilities in Cisco products (20 Apr 2020)

    Multiple vulnerabilities have been discovered in multiple products of Cisco. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • git security update (20 Apr 2020)

    A vulnerability has been discovered in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. It is recommended to upgrade the git packages.

  • OpenShift Container Platform 4.3.13 runc security update (20 Apr 2020)

    The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Volume mount race condition with shared mounts led to information leak and integrity manipulation. An update for runc is now available for Red Hat OpenShift Container Platform 4.3.

  • Vulnerability in re2c (19 Apr 2020)

    re2c is a tool for generating C-based recognizers from regular expressions. There is an heap overflow reproducible with a crafted file. The re2c-1.3 version has been affected by this vulnerability.

  • shiro security update (19 Apr 2020)

    It has been discovered that there was a path-traversal vulnerability in Apache Shiro, a security framework for the Java programming language. A specially-crafted request could cause an authentication bypass. It is recommended to upgrade the shiro packages.

  • Squid Proxy Cache security update (18 Apr 2020)

    Due to incorrect URL handling Squid is vulnerable to access control bypass, cache poisoning and cross-site scripting attacks when processing HTTP Request messages. These vulnerabilities have been fixed in Squid 4.8 version.

  • file-roller security update (18 Apr 2020)

    fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. It is recommended to upgrade the file-roller packages.

  • Information Disclosure vulnerability in FortiSwitch (17 Apr 2020)

    The Bluetooth BR/EDR specification up to and including version 5.1 in FortiSwitch permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

  • Apple releases security update for Xcode (16 Apr 2020)

    Apple has released a security update to address vulnerabilities in Xcode. A crafted git URL that contains a newline in it may cause credential information to be provided for the wrong host. A remote attacker could exploit this vulnerability to take control of an affected system. This update is available for macOS Catalina 10.15.2 and later.

  • webkit2gtk security update (16 Apr 2020)

    A vulnerability has been discovered in the webkit2gtk web engine, a maliciously crafted web content may lead to arbitrary code execution or a denial of service. It is recommended to upgrade the webkit2gtk packages.

  • TigerVNC security update (16 Apr 2020)

    TigerVNC is a suite of Virtual Network Computing servers and clients. Multiple vulnerabilities such as Stack use-after-return, Heap buffer overflow and Stack buffer overflow have been discovered in TigerVNC. An update for tigervnc is now available for Red Hat Enterprise Linux 8.

  • ipmitool security update (16 Apr 2020)

    The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. A Buffer overflow vulnerability in read_fru_area_section function in lib/ipmi_fru.c has been discovered. An update for ipmitool is now available for Red Hat Enterprise Linux 7.5 Extended Update Support.

  • Vulnerability in Apache Heron (16 Apr 2020)

    In versions 0.20.0-incubating and Apache Heron does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in remote code execution vulnerabilities. The versions affected are 0.20.2-incubating, 0.20.1-incubating and v-0.20.0-incubating.

  • kernel-alt security and bug fix update (16 Apr 2020)

    The kernel-alt packages provide the Linux kernel version 4.x. Multiple vulnerabilities such as Heap-based overflow, Heap overflow and Null pointer dereference have been discovered in kernel. An update for kernel-alt is now available for Red Hat Enterprise Linux 7.

  • Vulnerability in Veeam ONE (15 Apr 2020)

    Vulnerabilities in Veeam ONE Agent components residing on Veeam ONE and Veeam Backup & Replication servers allow executing malicious code remotely without authentication. This may lead to gaining control over the target system.

  • Multiple vulnerabilities in Huawei Smartphones (15 Apr 2020)

    Multiple vulnerabilities such as Improper Authentication, Information Disclosure, and Denial of Service have been discovered in some Huawei smartphones. Successful exploitation of these vulnerabilities may cause information disclosure, and abnormal service in specific scenario.

  • Multiple vulnerabilities in IBM HTTP Server (15 Apr 2020)

    Multiple vulnerabilities have been discovered in the IBM HTTP Server used by WebSphere Application Server. Apache HTTP Server could allow a remote attacker to conduct phishing attacks, and execute arbitrary code on the system. An attacker could exploit these vulnerabilities to redirect a victim to arbitrary websites and execute arbitrary code or cause a denial of service condition on the system respectively.

  • Multiple vulnerabilities in the Autodesk FBX Software Development Kit (15 Apr 2020)

    Applications and Services that utilize the FBX-SDK Ver. 2020.0 or earlier can be impacted by buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference, and heap overflow vulnerabilities.

  • Google releases security updates (15 Apr 2020)

    Google has released Chrome version 81.0.4044.113 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

  • Multiple vulnerabilities in Cisco products (15 Apr 2020)

    Multiple vulnerabilities have been discovered in multiple products of Cisco. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Multiple security updates in Citrix Hypervisor (14 Apr 2020)

    Multiple vulnerabilities have been identified within Citrix Hypervisor, which could, if exploited, allow privileged code in a PV guest VM to read a single uninitialized 4kB page of memory (that may contain data left by a previous VM) and also allow privileged code in a guest VM to cause the host to crash. These vulnerabilities affect all currently supported versions of Citrix Hypervisor up to and including Citrix Hypervisor 8.1. Updates have been released to address these issues.

  • Red Hat CodeReady Workspaces 2.1.0 release (14 Apr 2020)

    Red Hat CodeReady Workspaces 2.1.0 provides a cloud developer-workspace server and a browser-based IDE built for teams and organizations. JWT proxy bypass allows access to workspace pods of other users. Red Hat CodeReady Workspaces 2.1.0 has been released.

  • elfutils security update (14 Apr 2020)

    The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. Double-free due to double decompression of sections in crafted ELF causes crash. An update for elfutils is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

  • NTP security update (14 Apr 2020)

    The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. Stack-based buffer overflow vulnerability in ntpq and ntpdc allows denial of service or code execution. An update for NTP is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

  • Multiple vulnerabilities in ClearPass Policy Manager (14 Apr 2020)

    Multiple vulnerabilities such as Authentication Bypass, Authenticated Remote Code Execution, Authenticated Stored Cross Site Scripting and Information Disclosure have been discovered in ClearPass Policy Manager. Successful exploitation of these vulnerabilities could lead to database changes, remote code execution, privilege escalation attack and compromise of some of ClearPass' service accounts respectively.

  • Oracle releases April 2020 security bulletin (14 Apr 2020)

    Oracle has released its Critical Patch Update for April 2020 to address vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • McAfee security bulletin (14 Apr 2020)

    McAfee has released security bulletin for the endpoint security of Windows.

  • Vulnerability in SilverStripe (14 Apr 2020)

    It has been discovered that files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This is a security issue because the default "/Uploads" folder is publicly accessible by default, which means unauthorised parties may access the uploaded files via HTTP by guessing the file name.

  • Multiple vulnerabilities in CA API Developer Portal (14 Apr 2020)

    Multiple vulnerabilities have been discovered in CA API Developer Portal of CA Technologies. These vulnerabilities can allow attackers to bypass access controls, view or modify sensitive information, perform open redirect attacks, or elevate privileges.

  • git security update (14 Apr 2020)

    A vulnerability has been discovered in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline, the credential helper machinery can be fooled to return credential information for a wrong host. It is recommended to upgrade the git packages.

  • graphicsmagick security update (14 Apr 2020)

    A vulnerability has been discovered in graphicsmagick, a collection of image processing tools, that results in a heap overflow in 32-bit applications because of a signed overflow on range check in the HuffmanDecodeImage function. It is recommended to upgrade the graphicsmagick packages.

  • Vulnerability in One Plus 7 Pro Android Phone (14 Apr 2020)

    An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user (root) in the Rich Execution Environment (REE) to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The issue is that the Trusted Application (TA) supports an extended number of commands beyond what is needed to implement a fingerprint authentication system compatible with Android.

  • Adobe releases security updates for multiple products (14 Apr 2020)

    Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Microsoft releases April 2020 security updates (14 Apr 2020)

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Intel releases security updates (14 Apr 2020)

    Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • VMware releases security updates for vRealize Log Insight (14 Apr 2020)

    Cross Site Scripting (XSS) and Open Redirect vulnerabilities in vRealize Log Insight were discovered. Successful exploitation of this issue may result in a compromise of the victim's workstation.

  • Multiple vulnerabilities in Eaton's Equipment (14 Apr 2020)

    Multiple vulnerabilities such as Stack-based Buffer Overflow and Out-of-bounds Read were discovered in Eaton's Equipment- HMiSoft VU3 (HMIVU3 runtime not impacted). Successful exploitation of these vulnerabilities could crash the device being accessed and may allow remote code execution or information disclosure.

  • Vulnerability in Triangle MicroWorks' DNP3 Outstation Libraries Equipment (14 Apr 2020)

    Stacked-based Buffer Overflow vulnerability has been discovered in Triangle MicroWorks' Equipment- DNP3 Outstation Libraries. Successful exploitation of this vulnerability could possibly allow remote attackers to stop the execution of code on affected equipment.

  • Multiple vulnerabilities in Triangle MicroWorks' SCADA Data Gateway Equipment (14 Apr 2020)

    Multiple vulnerabilities such as Stacked-based Buffer Overflow, Out-of-Bounds Read, and Type Confusion have been discovered in Triangle MicroWorks' Equipment- SCADA Data Gateway. These vulnerabilities allow remote attackers to execute arbitrary code and disclose on affected installations of Triangle Microworks SCADA Data Gateway with DNP3 Outstation channels.

  • Multiple vulnerabilities in Siemens' Equipment (14 Apr 2020)

    Multiple vulnerabilities have been discovered in multiple products of Siemens. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in Wowza Streaming Engine (14 Apr 2020)

    A remote authenticated authorization bypass vulnerability has been discovered in Wowza Streaming Engine 4.7.8 (build 20191105123929) that allows any read-only user to issue requests to the administration panel in order to change functionality of the application.

  • Vulnerability in IBM QRadar SIEM (14 Apr 2020)

    IBM QRadar SIEM is vulnerable to improper input validation, allowing an authenticated attacker to perform unauthorized actions.

  • Vulnerability Summary (13 Apr 2020)

    Summary of vulnerabilities for the week of Apr 06, 2020.

  • Alert on Magento 1 End-Of-Life (13 Apr 2020)

    From 30 June 2020, Magento will no longer provide software and security updates for Magento 1 e-commerce platform. Affected software include all versions of Magento Commerce 1 and Magento Open Source 1. Websites running on Magento 1 e-commerce platform will continue to function even after the support ends.

  • Open Liberty 20.0.0.4 Runtime security update (13 Apr 2020)

    Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. WebSphere Application Server Liberty is vulnerable to Cross-site Scripting. Open Liberty 20.0.0.4 Runtime is now available and serves as a replacement for Open Liberty 20.0.0.3.

  • Multiple vulnerabilities in Grandstream GXP1625 (13 Apr 2020)

    Multiple vulnerabilities have been discovered in Grandstream GXP1625 that allow an authenticated remote attacker to gain root access.

  • Mozilla releases security updates for Thunderbird (09 Apr 2020)

    Mozilla has released security updates to address vulnerabilities in Thunderbird 68.7.0. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in libssh (09 Apr 2020)

    It has been discovered that libssh incorrectly handled AES-CTR ciphers. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service.

  • VMware releases security update (09 Apr 2020)

    A sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) was discovered. A malicious actor with network access to an affected vmdir deployment may be able to extract highly sensitive information which could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication.

  • Vulnerability in VMware Tanzu Application Service (09 Apr 2020)

    VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.

  • Vulnerability in Rockwell Automation's Equipment (09 Apr 2020)

    Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in Rockwell Automation's Equipment- RSLinx Classic. Successful exploitation of this vulnerability could allow a local authenticated attacker to execute malicious code when opening RSLinx Classic.

  • Vulnerability in IBM WebSphere Application Server (09 Apr 2020)

    IBM WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector.

  • Privilege escalation vulnerability in Juniper Networks (08 Apr 2020)

    A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, ACX Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. This issue affects Junos OS 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4.

  • Information disclosure vulnerabilities in Juniper Networks (08 Apr 2020)

    Multiple information disclosure vulnerabilities in Juniper Networks Junos OS Evolved allow a local, authenticated user with shell access the ability to view sensitive configuration information, such as the hashed values of login passwords and shared secrets. This issue affects Junos OS Evolved.

  • Vulnerability in IBM WebSphere Application Server- Liberty (08 Apr 2020)

    IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • Vulnerability in Junos OS and Junos OS Evolved (08 Apr 2020)

    Receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. This issue affects Junos OS Evolved and Junos OS 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4, 19.1, 19.2.

  • Vulnerability in PAN-OS (08 Apr 2020)

    A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges.

  • Vulnerability in Palo Alto Networks Traps (08 Apr 2020)

    An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows.

  • Vulnerability in JATP Series (08 Apr 2020)

    Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation allows an attacker to perform brute-force password attacks on the SSH service.

  • Vulnerability in Huawei Products (08 Apr 2020)

    There is an insufficient integrity validation vulnerability in several Huawei products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploitation could allow the attacker to load a crafted file to the device through USB.

  • Vulnerability in Drupal Spamicide Module (08 Apr 2020)

    The Spamicide module protects Drupal forms with a form field that is hidden from normal users, but visible to spam bots. The module doesn't require appropriate permissions for administrative pages leading to an Access Bypass.

  • OpenShift Container Platform 4.3.10 openshift-enterprise-hyperkube-container security update (08 Apr 2020)

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Crafted requests to kubelet API allowed for memory exhaustion. An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 4.3.

  • Vulnerability in libiberty (08 Apr 2020)

    It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code.

  • Mozilla releases security updates for Firefox, Firefox ESR (07 Apr 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Google releases security updates (07 Apr 2020)

    Google has released Chrome version 81.0.4044.92 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Vulnerability in HMS Networks' Equipment (07 Apr 2020)

    A Cross-site Scripting vulnerability has been discovered in HMS Networks' Equipment- eWON Flexy and Cosy. Successful exploitation of this vulnerability could initiate a password change.

  • Vulnerability in Fuji Electric's Equipment (07 Apr 2020)

    A Heap-based Buffer Overflow vulnerability has been discovered in Fuji Electric's Equipment- V-Server Lite. Successful exploitation of this vulnerability could allow a remote attacker to gain elevated privileges for remote code execution.

  • Vulnerability in KUKA's Equipment (07 Apr 2020)

    An Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability has been discovered in KUKA's Equipment- Sim Pro. Successful exploitation of this vulnerability could result in a loss of integrity in external 3D models fetched from remote servers. When tested on real machines, this effect is unpredictable.

  • Multiple vulnerabilities in Synergy Systems & Solutions' Equipment (07 Apr 2020)

    Multiple vulnerabilities such as Improper Authentication, Improper Input Validation, Missing Authentication for Critical Function, Improper Check for Unusual or Exceptional Conditions, Exposure of Sensitive Information to an Unauthorized Actor, and Incorrect Default Permissions have been discovered in Synergy Systems & Solutions' Equipment- HUSKY RTU. Successful exploitation of these vulnerabilities could allow an attacker to read sensitive information, execute arbitrary code, or cause a denial-of-service condition.

  • Vulnerability in GE Digital's Equipment (07 Apr 2020)

    An Improper Privilege Management vulnerability has been discovered in GE Digital's Equipment- CIMPLICITY. Successful exploitation of this vulnerability could allow an adversary to modify the systemwide CIMPLICITY configuration, leading to the arbitrary execution of code.

  • Multiple vulnerabilities in Advantech's Equipment (07 Apr 2020)

    Multiple vulnerabilities such as Unrestricted Upload of File with Dangerous Type, SQL Injection, Relative Path Traversal, Missing Authentication for Critical Function, Improper Restriction of XML External Entity Reference, and OS Command Injection have been discovered in Advantech's Equipment- WebAccess/NMS. Successful exploitation of these vulnerabilities may allow an attacker to gain remote code execution, upload files, delete files, cause a denial-of-service condition, and create an admin account for the application.

  • krb5-appl security update (07 Apr 2020)

    The krb5-appl packages contain Kerberos-aware versions of telnet, ftp, rsh, and rlogin clients and servers. No bounds checks in nextitem() function allows to remotely execute arbitrary code. An update for krb5-appl is now available for Red Hat Enterprise Linux 6.

  • nss-softokn security update (07 Apr 2020)

    The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. An Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate and Key Extraction Side Channel in multiple crypto libraries vulnerabilities have been discovered in nss and ROHNP respectively. An update for nss-softokn is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

  • telnet security update (07 Apr 2020)

    Telnet is a popular protocol for logging in to remote systems over the Internet. No bounds checks in nextitem() function allows to remotely execute arbitrary code. An update for telnet is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.

  • Hard-Coded Administrator Password discovered in OpsRamp Gateway (07 Apr 2020)

    A Hard-Coded Administrator Password vulnerability was discovered in OpsRamp Gateway. The OpsRamp Gateway has an administrative account named vadmin that allows root SSH access to the server.

  • Vulnerability in Periscope BuySpeed (06 Apr 2020)

    Periscope BuySpeed is a tool to automate the full procure-to-pay process efficiently and intelligently. Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which may allow a local, authenticated attacker to execute arbitrary JavaScript.

  • Vulnerability Summary (06 Apr 2020)

    Summary of vulnerabilities for the week of Mar 30, 2020.

  • Android security bulletin (06 Apr 2020)

    The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-04-05 or later address all of these issues.

  • Vulnerability in FortiADC (06 Apr 2020)

    An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system. The FortiADC version 5.3.4 and below are affected by this vulnerability. It is recommended to upgrade to FortiADC version 5.3.5 or above.

  • OpenStack-Manila security update (06 Apr 2020)

    OpenStack Shared Filesystem Service (Manila) provides services to manage network filesystems for use by Virtual Machine instances. An user with share-network UUID is able to show, create and delete shares. An update for openstack-manila is now available for Red Hat OpenStack Platform 15 (Stein).

  • python-XStatic-jQuery security update (06 Apr 2020)

    python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools. A prototype pollution in object's prototype leads to denial of service or remote code execution or property injection vulnerability. An update for python-XStatic-jQuery is now available for Red Hat OpenStack Platform 15 (Stein).

  • Symantec security update (06 Apr 2020)

    Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

  • libmtp security update (05 Apr 2020)

    libmtp is a library for communicating with MTP aware devices. An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file and in the ptp-pack.c (ptp_unpack_OPL function) allows attackers to cause a denial of service (out-of-bounds memory access) or remote code execution by inserting a mobile device into a personal computer through a USB cable. It is recommended to upgrade the libmtp packages.

  • gnutls28 security update (04 Apr 2020)

    A vulnerability was discovered in the DTLS protocol implementation in GnuTLS, a library implementing the TLS and SSL protocols. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol. It is recommended to upgrade the gnutls28 packages.

  • Vulnerability in DotNetNuke (04 Apr 2020)

    Information disclosure vulnerability has been discovered in DotNetNuke CMS (DNN) v.9.5 within the built in Message Center Module. A registered user is able to enumerate any file in the Admin File Manager that is not contained in a secure folder by sending themselves a message with the file attached.

  • Mozilla patches critical vulnerabilities in Firefox, Firefox ESR (03 Apr 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system.

  • UNC path injection vulnerability in Zoom (03 Apr 2020)

    UNC path injection vulnerability has been discovered in Zoom’s video conferencing software for Windows that could let hackers steal Windows passwords and execute arbitrary commands on their devices.

  • mediawiki security update (02 Apr 2020)

    It was discovered that some user-generated CSS selectors in MediaWiki, a website engine for collaborative work, were not escaped. It is recommended to upgrade the mediawiki packages.

  • Multiple vulnerabilities in B&R Automation's Equipment (02 Apr 2020)

    Multiple vulnerabilities such as Improper Privilege Management, Missing Required Cryptographic Step, and Path Traversal have been discovered in B&R Automation's Equipment- Automation Studio. Successful exploitation of these vulnerabilities could allow an attacker to delete arbitrary files from this system, fetch arbitrary files, or perform arbitrary write operations.

  • qbittorrent security update (02 Apr 2020)

    It has been discovered that qbittorrent, a bittorrent client with a Qt5 GUI user interface, allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, which could result in remote command execution via a crafted name within an RSS feed if qbittorrent is configured to run an external program on torrent completion. It is recommended to upgrade the qbittorrent packages.

  • nodejs:12 security update (02 Apr 2020)

    Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. An Integer overflow vulnerability in UnicodeString::doAppend() has been discovered in nodejs:12. An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.

  • HAProxy security update (02 Apr 2020)

    A critical vulnerability has been discovered in HAProxy’s HTTP/2 HPACK decoder that can be exploited to cause an out-of-bound memory write potentially leading to corruption of data, a crash, or code execution.

  • Multiple vulnerabilities in DrayTek (01 Apr 2020)

    Multiple vulnerabilities have been discovered in DrayTek devices which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could result in an attacker executing arbitrary code on the affected system.

  • Vulnerability in Huawei products (01 Apr 2020)

    A buffer overflow vulnerability has been discovered in some Huawei products. This vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal.

  • Google releases security updates for Chrome (31 Mar 2020)

    Google has released Chrome version 80.0.3987.162 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • unzip security update (31 Mar 2020)

    The unzip utility is used to list, test, and extract files from zip archives. An overlapping of files in ZIP container leads to denial of service. An update for unzip is now available for Red Hat Enterprise Linux 7.

  • Avahi security update (31 Mar 2020)

    Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It has been discovered that a multicast DNS responds to unicast queries outside of local network. An update for avahi is now available for Red Hat Enterprise Linux 7.

  • TagLib security update (31 Mar 2020)

    TagLib is a library for reading and editing the meta-data of different audio formats. It has been discovered that a heap-based buffer over-read via a crafted audio file. An update for taglib is now available for Red Hat Enterprise Linux 7.

  • polkit security and bug fix update (31 Mar 2020)

    The polkit packages provide a component for controlling system-wide privileges. An Improper authorization vulnerability in polkit_backend_interactive_authority_check_authorization function in polkitd has been discovered. An update for polkit is now available for Red Hat Enterprise Linux 7.

  • Vulnerability in Schneider Electric's Equipment (31 Mar 2020)

    Improper Check for Unusual or Exceptional Conditions vulnerability has been discovered in Schneider Electric's Equipment- Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium. Successful exploitation of this vulnerability could result in a denial-of-service condition.

  • Vulnerability in Mitsubishi Electric's Equipment (31 Mar 2020)

    Uncontrolled Resource Consumption vulnerability has been discovered in Mitsubishi Electric's Equipment- MELSEC. Successful exploitation of this vulnerability may render the device unresponsive.

  • Vulnerability in Hirschmann Automation and Control GmbH's Equipment (31 Mar 2020)

    Classic Buffer Overflow vulnerability has been discovered in Hirschmann Automation and Control GmbH's Equipment- HiOS and HiSecOS. Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to overflow a buffer and fully compromise the device.

  • Vulnerability in Becton, Dickinson and Company's Equipment (31 Mar 2020)

    Protection Mechanism Failure vulnerability has been discovered in Becton, Dickinson and Company's Equipment- Pyxis MedStation and Pyxis Anesthesia (PAS) ES System. The affected BD medical devices utilize a method of software application implementation called “kiosk mode.” This kiosk mode is vulnerable to local breakouts, which could allow an attacker with physical access to bypass kiosk mode and view and/or modify sensitive data.

  • CUPS security and bug fix update (31 Mar 2020)

    The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Multiple vulnerabilities such as Local privilege escalation, Manipulation of cupsd.conf and Predictable session cookie have been discovered in CUPS. An update for CUPS is now available for Red Hat Enterprise Linux 7.

  • Wireshark security and bug fix update (31 Mar 2020)

    The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Multiple vulnerabilities have been discovered in wireshark. An update for wireshark is now available for Red Hat Enterprise Linux 7.

  • LFTP security update (31 Mar 2020)

    LFTP is a file transfer utility for File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), Hypertext Transfer Protocol (HTTP), and other commonly used protocols. A particular remote file names may lead to current working directory erased. An update for LFTP is now available for Red Hat Enterprise Linux 7.

  • AdvanceCOMP security update (31 Mar 2020)

    AdvanceCOMP is a set of recompression utilities for .PNG, .MNG and .ZIP files. An integer overflow vulnerability in png_compress in pngex.cc has been discovered in AdvanceCOMP. An update for advancecomp is now available for Red Hat Enterprise Linux 7.

  • texlive security update (31 Mar 2020)

    The texlive packages contain TeXLive, an implementation of TeX for Linux or UNIX systems. A Buffer overflow vulnerability in t1_check_unusual_charstring function in writet1.c has been discovered in texlive. An update for texlive is now available for Red Hat Enterprise Linux 7.

  • GNOME security, bug fix and enhancement update (31 Mar 2020)

    GNOME is the default desktop environment of Red Hat Enterprise Linux. A partial lock screen bypass vulnerability has been discovered in GNOME. An update for GNOME is now available for Red Hat Enterprise Linux 7.

  • Expat security update (31 Mar 2020)

    Expat is a C library for parsing XML documents. An Integer overflow vulnerability leading to buffer overflow in XML_GetBuffer() has been discovered in Expat. An update for Expat is now available for Red Hat Enterprise Linux 7.

  • rsyslog security, bug fix and enhancement update (31 Mar 2020)

    The rsyslog packages provide an enhanced, multi-threaded syslog daemon. A heap-based overflow vulnerability has been discovered in rsyslog. An update for rsyslog is now available for Red Hat Enterprise Linux 7.

  • Zeus Sphinx banking trojan arises amid COVID-19 (30 Mar 2020)

    Sphinx (a.k.a. Zloader or Terdot) is a modular malware based on the leaked source code of the infamous Zeus banking trojan and began resurfacing in December 2019. There has been significant increase in volume in March, as Sphinx’s operators looked to take advantage of the interest and news around government relief payments. Sphinx is joining the growing fray of COVID-19-themed phishing and malspam campaigns ramping up worldwide. In the latest campaigns, Sphinx is spreading via coronavirus-themed email sent to victims. Sphinx’s core capability is to harvest online account credentials for online banking sites. When infected users land on a targeted online banking portal, Sphinx dynamically fetches web injections from its command-and-control (C2) server to modify the page that the user sees, so that the information that the user enters into the log-in fields is sent to the cybercriminals.

  • Vulnerability Summary (30 Mar 2020)

    Summary of vulnerabilities for the week of Mar 23, 2020.

  • Vulnerability in Linux Kernel (30 Mar 2020)

    It has been discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information (kernel memory) or gain administrative privileges.

  • Vulnerability in Timeshift (30 Mar 2020)

    It has been discovered that Timeshift did not securely create temporary files. An attacker could exploit a race condition in Timeshift and potentially execute arbitrary commands as root.

  • Multiple vulnerabilities in WebKitGTK+ (30 Mar 2020)

    WebKit2GTK is a web content engine library for GTK+. Multiple vulnerabilities have been discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

  • Vulnerability in Versiant LYNX Customer Service Portal (30 Mar 2020)

    The Versiant LYNX Customer Service Portal version 3.5.2 is vulnerable to stored cross-site scripting, which may allow a local, authenticated attacker to execute arbitrary JavaScript.

  • Vulnerability in OTRS (27 Mar 2020)

    A vulnerability has been discovered in OTRS, an authenticated user can guess other session IDs based on its own. It is also possible to guess a password reset token or generate an automated password. This issue affects ((OTRS)) Community Edition 5.0.x, 6.0.x and OTRS 7.0.x. It is recommended to upgrade to OTRS 7.0.16, ((OTRS)) Community Edition 6.0.27, 5.0.42.

  • BlueZ security update (26 Mar 2020)

    It was discovered that the BlueZ's HID and HOGP profile implementations don't specifically require bonding between the device and the host. Malicious devices can take advantage of this flaw to connect to a target host and impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source. It is recommended to upgrade the bluez packages.

  • PostgreSQL security update (26 Mar 2020)

    PostgreSQL is an advanced object-relational database management system (DBMS). Multiple vulnerabilities such as stack-based buffer overflow and missing authorization checks have been discovered in rh-postgresql10-postgresql. An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.

  • ipmitool security update (26 Mar 2020)

    The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. A Buffer overflow vulnerability in read_fru_area_section function in lib/ipmi_fru.c has been discovered. An update for ipmitool is now available for Red Hat Enterprise Linux 7.

  • Vulnerability in Advantech's Equipment (26 Mar 2020)

    Stack-based Buffer Overflow vulnerability has been discovered in Advantech's Equipment- WebAccess. Successful exploitation of this vulnerability may allow remote code execution.

  • GitLab security release (26 Mar 2020)

    Versions 12.9.1, 12.8.8, and 12.7.8 for GitLab Community Edition (CE) and Enterprise Edition (EE) have been released. These versions contain important security fixes, and it is strongly recommended that all GitLab installations be upgraded to one of these versions immediately.

  • OpenShift Container Platform 3.11 jenkins-2-plugins security update (26 Mar 2020)

    Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Deserialization in snakeyaml YAML() objects can allow remote code execution. An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11.

  • Vulnerability in SVG Image module for Drupal 8.x (25 Mar 2020)

    SVG Image module allows to upload SVG files. The module did not sufficiently protect against malicious code inside SVG files leading to a cross site scripting vulnerability.

  • ICU security update (25 Mar 2020)

    An integer overflow vulnerability has been discovered in the International Components for Unicode (ICU) library which could result in denial of service and potentially the execution of arbitrary code. It is recommended to upgrade the icu packages.

  • Multiple vulnerabilities in Micro Focus Service Management Automation (25 Mar 2020)

    Multiple vulnerabilities in SMA were discovered by the Micro Focus Service Management Automation (SMA) R&D Team. These vulnerabilities allow improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.

  • Improper authentication vulnerability in some Huawei Smartphones (25 Mar 2020)

    An improper authentication vulnerability has been discovered in some Huawei smartphones. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploitation could allow the attacker to bypass the authentication to perform unauthorized operations.

  • Serendipity releases security update (25 Mar 2020)

    Serendipity has released Serendipity 2.3.4, fixing a security flaw that was present on Windows installations only and exploitable only for users with upload rights on the Media library.

  • Vulnerability in Micro Focus Vibe (25 Mar 2020)

    A stored XSS vulnerability was discovered in Micro Focus Vibe prior to 4.0.7 which allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser.

  • McAfee security bulletin (24 Mar 2020)

    DLL Side Loading vulnerability has been discovered in the installer for McAfee Application and Change Control (MACC) prior to 8.3, this allows local users to execute arbitrary code via execution from a compromised folder. It is recommended to install or update to McAfee Application and Change Control (MACC) 8.3 or 8.2.6.

  • Vulnerability in IBus (24 Mar 2020)

    It was discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.

  • Multiple vulnerabilities in Schneider Electric's Equipment (24 Mar 2020)

    Multiple vulnerabilities such as Path Traversal and Missing Authentication for Critical Function have been discovered in Schneider Electric's Equipment- IGSS (Interactive Graphical SCADA System). Successful exploitation of these vulnerabilities could result in unauthorized access to sensitive data and functions.

  • Multiple vulnerabilities in VISAM's Equipment (24 Mar 2020)

    Multiple vulnerabilities such as Relative Path Traversal, Incorrect Default Permissions, Inadequate Encryption Strength, Insecure Storage of Sensitive Information, and Stack-based Buffer Overflow have been discovered in VISAM's Equipment- VBASE. Successful exploitation of these vulnerabilities could allow an attacker to read the contents of unexpected files, escalate privileges to system level, execute arbitrary code on the targeted system, bypass security mechanisms, and discover the cryptographic key for the web login.

  • Adobe releases security update (24 Mar 2020)

    Adobe has released a security update for the Adobe Creative Cloud Desktop Application for Windows. Successful exploitation could lead to arbitrary file deletion.

  • Apple releases security updates (24 Mar 2020)

    Apple has released security updates to address multiple vulnerabilities affecting various Apple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • systemd-journald vulnerability (24 Mar 2020)

    A memory leak has been discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.

  • Vulnerability in Keijiban Tsumik (24 Mar 2020)

    Keijiban Tsumiki provided by Mash room is a CGI to provide Bulletin Board System (BBS) functions. An OS command injection vulnerability has been discovered in Keijiban Tsumiki.

  • CVE - KB Correlation (24 Mar 2020)

    List of CVE ID and corresponding Knowledge Base ID’s as released by Microsoft during March 2020.

  • Multiple vulnerabilities in Vim (23 Mar 2020)

    It has been discovered that Vim incorrectly handled certain sources, files and inputs. An attacker could possibly use these vulnerabilities to cause a denial of service or execute arbitrary code.

  • runc security update (23 Mar 2020)

    The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. A volume mount race condition with shared mounts leads to information leak/integrity manipulation. An update for runc is now available for Red Hat Enterprise Linux 7 Extras.

  • tomcat6 security update (23 Mar 2020)

    Apache Tomcat AJP File Read/Inclusion vulnerability has been discovered. An update for tomcat6 is now available for Red Hat Enterprise Linux 6.

  • RCE vulnerabilities affecting Microsoft Windows and Windows Server (23 Mar 2020)

    Remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. A remote attacker can exploit these vulnerabilities to take control of an affected system.

  • Vulnerability Summary (23 Mar 2020)

    Summary of vulnerabilities for the week of Mar 16, 2020.

  • devtoolset-8-gcc security update (23 Mar 2020)

    The devtoolset-8-gcc packages provide the Red Hat Developer Toolset version of GNU Compiler Collection (GCC), as well as related libraries. The POWER9 "DARN" RNG intrinsic produces repeated output. An update for devtoolset-8-gcc is now available for Red Hat Developer Toolset 8 for Red Hat Enterprise Linux.

  • Tor security update (20 Mar 2020)

    A denial of service vulnerability (by triggering high CPU consumption) has been discovered in Tor, a connection-based low-latency anonymous communication system. For the stable distribution (buster), this problem has been fixed in version 0.3.5.10-1.

  • Machine-In-The-Middle vulnerability in lix (20 Mar 2020)

    All versions of lix are vulnerable to Machine-In-The-Middle. The package accepts downloads with http and follows location header redirects for package downloads. This allows for an attacker in a privileged network position to intercept a lix package installation and redirect the download to a malicious source.

  • Vulnerability in phpMyAdmin (20 Mar 2020)

    An SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results. The attack requires an attacker be able to insert specially-crafted data in to certain database tables, which when retrieved can trigger the XSS attack.

  • rails security update (20 Mar 2020)

    In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. It is recommended to upgrade the rails packages.

  • Unsafe Object Creation vulnerability in JSON (19 Mar 2020)

    An unsafe object creation vulnerability has been discovered in the json gem bundled with Ruby. When parsing certain JSON documents, the json gem (including the one bundled with Ruby) can be coerced into creating arbitrary objects in the target system.

  • Multiple vulnerabilities in Twisted (19 Mar 2020)

    It was discovered that Twisted incorrectly validated URLs or HTTP methods, incorrectly verified XMPP TLS certificates, incorrectly handled HTTP/2 connections and incorrectly handled certain content-length headers. A remote attacker could use these issues to perform header injection attacks, obtain sensitive information, lead to denial of service and perform HTTP request splitting attacks respectively.

  • Kernel memory disclosure with nested jails (19 Mar 2020)

    A missing NUL-termination check for the jail_set(2) configuration option "osrelease" may return more bytes when reading the jail configuration back with jail_get(2) than were originally set. For jails with a non-default setting of children.max > 0 ("nested jails") a superuser inside a jail can create a jail and may be able to read and take advantage of exposed kernel memory.

  • zsh security update (19 Mar 2020)

    The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. An insecure dropping of privileges when unsetting PRIVILEGED option vulnerability has been discovered in zsh. An update for zsh is now available for Red Hat Enterprise Linux 8.

  • Vulnerability in Systech Corporation's Equipment (19 Mar 2020)

    Cross-site Scripting vulnerability has been discovered in Systech Corporation's Equipment- NDS-5000 Terminal Server. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution.

  • Vulnerability in Insulet's Equipment (19 Mar 2020)

    Improper Access Control vulnerability has been discovered in Insulet's Equipment- Omnipod Insulin Management System. Successful exploitation of this vulnerability may allow an attacker to gain access to the affected products to intercept, modify, or interfere with the wireless RF (radio frequency) communications to or from the product. This may allow attackers to read sensitive data, change pump settings, or control insulin delivery.

  • Google releases security updates for Chrome (18 Mar 2020)

    Google has released Chrome version 80.0.3987.149 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Cisco releases security updates for SD-WAN Solution Software (18 Mar 2020)

    Cisco has released security updates to address multiple vulnerabilities in SD-WAN Solution software. An attacker could exploit these vulnerabilities to take control of an affected system.

  • Drupal releases security updates (18 Mar 2020)

    Drupal has released security updates to address vulnerabilities affecting Drupal 8.7.x and 8.8.x. An attacker could exploit these vulnerabilities to take control of an affected system.

  • APT36 Taps Coronavirus as ‘Golden Opportunity’ to Spread Crimson RAT (17 Mar 2020)

    A Pakistani-linked threat actor, APT36, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. The functionalities of the Crimson RAT include stealing credentials from victims’ browsers, capturing screenshots, collecting anti-virus software information, and listing the running processes, drives and directories from victim machines. The use of such data exfiltration capabilities are common for APT36 (also known as Transparent Tribe, ProjectM, Mythic Leopard, and TEMP.Lapis), active since 2016.

  • Multiple vulnerabilities in Delta Electronics' Equipment (17 Mar 2020)

    Multiple vulnerabilities such as Stack-based Buffer Overflow and Out-of-bounds Read have been discovered in Delta Electronics' Equipment- Delta Industrial Automation CNCSoft ScreenEditor. Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or crash the application.

  • Adobe releases security bulletin (17 Mar 2020)

    Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • Vulnerability in CMS Made Simple (16 Mar 2020)

    Remote Code Execution (RCE) vulnerability has been discovered in CMS Made Simple 2.2.13, it is vulnerable using crafted JPG extension files through the Filemanager.

  • Vulnerability Summary (16 Mar 2020)

    Summary of vulnerabilities for the week of Mar 09, 2020.

  • Multiple vulnerabilities in Trend Micro Worry-Free Business Security (16 Mar 2020)

    Multiple vulnerabilities have been discovered in Trend Micro Worry-Free Business Security. An attacker could exploit these vulnerabilities to take control of an affected system.

  • slirp security update (13 Mar 2020)

    It was discovered that there was a buffer overflow vulnerability in slirp, a SLIP/PPP emulator for using a dial up shell account. This was caused by the incorrect usage of return values from snprintf(3). It is recommended to upgrade the slirp packages.

  • Vulnerability in VMware (12 Mar 2020)

    VMware Workstation and Fusion contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.

  • Vulnerability in Microsoft Server Message Block (12 Mar 2020)

    A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.

  • Vulnerability in Rockwell Automation's Equipment (12 Mar 2020)

    Improper Access Control vulnerability has been discovered in Rockwell Automation's Equipment- Allen-Bradley Stratix 5950. Successful exploitation of this vulnerability could allow an attacker to write a modified image to the component.

  • Security update for Trend Micro Password Manager (12 Mar 2020)

    Trend Micro has released an updated version of Trend Micro Password Manager 5.0 (Windows) that resolves a DLL hijacking vulnerability in both the standalone version of the product and the versions packed with the latest version of Trend Micro Security (Consumer).

  • Vulnerability in FortiSIEM (12 Mar 2020)

    A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of FortiSIEM could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.

  • Multiple vulnerabilities in MELQIC IU1 series of Mitsubishi Electric Corporation (11 Mar 2020)

    Data collection analyzer MELQIC IU1 series provided by Mitsubishi Electric Corporation contain multiple vulnerabilities in TCP/IP function included in the firmware. By receiving a packet which is specially crafted by an attacker, the network functions of the products may be stopped or malware may be executed.

  • Vulnerability in Huawei products (11 Mar 2020)

    An out-of-bounds read vulnerability has been discovered in some Huawei products. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products.

  • Deserialization vulnerability in Apache ShardingSphere (11 Mar 2020)

    Apache ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type by using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE. An attacker can use untrusted data to fill in the DataSource Config after login the sharding-ui.

  • Vulnerability in TIBCO (11 Mar 2020)

    TIBCO Spotfire Server Script Trust Problem exposes remote code execution vulnerability. This vulnerability allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes.

  • Vulnerability in Intel Smart Sound Technology (10 Mar 2020)

    Improper access control vulnerability in the subsystem for Intel(R) Smart Sound Technology may allow an authenticated user to potentially enable escalation of privilege via local access.

  • Vulnerability in Puppet Server and PuppetDB (10 Mar 2020)

    Puppet Server and PuppetDB may leak sensitive information via metrics API. PE 2018.1.13 & 2019.4.0, Puppet Server 6.9.1 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default.

  • Multiple vulnerabilities in Siemens' Equipment (10 Mar 2020)

    Multiple vulnerabilities have been discovered in various Siemens' Equipment. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in Johnson Controls' Equipment (10 Mar 2020)

    Improper Restriction of XML External Entity Reference and Improper Input Validation vulnerabilities have been discovered in Johnson Controls' Equipment- Metasys and EntraPass. Successful exploitation of these vulnerabilities can allow a denial-of-service attack or disclosure of sensitive data and malicious code execution with system-level privileges respectively.

  • Multiple vulnerabilities in Rockwell Automation's Equipment (10 Mar 2020)

    Multiple vulnerabilities such as Use of Hard-coded Cryptographic Key, Use of a Broken or Risky Algorithm for Password Protection, Use of Client-Side Authentication and Cleartext Storage of Sensitive Information have been discovered in Rockwell Automation's Equipment- MicroLogix 1400 Controllers, MicroLogix 1100 Controllers, and RSLogix 500 Software. Successful exploitation of these vulnerabilities could allow an attacker to gain access to sensitive project file information including passwords.

  • Mozilla releases security update for Firefox and Firefox ESR (10 Mar 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Intel releases security updates (10 Mar 2020)

    Potential security vulnerabilities in Intel Graphics Drivers may allow escalation of privilege, denial of service and/or information disclosure. Intel has released software updates to mitigate these potential vulnerabilities.

  • Microsoft releases March 2020 security updates (10 Mar 2020)

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Vulnerability in Ramp Altimeter (10 Mar 2020)

    A Stored XSS vulnerability has been discovered in Ramp Altimeter that allows a malicious user to store arbitrary JavaScript payloads on the application server.

  • Vulnerability Summary (09 Mar 2020)

    Summary of vulnerabilities for the week of Mar 02, 2020.

  • Zoho releases security update for ManageEngine Desktop Central (07 Mar 2020)

    An unauthenticated remote code execution vulnerability was discovered in ManageEngine Desktop Central. This vulnerability could allow remote attackers to execute arbitrary code on affected installations of Desktop Central. Authentication is not required to exploit this vulnerability. It is recommended to update to the latest version.

  • Vulnerability in Apache Tomcat (06 Mar 2020)

    In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. An attacker may exploit this vulnerability to perform an HTTP request smuggling attack.

  • jackson-databind security update (06 Mar 2020)

    Multiple vulnerabilities have been discovered in jackson-databind source package. It is recommended to upgrade the jackson-databind packages.

  • NVIDIA Security Bulletin (05 Mar 2020)

    NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, escalation of privileges, or information disclosure.

  • Multiple vulnerabilities in WAGO's Equipment (05 Mar 2020)

    Multiple vulnerabilities such as Information Exposure Through Sent Data, Buffer Access with Incorrect Length Value, Missing Authentication for Critical Function, and Classic Buffer Overflow have been discovered in WAGO's Equipment- I/O-CHECK Series PFC100 and Series PFC200. Successful exploitation of these vulnerabilities could allow an attacker to change settings, delete the application, run remote code, cause a system crash, cause a denial-of-service condition, revert to factory settings, and overwrite MAC addresses.

  • python-waitress security update (05 Mar 2020)

    Waitress is a pure Python WSGI server which supports HTTP/1.0 and HTTP/1.1. Multiple vulnerabilities have been discovered in python-waitress. An update for python-waitress is now available for Red Hat OpenStack Platform 15 (Stein).

  • OpenShift Container Platform 4.2.21 openshift/installer security update (05 Mar 2020)

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. HTTP/1.1 headers with a space before the colon led to filter bypass or request smuggling. An update for ose-installer-artifacts-container and ose-installer-container is now available for Red Hat OpenShift Container Platform 4.2.

  • pdfresurrect security update (05 Mar 2020)

    It was discovered that there was an out-of-bounds write vulnerability in pdfresurrect, a tool for extracting or scrubbing versioning data from PDF documents. It is recommended to upgrade the pdfresurrect packages.

  • Vulnerability in Wing FTP Server (04 Mar 2020)

    A vulnerability in the handling of HTTP sessions within Wing FTP Server allows any local user to escalate privileges to root on Linux, MacOS, and Solaris. Exploitation is contingent on an already-established administrative session.

  • Vulnerability in Point to Point Protocol Daemon (04 Mar 2020)

    pppd (Point to Point Protocol Daemon) versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol (EAP) packet processing in eap_request and eap_response subroutines.

  • Vulnerability in Cisco Email Security Appliance (04 Mar 2020)

    A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device.

  • Drupal SVG Formatter security update (04 Mar 2020)

    Critical cross site scripting vulnerability has been discovered in Drupal SVG Formatter. This vulnerability is mitigated by the fact that an attacker must be able to upload SVG files. It is recommended to upgrade the SVG Formatter module for Drupal 8.x to SVG Formatter 8.x-1.12.

  • Multiple vulnerabilities in Netgear Products (04 Mar 2020)

    Netgear has released security updates to address multiple vulnerabilities affecting various Netgear products.

  • Cisco releases security updates (04 Mar 2020)

    Cisco has released security updates to address multiple vulnerabilities affecting various Cisco products.

  • Insufficient data validation in yubikey-val (03 Mar 2020)

    Insufficient data validation vulnerability has been discovered in the open-source project for YubiKey Validation Server. This issue potentially affects developers, partners, and customers who have used a YubiKey Validation Server to build a self-hosted one-time password (OTP) validation service. The default configuration of the service only exposes the verify API, which could allow an attacker to perform a denial of service, potentially preventing legitimate authentications.

  • Google releases security update for Chrome (03 Mar 2020)

    Google has released Chrome version 80.0.3987.132 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • libzypp security update (03 Mar 2020)

    It was discovered that there was an issue where incorrect default permissions on a HTTP cookie store could have allowed local attackers to read private credentials in libzypp, a package management library that powers applications. It is recommended to upgrade the libzypp packages.

  • qemu-kvm-ma security update (03 Mar 2020)

    The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. OOB heap access via an unexpected response of iSCSI Server vulnerability was discovered. An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

  • Vulnerability in Omron's Equipment (03 Mar 2020)

    Uncontrolled Resource Consumption vulnerability has been discovered in Omron's Equipment- PLC CJ Series. Successful exploitation of this vulnerability could cause a denial-of-service condition.

  • Vulnerability in Phoenix Contact's Equipment (03 Mar 2020)

    Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in Phoenix Contact's Equipment- Emalytics Controller ILC 2050 BI(L). Successful exploitation of this vulnerability could allow an attacker to change the device configuration and start or stop services.

  • Vulnerability in Emerson's Equipment (03 Mar 2020)

    Improper Access Control vulnerability has been discovered in Emerson's Equipment- ValveLink. Successful exploitation of this vulnerability could allow arbitrary code execution.

  • Ruby security update (03 Mar 2020)

    Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple vulnerabilities have been discovered in Ruby. An update for ruby is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

  • kernel security and enhancement update (03 Mar 2020)

    Multiple vulnerabilities have been discovered in kernel. An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support.

  • Red Hat build of Eclipse Vert.x 3.8.5 security update (03 Mar 2020)

    Multiple vulnerabilities have been discovered in Red Hat build of Eclipse Vert.x. An update is now available for Red Hat build of Eclipse Vert.x.

  • Vulnerability in Rake (03 Mar 2020)

    It has been discovered that Rake incorrectly handled certain files. An attacker could use this issue to possibly execute arbitrary commands.

  • Pixel update bulletin (02 Mar 2020)

    The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices (Google devices). For Google devices, security patch levels of 2020-03-05 or later address all issues in this bulletin and all issues in the March 2020 Android Security Bulletin.

  • Vulnerability Summary (02 Mar 2020)

    Summary of vulnerabilities for the week of Feb 24, 2020.

  • Android Security Bulletin (02 Mar 2020)

    The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-03-05 or later address all of these issues.

  • Information Disclosure vulnerability in Cisco wireless products (27 Feb 2020)

    A vulnerability in the implementation of the wireless egress packet processing of certain Broadcom Wi-Fi chipsets has been discovered. Multiple Cisco wireless products are affected by this vulnerability. This vulnerability could allow an unauthenticated, adjacent attacker to decrypt Wi-Fi frames without the knowledge of the Wireless Protected Access (WPA) or Wireless Protected Access 2 (WPA2) Pairwise Temporal Key (PTK) used to secure the Wi-Fi network.

  • Proftpd-dfsg security update (26 Feb 2020)

    An use-after-free flaw in the memory pool allocator in ProFTPD, a powerful modular FTP/SFTP/FTPS server, has been discovered. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code. It is recommended to upgrade proftpd-dfsg packages.

  • Rake security update (26 Feb 2020)

    There is an OS command injection vulnerability in Rake, a ruby make-like utility. It is recommended to upgrade rake packages.

  • Multiple vulnerabilities in Honeywell's Equipment (25 Feb 2020)

    Multiple vulnerabilities such as Cross-site Request Forgery, Improper Neutralization of HTTP Headers for Scripting Syntax, and Use of Obsolete Function have been discovered in Honeywell's Equipment- WIN-PAK. Successful exploitation of these vulnerabilities allows an attacker to perform remote code execution.

  • CVE - KB Correlation (25 Feb 2020)

    List of knowledge base article IDs associated with the CVEs for the security updates released by Microsoft for February 2020.

  • Google releases security update for Chrome (24 Feb 2020)

    Google has released Chrome version 80.0.3987.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • OpenSMTPD releases version 6.6.4p1 to address a critical vulnerability (24 Feb 2020)

    OpenSMTPD has released version 6.6.4p1 to address a critical vulnerability. A remote attacker could exploit this vulnerability to take control of an affected server.

  • python-pysaml2 security update (21 Feb 2020)

    It has been discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification. It is recommended to upgrade the python-pysaml2 packages.

  • ksh security update (20 Feb 2020)

    KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. Certain environment variables interpreted as arithmetic expressions on startup, lead to code injection vulnerability. An update for ksh is now available for Red Hat Enterprise Linux 8.

  • Multiple vulnerabilities in Auto-Maskin's Equipment (20 Feb 2020)

    Multiple vulnerabilities such as Cleartext Transmission of Sensitive Information, Origin Validation Error, Use of Hard-coded Credentials, Weak Password Recovery Mechanism for Forgotten Password, and Weak Password Requirements have been discovered in various Equipments- RP 210E Remote Panels, DCU 210E Control Units, and Marine Observer Pro (Android App). Successful exploitation of these vulnerabilities could allow a remote attacker to gain root access to the underlying operating system of the device and may allow read/write access.

  • Multiple vulnerabilities in Honeywell's Equipment (20 Feb 2020)

    Multiple vulnerabilities such as Authentication Bypass by Capture-replay and Path Traversal have been discovered in Honeywell's Equipment- NOTI-FIRE-NET Web Server (NWS-3). Successful exploitation of these vulnerabilities could result in an attacker bypassing web server authentication methods.

  • Vulnerability in Rockwell Automation's Equipment (20 Feb 2020)

    Deserialization of Untrusted Data vulnerability has been discovered in Rockwell Automation's Equipment- FactoryTalk Diagnostics. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM level privileges.

  • Vulnerability in B&R Industrial Automation GmbH's Equipment (20 Feb 2020)

    Improper Authorization vulnerability has been discovered in B&R Industrial Automation GmbH's Equipment- Automation Studio and Automation Runtime. Successful exploitation of this vulnerability may allow a remote attacker to modify the configuration of affected devices.

  • Adobe releases security updates for After Effects and Media Encoder (19 Feb 2020)

    Adobe has released an update for Adobe After Effects and Media Encoder. This update resolves a critical out-of-bounds write vulnerability that could lead to arbitrary code execution in the context of the current user.

  • Cisco releases security updates (19 Feb 2020)

    Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Google releases security updates for Chrome (18 Feb 2020)

    Google has released Chrome version 80.0.3987.116 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

  • Vulnerability in Emerson's Equipment (18 Feb 2020)

    Heap-based Buffer Overflow vulnerability has been discovered in Emerson's Equipment- OpenEnterprise SCADA Server. Successful exploitation of this vulnerability could allow an attacker to execute code on an OpenEnterprise SCADA Server.

  • Vulnerability in Honeywell's Equipment (18 Feb 2020)

    Improper Privilege Management vulnerability has been discovered in Honeywell's Equipment- INNCOM INNControl 3. Successful exploitation of this vulnerability could allow an attacker to escalate user privileges within the INNControl application.

  • Vulnerability in Spacelabs' Equipment (18 Feb 2020)

    Improper Input Validation vulnerability has been discovered in Spacelabs' Equipment- Xhibit Telemetry Receiver. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system.

  • Multiple vulnerabilities in Interpeak's Equipment (18 Feb 2020)

    Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Injection, and Null Pointer Dereference have been discovered in various Equipments- OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River. Successful exploitation of these vulnerabilities could allow remote code execution.

  • Vulnerability in GE's Equipment (18 Feb 2020)

    Protection Mechanism Failure vulnerability has been discovered in GE's Equipment- Ultrasound Products. The affected GE Healthcare ultrasound devices utilize a method of software application implementation called “Kiosk Mode.” This Kiosk Mode is vulnerable to local breakouts, which could allow an attacker with physical access to gain access to the operating system of affected devices.

  • Vulnerability in IBM DB2 (18 Feb 2020)

    Db2 is vulnerable to denial of service. Db2 could allow an attacker to send specially crafted packets to the Db2 server to cause excessive memory usage and cause Db2 to terminate abnormally.

  • Vulnerability in ClamAV (18 Feb 2020)

    It has been discovered that ClamAV, an antivirus software, was susceptible to a denial of service attack by unauthenticated users via inefficient MIME parsing of especially crafted email files.

  • Multiple vulnerabilities in PHP7.3 (17 Feb 2020)

    Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.

  • Vulnerability Summary (17 Feb 2020)

    Summary of vulnerabilities for the week of Feb 10, 2020.

  • Multiple vulnerabilities in evince (14 Feb 2020)

    Multiple vulnerabilities such as command injection, disclosure of uninitialized memory and buffer overflow have been discovered in evince, a simple multi-page document viewer.

  • Vulnerability in FortiManager (13 Feb 2020)

    An Insufficient Verification of Data Authenticity vulnerability in FortiManager may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.

  • Vulnerability in Schneider Electric's Magelis HMI Panel Equipment (13 Feb 2020)

    Improper Check for Unusual or Exceptional Conditions vulnerability has been discovered in Schneider Electric's Equipment- Magelis HMI Panel. Successful exploitation of this vulnerability could allow a denial-of-service condition.

  • Multiple vulnerabilities in Schneider Electric's Modicon Equipment (13 Feb 2020)

    Improper Check for Unusual or Exceptional Conditions and Improper Access Control vulnerabilities have been discovered in Schneider Electric's Equipment- Modicon BMXNOR0200H. Successful exploitation of these vulnerabilities could allow remote code execution or cause a denial-of-service condition.

  • Vulnerability in Huawei Firewall Products (12 Feb 2020)

    An out-of-bound read vulnerability has been discovered in Huawei Firewall products that the IPSec module does not validate a field in a specific message. Attackers can exploit this vulnerability to send malformed message to cause out-of-bound read, compromising normal service.

  • Vulnerability in GlobalProtect (12 Feb 2020)

    A denial-of-service (DoS) vulnerability has been discovered in Palo Alto Networks GlobalProtect software running on Mac OS. This vulnerability allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.

  • Vulnerability in PAN-OS (12 Feb 2020)

    Missing XML validation vulnerability has been discovered in the PAN-OS web interface on Palo Alto Networks PAN-OS software. This vulnerability allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6.

  • libemail-address-list-perl security update (12 Feb 2020)

    Denial of service via an algorithmic complexity attack on email address parsing has been discovered in libemail-address-list-perl. It is recommended to upgrade the libemail-address-list-perl packages.

  • Red Hat JBoss Fuse/A-MQ 6.3 security update (12 Feb 2020)

    This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3 and includes bug fixes.

  • openjdk-8 security update (12 Feb 2020)

    Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes. It is recommended to upgrade the openjdk-8 packages.

  • Microsoft Exchange Server security update (11 Feb 2020)

    A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM. This security update addresses the vulnerability by correcting how Microsoft Exchange creates the keys during install.

  • Mozilla releases security updates for multiple products (11 Feb 2020)

    Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Adobe releases security updates for multiple products (11 Feb 2020)

    Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Intel releases security updates (11 Feb 2020)

    Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to gain escalation of privileges.

  • Microsoft releases February 2020 security updates (11 Feb 2020)

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in Digi International's Equipment (11 Feb 2020)

    Unrestricted Upload of File with Dangerous Type and Cross-site Scripting vulnerabilities have been discovered in Digi International's Equipment- ConnectPort LTS 32 MEI. Successful exploitation of these vulnerabilities could limit system availability.

  • Multiple vulnerabilities in Siemens' Equipment (11 Feb 2020)

    Multiple vulnerabilities have been discovered in multiple products of Siemens. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Multiple vulnerabilities in Synergy Systems & Solutions' Equipment (11 Feb 2020)

    Improper Authentication and Improper Input Validation vulnerabilities have been discovered in Synergy Systems & Solutions' Equipment- HUSKY RTU. Successful exploitation of these vulnerabilities could allow an attacker to read sensitive information, execute arbitrary code, or cause a denial-of-service condition.

  • Vulnerability in spice-gtk (11 Feb 2020)

    The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Insufficient encoding checks for LZ can cause different integer/buffer overflows.

  • Multiple vulnerabilities in Yubico PIV Tool (11 Feb 2020)

    It has been discovered that libykpiv, a supporting library of the Yubico PIV Tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager.

  • Multiple vulnerabilities in libexif (11 Feb 2020)

    It has been discovered that libexif incorrectly handled certain files. An attacker could possibly exploit these vulnerabilities to access sensitive information, cause a denial of service or execute arbitrary code.

  • Vulnerability in Fortiguard products (10 Feb 2020)

    A system command injection vulnerability has been discovered in FortiAP. This vulnerability in FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.

  • Vulnerability Summary (10 Feb 2020)

    Summary of vulnerabilities for the week of Feb 03, 2020.

  • Multiple vulnerabilities in Qtbase (10 Feb 2020)

    It has been discovered that Qt incorrectly handled certain PPM images, text files and incorrectly searched for plugins and libraries in the current working directory. A remote attacker could exploit these vulnerabilities to cause a denial of service and execute arbitrary code on an affected system.

  • Vulnerability in libexif (10 Feb 2020)

    An out-of-bounds write vulnerability due to an integer overflow has been reported in libexif, a library to parse exif files. This flaw might be leveraged by remote attackers to cause denial of service, or potentially execute arbitrary code via crafted image files.

  • Multiple vulnerabilities in HPE Product (08 Feb 2020)

    It has been discovered that HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access multiple remote vulnerabilities including information disclosure, or denial of service.

  • Emotet evolves with new Wi-Fi Spreader (07 Feb 2020)

    A new loader type has been identified that takes advantage of the wlanAPI interface to enumerate all Wi-Fi networks in the area, and then attempts to spread to these networks, infecting all devices that it can access in the process.

  • Vulnerability in libxmlrpc3-java (06 Feb 2020)

    It has been reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library.

  • Cisco Discovery Protocol (CDP) enabled devices are vulnerable to denial-of-service and remote code execution (05 Feb 2020)

    CDP supported devices are vulnerable to heap overflow in Cisco IP Cameras (CVE-2020-3110), stack overflow in Cisco VoIP devices (CVE-2020-3111), a format string stack overflow vulnerability (CVE-2020-3118), stack overflow and arbitrary write (CVE-2020-3119), and a resource exhaustion denial-of-service vulnerability (CVE-2020-3120) in Cisco NX-OS switches and Cisco IOS XR Routers, among others. These vulnerabilities could allow an attacker on the local network to execute code or cause a denial of service.

  • Multiple vulnerabilities in CA Unified Infrastructure Management (05 Feb 2020)

    Multiple vulnerabilities have been discovered in CA Unified Infrastructure Management (Nimsoft / UIM) of CA Technologies, a Broadcom Company. These vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code or commands, read from or write to systems, or conduct denial of service attacks.

  • Vulnerability in AutomationDirect's Equipment (04 Feb 2020)

    Insufficiently Protected Credentials vulnerability has been discovered in AutomationDirect's Equipment- C-More Touch Panels EA9 Series. Successful exploitation of this vulnerability may allow an attacker to get account information such as usernames and passwords, obscure or manipulate process data, and lock out access to the device.

  • Vulnerability in Python-Django (04 Feb 2020)

    It has been discovered that Django incorrectly handled input in the PostgreSQL module. A remote attacker could possibly use this to perform SQL injection attacks.

  • GraphicsMagick vulnerabilities (04 Feb 2020)

    It has been discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

  • Multiple vulnerabilities in Symantec (03 Feb 2020)

    Symantec has released updates to address issues that were discovered in the Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Small Business Edition (SEP SBE) products.

  • Slow HTTP DoS attacks mitigation in Fortiguard products (03 Feb 2020)

    An Uncontrolled Resource Consumption vulnerability has been discovered in multiple products of Fortiguard. This vulnerability could allow an attacker to cause web service portal denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly.

  • Vulnerability Summary (03 Feb 2020)

    Summary of vulnerabilities for the week of Jan 27, 2020.

  • Vulnerability in Sudo (03 Feb 2020)

    Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account.