Multiple vulnerabilities such as Server-Side Forgery Request, and Arbitrary File Deletion have been discovered in XStream. It is recommended to upgrade the libxstream-java packages.
CVE ID: CVE-2020-26258 (High), CVE-2020-26259 (Medium)
A Cross Site Request Forgery (CSRF) vulnerability has been discovered in McAfee Network Security Management (NSM) which may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request. The affected version are McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55.
CVE ID: CVE-2020-7336 (Medium)
Multiple vulnerabilities identified in QNAP Products, a remote attacker may exploit some of these vulnerabilities to trigger disclose sensitive information and data manipulation on the targeted system. These issues do not affect in QNAP version QTS 4.5.1.1456 build 20201015 (and later), QuTS hero h4.5.1.1472 build 20201031 (and later) & QuTScloud c4.5.2.1379 build 20200730 (and later).
CVE ID: CVE-2018-19944 (Medium), CVE-2018-19941 (Medium), CVE-2018-19945 (High)
It has been discovered that OpenEMR, the most popular open source electronic health records and medical practice management solution allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file. The affected version is OpenEMR 5.0.1.3.
CVE ID: CVE-2018-16795
It has been discovered that Green Packet WiMax DV-360 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. The affected version is Green Packet WiMax DV-360 2.10.14-g1.0.6.1.
CVE ID: CVE-2018-14067
It has been discovered that GDrayTek Vigor2960, wireless access point allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. The affected version is GDrayTek Vigor2960 1.5.1.
CVE ID: CVE-2020-19664
It has been discovered that User-Friendly USVN, a web interface written in PHP used to configure Subversion repositories allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline. The affected versions are USVN before 1.0.9.
CVE ID: CVE-2020-17363
Command Injection vulnerability has been discovered in the CPE WAN Management Protocol (CWMP) registration in Amino Communications. The vulnerability allows Man-in-the-Middle attackers to execute arbitrary commands with root level privileges. The affected versions are AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B.
CVE ID: CVE-2020-10209
It has been discovered that the Inventory module of the 1E Client doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\.
CVE ID: CVE-2020-27644
It has been discovered that Agentejo Cockpit allows NoSQL injection vulnerability via the Controller/Auth.php newpassword function. The affected versions are Agentejo Cockpit before 0.11.2.
CVE ID: CVE-2020-35848
A vulnerability has been discovered in roundcube, a web-based IMAP email client where in a cross-site scripting (XSS) via HTML or Plain text messages with malicious content is possible. It is recommended to upgrade the roundcube packages.
CVE ID: CVE-2020-35730 (Medium)
It has been discovered that SPIP, a website engine for publishing, does not correctly validate its input (couleur, display, display_navigation, display_outils, imessage, and spip_ecran) which allows authenticated users to execute arbitrary code. It is recommended to upgrade the spip packages.
CVE ID: CVE-2020-28984 (Critical)
HedgeDoc is a collaborative platform for writing and sharing markdown. It has been discovered that an attacker can inject arbitrary `script` tags in HedgeDoc notes using mermaid diagrams. The affected versions are HedgeDoc before version 1.7.1.
CVE ID: CVE-2020-26287 (High)
A Distributed Denial of Service(DDoS) vulnerability has been discovered in Citrix ADC. An attacker or bots can overwhelm the Citrix ADC DTLS network throughput, potentially leading to outbound bandwidth exhaustion.
It has been discovered that iSM client running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate. The affected versions are iSM client versions from V5.1 prior to V12.1.
CVE ID: CVE-2020-5684
A vulnerability has been discovered in the HTTP package for Dart. If an attacker controls the HTTP method and the App is using request directly, it's possible to achieve Carriage Return and Line Feed (CRLF) injection in an HTTP request. The affected version are HTTP package through 0.12.2 for Dart.
CVE ID: CVE-2020-35669
It has been discovered that BigProf Online Invoicing System fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. The affected versions are BigProf Online Invoicing System before 4.0.
CVE ID: CVE-2020-35677
It has been discovered that Awstats, a web server log analyzer, is vulnerable to path traversal attacks. A remote unauthenticated attacker can leverage that to perform arbitrary code execution. It is recommended to upgrade the awstats packages.
CVE ID: CVE-2020-29600 (Critical), CVE-2020-35176 (Medium)
Multiple vulnerabilities have been discovered in QES, QTS and QuTS hero of QNAP. A remote attacker can exploit some of these vulnerabilities to trigger remote code execution, disclose sensitive information, cross-site scripting and bypass security restriction on the targeted system.
CVE ID: CVE-2020-2499 (High), CVE-2016-6903 (High), CVE-2020-25847 (High), CVE-2020-2503 (Critical), CVE-2020-2504 (Medium), CVE-2020-2505 (Low)
The update for a privilege escalation vulnerability via the ceph_volume_client Python interface is available. The affected products are SUSE Linux Enterprise Module for Basesystem 15-SP2 & SUSE Enterprise Storage 7.
CVE ID: CVE-2020-27781 (High)
Heap buffer overflow has been discovered in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. An attacker can cause a Denial of Service (DoS) or arbitrary code execution if you use cURL to transfer data to or from a Trivial File Transport Protocol (TFTP) server and set the blksize (block size) option to a value below 504 (the default value is 512).
CVE ID: CVE-2019-5482 (Critical)
Multiple vulnerabilities have been discovered in Sympa, a mailing list manager, which can result in local privilege escalation, Denial of Service or unauthorized access via the SOAP API.
CVE ID: CVE-2020-9369 (High), CVE-2020-10936 (High), CVE-2020-26932 (Medium), CVE-2020-29668 (Low)
The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Multiple vulnerabilities have been discovered such as reconnection can downgrade connection security settings and psql's \gset allows overwriting specially treated variables in postgresql. An update for libpq is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
CVE ID: CVE-2020-25694 (High), CVE-2020-25696 (High)
A vulnerability has been discovered in the PushToWatch extension for MediaWiki. The primary form do not implement an anti-CSRF (Cross-Site Request Forgery) token and therefore is completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php. The affected versions are MediaWiki through 1.35.1.
CVE ID: CVE-2020-35626
A potential Denial of Service vulnerability through malicious timestamp tags has been discovered in PostSRSd, a Sender Rewriting Scheme (SRS) lookup table for Postfix in Debian GNU/Linux OS. It is recommended to upgrade the postsrsd packages. CVE ID: CVE-2020-35573
A vulnerability has been discovered in influxdb, a scalable datastore for metrics, events, and real-time analytics in Debian GNU/Linux OS. By using a JWT token with an empty shared secret, one is able to bypass authentication in services/httpd/handler.go. It is recommended to upgrade the influxdb packages. CVE ID: CVE-2019-20933 (Critical)
Multiple vulnerabilities have been discovered in the PEAR Archive_Tar package for handling tar files in PHP. A remote attacker can execute arbitrary code or overwrite files. It is recommended to upgrade the php-pear packages in Debian GNU/Linux OS. CVE ID: CVE-2020-28948 (High), CVE-2020-28949 (High)
Multiple vulnerabilities such as XML external entity (XXE), and Denial of Service have been discovered in Apache Poi. A remote attacker can exploit these vulnerabilities to obtain sensitive information, cause the application to enter into an infinite loop and an out of memory exception. CVE ID: CVE-2019-12415 (Medium), CVE-2017-12626 (Medium)
Multiple vulnerabilities such as Heap-based Buffer Overflow, Out-of-bounds Read, and Out-of-bounds Write have been discovered in Treck Inc.'s Equipment- TCP/IP. Successful exploitation of this vulnerability may allow remote code execution and a Denial of Service condition. The affected components of Treck TCP/IP stack Version 6.0.1.67 and prior are HTTP Server, IPv6 & DHCPv6. The Treck TCP/IP stack may be known by other names such as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2, Kwiknet, or AMX.
CVE ID: CVE-2020-25066 (Critical), CVE-2020-27337 (Critical), CVE-2020-27338 (Medium)
Multiple vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work. The vulnerabilities can result in cross-site scripting or the disclosure of hidden users. It is recommended to upgrade the mediawiki packages. CVE ID: CVE-2020-35475, CVE-2020-35477, CVE-2020-35479 (Medium), CVE-2020-35480
Multiple vulnerabilities have been discovered in curl, a command line tool for transferring data with URL syntax and an easy-to-use client-side URL transfer library. It is recommended to upgrade the curl packages. CVE ID: CVE-2020-8284 (Low), CVE-2020-8285 (High), CVE-2020-8286 (High)
Multiple vulnerabilities have been discovered in Red Hat OpenShift Container Storage. Updated images are now available for Red Hat OpenShift Container Storage 4.6.0 on Red Hat Enterprise Linux 8. The affected product is Red Hat OpenShift Container Storage 4 x86_64. CVE ID: CVE-2020-7720 (High), CVE-2020-8237 (High), CVE-2020-14040 (High), CVE-2020-15586 (Medium), CVE-2020-16845 (High)
It has been discovered that ISC BIND is vulnerable to a Denial of Service, caused by an assertion failure when attempting to verify a truncated response to a TSIG-signed request. By sending a specially-crafted request, a remote authenticated attacker can exploit this vulnerability to cause the server to exit. The affected products are AIX 7.1, 7.2 and VIOS 3.1.
CVE ID: CVE-2020-8622 (Medium)
It has been discovered that the audit forwarding mechanism for Terminal Access Controller Access-Control System Plus (TACACS+) uses an unencrypted database variable to store passwords. The system leaks sensitive information to authenticated users who have access to the BIG-IP system.
It has been discovered that under certain conditions, Analytics, Visibility and Reporting Daemon (AVRD) may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices. This may allow an attacker to initiate a denial-of-service (DoS) attack on the AVRD process on the BIG-IP system from a mobile device in certain condition. CVE ID: CVE-2020-27728
Improper Authentication vulnerability has been discovered in Emerson's Equipment- Rosemount X-STREAM Gas Analyzer. Successful exploitation of this vulnerability may allow an attacker through a specially crafted URL to download files and obtain sensitive information. CVE ID: CVE-2020-27254 (High)
PTC Kepware LinkMaster is a Windows application linking data between OPC servers. An Incorrect Default Permissions vulnerability has been discovered. Successful exploitation of this vulnerability may allow a local attacker to globally overwrite the service configuration to execute arbitrary code with NT SYSTEM privileges. The affected Kepware LinkMaster versions are 3.0.94.0 and prior. CVE ID: CVE-2020-13535 (Critical)
Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow, and Use After Free have been discovered in PTC's Equipment- Kepware KEPServerEX. Successful exploitation of these vulnerabilities may lead to a server crashing, a denial-of-service condition, data leakage or remote code execution. CVE ID: CVE-2020-27265 (Critical), CVE-2020-27263 (Critical), CVE-2020-27267 (High)
It has been discovered that when the BIG-IP ASM system processes requests with JSON payload, an unusually large number of parameters may cause excessive CPU usage in the BIG-IP ASM bd process. When this vulnerability is exploited, the BIG-IP ASM system may cause denial-of-service condition. CVE ID: CVE-2020-27718
It has been discovered that BIG-IP APM virtual server processing PingAccess requests may lead to a restart of the Traffic Management Microkernel (TMM) process. Traffic processing on the BIG-IP system is disrupted while TMM restarts, leading to a failover event in a high availability (HA) environment. CVE ID: CVE-2020-27723
A denial of service vulnerability has been discovered in some Huawei smartphones. Due to the improper processing of received abnormal messages, remote attackers may exploit this vulnerability to cause a Denial of Service (DoS) on the specific module. CVE ID: CVE-2020-9223
Netgear has released security updates to address vulnerabilities in multiple products. An attacker may exploit some of these vulnerabilities to take control of an affected system.
IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. Multiple vulnerabilities have been discovered in java-1.7.1-ibm. The java-1.7.1-ibm security update is now available which upgrades IBM Java SE 7 to version 7R1 SR4-FP75. CVE ID: CVE-2020-14779 (Low), CVE-2020-14781 (Low), CVE-2020-14782 (Low), CVE-2020-14796 (Low), CVE-2020-14797 (Low)
Memcached is a high-performance, distributed memory object caching system. A null-pointer dereference vulnerability has been discovered in "lru mode" and "lru temp_ttl" causing denial of service in Memcached. An update for Memcached is now available for Red Hat OpenStack Platform 13 (Queens). The affected products are Red Hat OpenStack 13 x86_64 & Red Hat OpenStack for IBM Power 13 ppc64le. CVE ID: CVE-2019-11596 (High)
Python-XStatic-Bootstrap-SCSS is the Bootstrap-SCSS JavaScript library packaged for setuptools / pip. Multiple XSS vulnerabilities have been discovered in python-XStatic-Bootstrap-SCSS. An update for python-XStatic-Bootstrap-SCSS is now available for Red Hat OpenStack Platform 13 (Queens). CVE ID: CVE-2016-10735 (Medium), CVE-2018-14042 (Medium), CVE-2018-20676 (Medium), CVE-2018-20677 (Medium), CVE-2019-8331 (Medium)
Python-X Static-jQuery is the jQuery javascript library packaged for Python's setup tools. Prototype pollution in object's prototype leads to denial of service, remote code execution or property injection in python-XStatic-jQuery. An update for python-XStatic-jQuery is now available for Red Hat OpenStack Platform 13 (Queens). CVE ID: CVE-2019-11358 (Medium)
Multiple vulnerabilities have been discovered in Red Hat build of Thorntail. An update is now available for Red Hat build of Thorntail. CVE ID: CVE-2020-14299 (Medium), CVE-2020-14338 (Medium), CVE-2020-14340, CVE-2020-25638 (High), CVE-2020-25649 (High)
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker may exploit some of these vulnerabilities to take control of an affected system.
Uncontrolled Resource Consumption vulnerability has been discovered in WAGO's Equipment- 750-88x and 750-352. Successful exploitation of this vulnerability may allow an attacker to crash the device being accessed using a denial-of-service attack. CVE ID: CVE-2020-12516 (High)
A manual supply chain attack has been discovered in SolarWinds Orion Platform software. The affected versions are SolarWinds Orion Platform software builds for versions 2019.4 HF 5 and 2020.2 with no hotfix or 2020.2 HF 1. The updates are available.
SQL Injection vulnerability has been discovered in NewPK via the title parameter to admin\newpost.php. The affected version is NewPK 1.1. CVE ID: CVE-2020-20189
Apple has released security updates to address vulnerabilities in multiple products. An attacker may exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that Envoy logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters). The affected versions are Envoy before 1.16.1. CVE ID: CVE-2020-35470
A vulnerability has been discovered in LOGO! 8 BM (incl. SIPLUS variants). The password used for authentication for the LOGO! Website and the LOGO! Access Tool is sent in a recoverable format. An attacker with access to the network traffic could derive valid logins. The affected versions are LOGO! 8 BM all versions below V8.3 CVE ID: CVE-2020-25235
It has been discovered that a malicious or poorly-implemented homeserver may inject malformed events into a room by specifying a different room id. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. CVE ID: CVE-2020-26257
Multiple vulnerabilities such as Null Pointer Deference, and head-based buffer overflow have been discovered in openexr, a set of tools to manipulate OpenEXR image files. It is recommended to upgrade the openexr packages. CVE ID: CVE-2020-16588, CVE-2020-16589
Multiple vulnerabilities have been discovered in Medtronic's Equipment- MyCareLink (MCL) Smart Model 25000 Patient Reader. Successful exploitation of these vulnerabilities together may result in the attacker being able to modify or fabricate data from the implanted cardiac device being uploaded to the CareLink Network and remotely execute code on the MCL Smart Patient Reader device, which may allow control of a paired cardiac device. The exploitation must be initiated within Bluetooth signal proximity of the vulnerable product. CVE ID: CVE-2020-27252 (High), CVE-2020-25187 (High), CVE-2020-25183 (High)
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker may exploit some of these vulnerabilities to take control of an affected system. CVE ID: CVE-2020-3419 (Medium), CVE-2020-26085 (Critical)
Improper Input Validation vulnerability has been discovered in Host Engineering's Equipment- ECOM100 Module- an Ethernet communications module for PLC systems. Successful exploitation of this vulnerability may lead to a denial-of-service condition, forcing an operator to manually restart the device. CVE ID: CVE-2020-25195 (High)
A denial-of-service (DoS) vulnerability has been discovered in Mitsubishi Electric's MELSEC iQ-F series FX5U(C) CPU modules. CPU modules may allow malicious attacker to cause a DoS condition on program execution and communication by sending specially crafted Address Resolution Protocol (ARP) packets. CVE ID: CVE-2020-5665 (High)
It has been discovered that a cross-site scripting (XSS) vulnerability in SquirrelMail- Webmail for nuts allows remote attackers to use malicious script content from HTML e-mail to execute code and/or provoke a denial of service. CVE ID: CVE-2019-12970 (Medium)
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.
Adobe has released security updates to address vulnerabilities in multiple products. An attacker may exploit some of these vulnerabilities to take control of an affected system. CVE ID: CVE-2020-24447 (Critical), CVE-2020-24444, CVE-2020-24445 (Critical), CVE-2020-24440 (Critical)
It has been discovered that LibTIFF decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. An attacker may be able to use specially crafted TIFF files to cause a denial of service (DoS) via out-of-bounds writes. CVE ID: CVE-2018-18557 (High)
Multiple vulnerabilities such as out-of-bounds access, and race condition have been discovered in Linux kernel. A locally logged-in attacker may gain unauthorized access to resources or cause a denial-of-service (DoS) on a vulnerable system. CVE ID: CVE-2017-18344 (Medium), CVE-2017-10661 (High)
OpenSSL has released a security update to address a vulnerability affecting all versions 1.0.2 and 1.1.1 released before version 1.1.1i. An attacker may exploit this vulnerability to cause a denial-of-service condition. CVE ID: CVE-2020-1971
FireEye has addressed an unauthorized access to their Red Team’s tools by a highly sophisticated threat actor. Red Team tools are often used by cybersecurity organizations to evaluate the security posture of enterprise systems. An unauthorized third-party users may abuse these tools to take control of targeted systems.
Multiple vulnerabilities have been discovered in several vendors Equipment- uIP-Contiki-OS, uIP-Contiki-NG, uIP, open-iscsi, picoTCP-NG, picoTCP, FNET, Nut/Net. Successful exploitation of these vulnerabilities may allow attackers to corrupt memory, put devices into infinite loops, access unauthorized data, and/or poison DNS cache.
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker may exploit some of these vulnerabilities to take control of an affected system.
Remote Code Execution vulnerability has been discovered in Apache Struts 2. A remote attacker may exploit this vulnerability to take control of an affected system. The affected versions are Struts 2.0.0 - Struts 2.5.25. It is recommended to upgrade to Struts 2.5.26 or higher. CVE ID: CVE-2020-17530
Multiple vulnerabilities such as Unprotected Transport of Credentials, and Exposure of Sensitive System Information to an Unauthorized Control Sphere have been discovered in GE Imaging and Ultrasound Products of GE Healthcare. Successful exploitation of these vulnerabilities may occur if an attacker gains access to the Healthcare Delivery Organization’s (HDO) network. CVE ID: CVE-2020-25175 (Critical), CVE-2020-25179 (Critical)
Multiple vulnerabilities have been discovered in Schneider Electric's Equipment- Easergy T300. The Easergy T300 is a modular platform for medium voltage and low voltage public distribution network management. Successful exploitation of this vulnerability may allow an attacker to obtain unauthorized access to the internal product LAN, which will result in exposure of sensitive information, Denial of Service, and remote code execution. CVE ID: CVE-2020-7561 (Critical), CVE-2020-28215 (High), CVE-2020-28216 (High), CVE-2020-28217 (Medium), CVE-2020-28218 (Medium)
Multiple vulnerabilities have been discovered in Schneider Electric's Equipment- Modicon M221 Programmable Logic Controller. Modicon M221 is a Nano Programmable Logic Controller (PLC) made to control basic automation for machines. Successful exploitation of these vulnerabilities may allow an attacker to take control over the PLC and exposure of sensitive information. CVE ID: CVE-2020-7565 (High), CVE-2020-7566 (High), CVE-2020-7567 (High), CVE-2020-7568 (Low), CVE-2020-28214 (Low)
Multiple vulnerabilities have been identified in Android, a remote attacker may exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and sensitive information disclosure on the targeted system. The affected Android versions are 8.0, 8.1, 9, 10 & 11. Security patch levels of 2020-12-05 or later address all of these issues.
Multiple vulnerabilities have been discovered in GitLab. It is recommended to update versions 13.6.2, 13.5.5 and 13.4.7 for GitLab Community Edition (CE) and Enterprise Edition (EE). CVE ID: CVE-2020-26407 (Medium), CVE-2020-26408 (Medium), CVE-2020-13357 (Medium), CVE-2020-26411 (Medium), CVE-2020-26409 (Medium)
Multiple vulnerabilities have been discovered in the IBM SDK, Java Technology Edition that is shipped with IBM WebSphere Application Server. The affected products are WebSphere Application Server Liberty version Continuous Delivery, WebSphere Application Server versions 8.5 and 9.0. CVE ID: CVE-2020-14781 (Low), CVE-2020-14797 (Low)
It has been discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server may result in the execution of arbitrary code. In addition minidlna was susceptible to the "CallStranger" UPnP vulnerability. It is recommended to upgrade the minidlna packages. CVE ID: CVE-2020-12695 (High), CVE-2020-28926 (Critical)
Multiple vulnerabilities such as memory disclosure, and cache poisoning have been discovered in Apache Traffic Server, a reverse and forward proxy server. It is recommended to upgrade the trafficserver packages. CVE ID: CVE-2020-17508, CVE-2020-17509
It has been discovered that certain environment variables interpreted as arithmetic expressions on startup leads to code injection vulnerability in ksh. An update for ksh is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. CVE ID: CVE-2019-14868 (High)
Multiple vulnerabilities have been discovered in salt. It is recommended to upgrade the salt packages. CVE ID: CVE-2020-16846 (Critical), CVE-2020-17490 (Medium), CVE-2020-25592 (Critical)
Out-of-bounds Read vulnerability has been discovered in Mitsubishi Electric Corporation's Equipment- GOT and Tension Controller. Successful exploitation of this vulnerability may allow attackers to cause deterioration of communication performance or cause a denial-of-service condition of the TCP communication functions of the products. CVE ID: CVE-2020-5675 (High)
Multiple vulnerabilities have been discovered in WECON's LeviStudioU Equipment. Successful exploitation of these vulnerabilities may allow an attacker to execute code under the privileges of the application and obtain sensitive information. CVE ID: CVE-2020-16243 (High), CVE-2020-25186 (Medium), CVE-2020-25199 (High)
A vulnerability has been discovered in CompactRIO-a real-time embedded industrial controller. Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that may reboot the device remotely. The affected products are CompactRIO Driver versions prior to 20.5 CVE ID: CVE-2020-25191 (High)
A HTTP/2 Request header mix-up vulnerability has been discovered in Apache Tomcat. A remote attacker may exploit this vulnerability to leak sensitive information. The affected versions are Apache Tomcat 10.0.0-M1 to 10.0.0-M9, Apache Tomcat 9.0.0.M5 to 9.0.39 and Apache Tomcat 8.5.1 to 8.5.59. CVE ID: CVE-2020-17527
Multiple vulnerabilities have been discovered in golang-Go Toolset which provides the Go programming language tools and libraries. An update for go-toolset-1.14-golang is now available for Red Hat Software Collections. CVE ID: CVE-2020-28362 (High), CVE-2020-28366 (High), CVE-2020-28367 (High)
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Multiple vulnerabilities such as XML external entity, SQL injection, and memory leak per HTTP session creation have been discovered in Red Hat JBoss Enterprise Application Platform. An update is now available. CVE ID: CVE-2020-25649, CVE-2020-25638, CVE-2020-25644 (High)
A vulnerability has been discovered in Snapcraft- easily craft snaps in Ubuntu. An intended access restriction may be bypassed in snaps built with Snapcraft. CVE ID: CVE-2020-27348 (Medium)
Google has released Chrome version 87.0.4280.88 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker may exploit to take control of an affected system.
Apple has released security updates to address vulnerabilities in iCloud for Windows11.5. An attacker may exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server may redirect the browser to a different website. It is recommended to upgrade the jupyter-notebook packages. CVE ID: CVE-2020-26215 (Medium)
Pimcore is an open source digital experience platform. It has been discovered that in Pimcore before version 6.8.5, it is possible to modify and create website settings without having the appropriate permissions. CVE ID: CVE-2020-26246 (High)
An SQL injection vulnerability has been discovered in Gym Management System in manage_user.php file, GET parameter 'id' is vulnerable. CVE ID: CVE-2020-29288 (Critical)
It has been discovered that an improper buffer restrictions vulnerability in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. An attacker may exploit the improper input validation in BIOS firmware to potentially create a denial of service by way of local access. The affected products are BIG-IP i850, i2000, i4000 series. CVE ID: CVE-2020-0591 (Medium)
Multiple vulnerabilities have been discovered in HPE HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities may be remotely exploited to execute code, cause denial of service, bypass access control restrictions, disclose sensitive information, add or modify data, cause memory corruption, or redirect a URL to an untrusted URL.
Brotli is a compression algorithm developed by Google and works best for text compression. A buffer overflow vulnerability has been discovered in Brotli. It is recommended to upgrade the Brotli packages. CVE ID: CVE-2020-8927 (Medium)
Multiple vulnerabilities have been discovered in various FortiGate products. An attacker may exploit these vulnerabilities to trigger sensitive information disclosure, cross-site scripting and bypass security restriction on the targeted system. CVE ID: CVE-2020-15937 (Medium), CVE-2019-15126 (Low), CVE-2020-9295 (Medium)
Multiple vulnerabilities such as heap-buffer-overflow, and out-of-bounds write have been discovered in pdfresurrect-a tool for analyzing and manipulating revisions to PDF documents. It is recommended to upgrade the pdfresurrect packages. CVE ID: CVE-2019-14934 (High), CVE-2020-20740 (High)
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Multiple vulnerabilities have been discovered in nodejs. An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. CVE ID: CVE-2020-7774 (High), CVE-2020-8277 (High), CVE-2020-15366 (Medium)
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. A vulnerability has been discovered in kubernetes whose compromised nodes can escalate to cluster level privileges. Red Hat OpenShift Container Platform release 4.5.21 has released multiple bug fix and security update. CVE ID: CVE-2020-8559 (Medium)
PHP is a HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple vulnerabilities have been discovered in rh-php73-php. An update for rh-php73-php is now available for Red Hat Software Collections.
Mozilla has released security updates to address stack overflow due to incorrect parsing of SMTP server response codes vulnerability in Thunderbird. CVE ID: CVE-2020-26970 (High)
Multiple vulnerabilities have been discovered in Werkzeug- collection of utilities for WSGI applications (Python 2.x). An attacker may use these issues for phishing attacks and to access sensitive information. CVE ID: CVE-2019-14806 (High), CVE-2020-28724 (Medium)
It has been discovered that the wcsnrtombs function in musl libc has multiple bugs in handling of destination buffer size when limiting the input character count, which can lead to infinite loop with no forward progress or writing past the end of the destination buffers. It is recommended to upgrade the musl packages. CVE ID: CVE-2020-28928
Xerox has released security updates for DocuShare 6.6.1, 7.0, and 7.5 to address a vulnerability which can allow an unauthenticated attacker to obtain sensitive information. CVE ID: CVE-2020-27177
A vulnerability has been discovered in VIPS - an image processing system, version before 8.8.2. An uninitialized variable may cause the leakage of remote server path or stack address. It is recommended to upgrade the vips packages. CVE ID: CVE-2020-20739
SQL injection vulnerability has been discovered in hibernate-core of Red Hat Single Sign-On 7.4 standalone server when both hibernate.use_sql_comments and JPQL String literals are used. A security update is now available for Red Hat Single Sign-On 7.4. CVE ID: CVE-2020-25638
It has been discovered that x11vnc, a VNC server allows remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker may exploit this vulnerability for information disclosure, denial of service or interfer with the VNC session of another user on the host. It is recommended to upgrade the x11vnc packages. CVE ID: CVE-2020-29074 (High)
The lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. Multiple vulnerabilities such as XSS injection, and javascript escaping have been discovered in lxml. It is recommended to upgrade the lxml packages. CVE ID: CVE-2018-19787 (Medium), CVE-2020-27783
FreeRDP is a RDP client for Windows Terminal Services. It has been discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker can use these vulnerabilities to cause FreeRDP to crash, resulting in a Denial of Service, or possibly execute arbitrary code.
It has been discovered that ADMX, a web base module in Ericsson BSCS iX, a enterprise billing software, is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. This vulnerability potentially allows full account takeover, or exploiting admins' browsers by using the beef framework. CVE ID: CVE-2020-29145
A vulnerability has been discovered in BigBlueButton, a complete web conferencing system. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting which is protected by an access code. The affected versions are BigBlueButton through 2.2.29. CVE ID: CVE-2020-29042
It has been discovered that Poppler, a PDF rendering library, incorrectly handled certain files. If a user or automated system are tricked into opening a crafted PDF file, an attacker can cause a Denial of Service. CVE ID: CVE-2020-27778, CVE-2018-21009 (High), CVE-2019-10871 (Medium), CVE-2019-9959 (Medium), CVE-2019-13283 (High)
It has been discovered that arbitrary PHP code execution vulnerability is possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. To mitigate this issue, prevent untrusted users from uploading .tar, .tar.gz,.bz2 or .tlz files. CVE ID: CVE-2020-28948, CVE-2020-28949
A race condition vulnerability has been discovered in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a Denial of Service or information leakage from the host. CVE ID: CVE-2020-25653
It has been discovered that osCommerce has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters. The affected version is osCommerce 2.3.4.1. CVE ID: CVE-2020-29070
It has been discovered that atftp's FTP server in Ubuntu 16.04 do not properly handler certain input. An attacker can use this to to cause a denial of service or possibly execute arbitrary code. CVE ID: CVE-2019-11365 (Critical), CVE-2019-11366 (Medium)
It has been discovered that igraph in Ubuntu mishandled certain malformed XML. An attacker may use this vulnerability to cause a Denial of Service. CVE ID: CVE-2018-20349 (Medium)
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. Multiple vulnerabilities have been discovered in BIND. An update for BIND is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. CVE ID: CVE-2020-8622, CVE-2020-8623, CVE-2020-8624
The Fuji V-Server Lite, all versions prior to 3.3.24.0 is vulnerable to an out-of-bounds write which may allow an attacker to remotely execute arbitrary code. CVE ID: CVE-2020-25171 (High)
Multiple vulnerabilities have been discovered in Rockwell Automation's Equipment- FactoryTalk Linx Version 6.11 and prior. Successful exploitation of these vulnerabilities may allow a Denial-of-Service condition, remote code execution, or leak information that can be used to bypass Address Space Layout Randomization (ASLR). CVE ID: CVE-2020-27253 (High), CVE-2020-27251 (Critical), CVE-2020-27255 (Medium)
It has been discovered that PDFResurrect incorrectly handled certain memory operations during PDF summary generation. An attacker can use this to cause out-of-bounds writes, resulting in a denial of service or arbitrary code execution. CVE ID: CVE-2020-9549 (High)
It has been discovered that IBM Resilient may allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation. The affected product is Resilient OnPrem version IBM Security SOAR. CVE ID: CVE-2020-4633 (Medium)
It has been discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle snap client connections. An attacker can possibly use this to expose sensitive information. CVE ID: CVE-2020-16123
Multiple vulnerabilities have been discovered in Ubuntu 16.04 libextractor-library used to extract metadata from files. An attacker can possibly use these vulnerabilities to cause a denial of service.
A command injection vulnerability has been discovered in VMware products. A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can take control of an affected system. CVE ID: CVE-2020-4006 (Critical)
Use-after-free vulnerability has been discovered in fs/block_dev.c in Linux kernel. This vulnerability allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. CVE ID: CVE-2020-15436
It has been discovered that Gitea does not prevent a git protocol path which specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go. The affected versions are Gitea 0.9.99 through 1.12.x before 1.12.6. CVE ID: CVE-2020-28991
It has been discovered that Cephx authentication protocol does not verify Ceph clients correctly and is therefore vulnerable to replay attacks in Nautilus. This vulnerability allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. The affected versions are Cephx authentication protocol before 15.2.6 and before 14.2.14. CVE ID: CVE-2020-25660
Multiple heap buffer overflow vulnerabilities have been discovered in CImg, a C++ toolkit to load, save, process and display images. It is recommended to upgrade the cimg packages. CVE ID: CVE-2020-25693
Multiple vulnerabilities have been discovered in Zabbix, a network monitoring solution. An attacker may remotely execute code on the zabbix server, and redirect to external links through the zabbix web frontend. It is recommended to upgrade the Zabbix packages. CVE ID: CVE-2016-10742 (Medium), CVE-2020-11800 (Critical)
It has been discovered that svm_predict_values in svm.cpp in Libsvm allows attackers to cause a Denial of Service via a crafted model Support Vector Machine (SVM) with a large value in the _n_support array. The affected version is Libsvm v324. CVE ID: CVE-2020-28975
It has been discovered that UNIX Symbolic Link (Symlink) following in TP-Link Archer firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. CVE ID: CVE-2020-5797
A CSV injection vulnerability has been discovered in the Admin portal for Netskope which allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system. The affected version is Netskope 75.0. CVE ID: CVE-2020-28845
Multiple vulnerabilities have been discovered in VMware ESXi, Workstation and Fusion. A remote attacker can exploit some of these vulnerabilities to trigger remote code execution & elevation of privilege . The updates are available to remediate these vulnerabilities in affected VMware products. CVE ID: CVE-2020-4004 (Critical), CVE-2020-4005 (High)
It has been discovered that c-ares incorrectly handled certain DNS requests. An attacker can possibly use this vulnerability to cause a Denial of Service. CVE ID: CVE-2020-8277
HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker can exploit this vulnerability using a specially-crafted email message to hang the client. The affected versions are HCL Notes 9, 10 and 11. CVE ID: CVE-2020-14258
Multiple vulnerabilities have been discovered in jupyter-notebook. It is recommended to upgrade the jupyter-notebook packages. CVE ID: CVE-2018-8768 (High), CVE-2018-19351 (Medium), CVE-2018-21030 (Medium)
A vulnerability has been discovered in BIG-IP platforms that may allow attackers to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. CVE ID: CVE-2020-5947
Uncontrolled Resource Consumption vulnerability has been discovered in Mitsubishi Electric's Equipment- MELSEC iQ-R series. Successful exploitation of this vulnerability can cause a denial-of-service condition for the affected product. CVE ID: CVE-2020-5668 (High)
Command injection vulnerability has been discovered in Huawei FusionCompute product. An authenticated, remote attacker may craft specific request to exploit this vulnerability. Due to insufficient verification, this may be exploited to cause the attackers to obtain higher privilege. CVE ID: CVE-2020-9116
It has been discovered that IBM Power9 processors can allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. The affected products are AIX 7.1, 7.2 and VIOS 3.1. CVE ID: CVE-2020-4788 (Medium)
A remote code execution vulnerability has been identified in Drupal, a remote user can exploit this vulnerability on the targeted system. The affected versions are Drupal 7, 8.8 or earlier, 8.9, 9.0. CVE ID: CVE-2020-13671
Multiple vulnerabilities have been discovered in VMware SD-WAN Orchestrator. An attacker can exploit some of these vulnerabilities to take control of an affected system. CVE ID: CVE-2020-3984 (High), CVE-2020-3985 (High), CVE-2020-4000 (Medium), CVE-2020-4001, CVE-2020-4002 (High), CVE-2020-4003 (Medium)
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Google has released Chrome version 87.0.4280.66 for Windows and Linux, and 87.0.4280.67 for Mac. These versions address vulnerabilities which an attacker can exploit to take control of an affected system.
Apple has released security updates to address vulnerabilities in iTunes 12.11 for Windows. An attacker can exploit some of these vulnerabilities to take control of an affected system. CVE ID: CVE-2020-10002, CVE-2020-27912, CVE-2020-27917, CVE-2020-27911, CVE-2020-27918, CVE-2020-27895
Stack-based Buffer Overflow vulnerability has been discovered in Real Time Automation's Equipment- 499ES EtherNet/IP (ENIP) Adaptor Source Code. Successful exploitation of the vulnerability can cause a Denial-of-Service condition and remote code execution. CVE ID: CVE-2020-25159 (Critical)
Multiple vulnerabilities have been discovered in Paradox's Equipment- IP150. Successful exploitation of these vulnerabilities can allow an attacker to remotely execute arbitrary code, which may result in the termination of the physical security system. CVE ID: CVE-2020-25189 (Critical), CVE-2020-25185 (High)
Improper Authorization vulnerability has been discovered in Johnson Controls' Equipment- American Dynamics victor Web Client, Software House C•CURE Web Client. Successful exploitation of this vulnerability can allow an unauthenticated attacker on the network to create and sign their own JSON web token and use it to execute an HTTP API method without the need for valid authentication/authorization. CVE ID: CVE-2020-9049 (High)
It has been discovered that Net-SNMP has improper privilege management in EXTEND MIB which may lead to privileged commands execution. An update for net-snmp is now available for Red Hat Enterprise Linux 6. CVE ID: CVE-2020-15862 (High)
Two vulnerabilities in the certificate list syntax verification and in the handling of CSN normalization have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these vulnerabilities to cause a denial of service via specially crafted packets. It is recommended to upgrade the OpenLDAP packages. CVE ID: CVE-2020-25709, CVE-2020-25710
Multiple vulnerabilities have been discovered in OpenShift Container Platform 3.11 jenkins-2-plugins. The affected products are Red Hat OpenShift Container Platform 3.11 x86_64 and Platform for Power 3.11 ppc64le. An update for jenkins-2-plugins is now available. CVE ID: CVE-2020-2252 (Medium), CVE-2020-2254 (Medium), CVE-2020-2255 (Medium)
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker can exploit some of these vulnerabilities to take control of an affected system. CVE ID: CVE-2020-27130 (Critical), CVE-2020-27125 (High), CVE-2020-27131 (High), CVE-2020-26070 (High)
A potential vulnerability has been discovered in Micro Focus IDOL Admin. This vulnerability can be exploited to perform Persistent XSS attack to get sensitive information like cookies and credentials from the user's browser session. The affected versions are all Micro Focus IDOL versions prior to version 12.7. CVE ID: CVE-2020-25833 (Medium)
It has been discovered that certain SAST CiConfiguration information can be viewed by unauthorized users in GitLab EE. This information can be exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. CVE ID: CVE-2020-26406 (Medium)
It has been discovered that an attacker can inject malicious web code into the PrestaShop users' web browsers by creating a malicious link. The affected version is PrestaShop 4.0.0 and this vulnerability has been fixed in PrestaShop version 4.2.0. CVE ID: CVE-2020-26225 (High)
A vulnerability has been discovered in libvncserver, an API to write one's own VNC server. Due to some missing checks, a divide by zero can happen which can result in a Denial of Service. It is recommended to upgrade the libvncserver packages. CVE ID: CVE-2020-25708
It has been discovered that the update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root. CVE ID: CVE-2020-28656
It has been discovered that the WPBakery plugin for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles. The affected versions are WPBakery plugin before 6.4.1. CVE ID: CVE-2020-28650 (Medium)
It has been discovered that libproxy, a library for automatic proxy configuration management, is vulnerable to a buffer overflow vulnerability when receiving a large PAC file from a server without a Content-Length header in the response. It is recommended to upgrade the libproxy packages. CVE ID: CVE-2020-26154 (Critical)
Apple has released security updates to address vulnerabilities in multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
A vulnerability has been discovered in Mitsubishi Electric product MELSEC iQ-R series CPU modules. Successful exploitation of this vulnerability can cause a denial-of-service condition for the affected products. CVE ID: CVE-2020-5666 (Medium)
The BD Alaris PC Unit and BD Alaris Systems Manager are vulnerable to a network session authentication vulnerability. An attacker can perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit which lead to a drop in the wireless capability of the BD Alaris PC Unit. The affected versions are BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier & BD Alaris Systems Manager, Versions 4.33 and earlier. CVE ID: CVE-2020-25165 (Medium)
An ACL bypass vulnerability has been discovered in pacemaker, a cluster resource manager. An attacker having a local account on the cluster and in the haclient group can use IPC communication with various daemons directly to perform certain malicious tasks. It is recommended to upgrade the pacemaker packages. CVE ID: CVE-2020-25654
A reflected cross-site scripting (XSS) vulnerability has been discovered in the TranzWare Payment Gateway. A remote unauthenticated attacker can execute an arbitrary HTML code via crafted url. CVE ID: CVE-2020-28415
Multiple vulnerabilities such as Improper Authorization, Information Exposure, OS Command Injection, Improper Input Validation, Stack-based Buffer Overflow, Improper Check for Unusual or Exceptional Conditions, and Information Exposure Through Log Files have been discovered in Palo Alto PAN-OS. A remote user can exploit some of these vulnerabilities to trigger remote code execution, obtain sensitive information and bypass security restriction on the targeted system. CVE ID: CVE-2020-2050 (High), CVE-2020-2022 (High), CVE-2020-2000 (High), CVE-2020-1999 (Medium), CVE-2020-2048 (Low)
It has been discovered that Xen 4.14 and earlier version don't restrict access to power/energy monitoring interfaces which should be restricted to privileged software. The interfaces are accessible to all guests.
Multiple vulnerabilities have been identified in Google Chrome, a remote attacker can exploit some of these vulnerabilities to trigger remote code execution on the targeted system. The affected Google Chrome Desktop versions are prior to 86.0.4240.198. CVE ID: CVE-2020-16013 (High), CVE-2020-16017 (High)
Improper Privilege Management vulnerability has been discovered in Schneider Electric's Equipment- EcoStruxure Operator Terminal Expert. Successful exploitation of this vulnerability may allow unauthorized command execution by a local user of the Windows engineering workstation, which may result in loss of availability, confidentiality, and integrity of the workstation where EcoStruxure Operator Terminal Expert runtime is installed. CVE ID: CVE-2020-7544 (High)
Multiple vulnerabilities such as improper restriction of operations within the bounds of a memory buffer, out-of-bounds write and out-of-bounds read have been discovered in Schneider Electric's Equipment- Interactive Graphical SCADA System (IGSS). Successful exploitation of these vulnerabilities may result in remote code execution.
Multiple vulnerabilities such as Improper Privilege Management, and OS Command Injection have been discovered in Citrix Virtual Apps and Desktops which if exploited, result in escalation of privilege, and remote compromise of a Windows Virtual Desktop. CVE ID: CVE-2020-8269, CVE-2020-8270
A vulnerability has been discovered in Apache OpenOffice scripting events which allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. CVE ID: CVE-2020-13958 (Low)
A Cross Site Scripting (XSS) vulnerability has been discovered in the Avaya Equinox Conferencing web portal which may allow authenticated users to perform XSS attacks. The affected versions are Avaya Equinox Conferencing 9.0 to 9.1.9. It is recommended to upgrade to 9.1.10 or later. CVE ID: CVE-2020-7033 (Medium)
It has been discovered that NVIDIA GeForce NOW application software on Windows contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges. The affected versions are GeForce NOW Application all versions prior to 2.0.25.119. CVE ID: CVE‑2020‑5992 (High)
Multiple vulnerabilities such as infinite loop in the tarfile module via crafted TAR archive, and DoS via inefficiency in IPv{4,6}Interface classes have been discovered in python3. An update for python3 is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2019-20907 (High), CVE-2020-14422 (Medium)
It has been discovered that mishandling of Transfer-Encoding header allows for HTTP request smuggling in tomcat. An update for tomcat is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2020-1935 (Medium)
Intel has released security updates to address vulnerabilities in multiple products. An attacker can exploit these vulnerabilities to gain escalation of privileges.
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.
Adobe has released security updates to address vulnerabilities in multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system. CVE ID: CVE-2020-24441, CVE-2020-24442, CVE-2020-24443
A vulnerability has been discovered in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers that can allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
Multiple vulnerabilities have been discovered in Siemens' Equipment- UMC Stack, SIMATIC S7-300 and S7-400 CPUs, and SCALANCE W 1750D. Successful exploitation of these vulnerabilities can allow an attacker to cause a partial denial-of-service condition, credential disclosure, or remote code execution. CVE ID: CVE-2020-7581 (Medium), CVE-2020-7587 (Medium), CVE-2020-7588 (Medium), CVE-2020-15791 (Medium), CVE-2016-2031 (Critical)
Improper Check for Unusual or Exceptional Conditions vulnerability has been discovered in Schneider Electric's Equipment- PLC Simulator for EcoStruxure Control Expert. Successful exploitation of this vulnerability can cause a denial-of-service condition, which can result in a failure of the EcoStruxture Control Expert Simulator. CVE ID: CVE-2020-7538 (High)
Multiple vulnerabilities such as Cross-site Scripting, and Incorrect Authorization have been discovered in OSIsoft's Equipment- PI Vision 2020. Successful exploitation of these vulnerabilities may allow a remote attacker with write access to the PI ProcessBook files to inject code that is imported into PI Vision, or disclose information to a user with insufficient privileges. CVE ID: CVE-2020-25163 (High), CVE-2020-25167 (Medium)
Numeric Errors vulnerability has been discovered in OSIsoft's Equipment- PI Interface. Successful exploitation of this vulnerability can allow an attacker-controlled OPC XML-DA Server to respond with a crafted XML message and exploit the PI Interface for OPC XML-DA, resulting in code execution. CVE ID: CVE-2013-0006 (High)
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Multiple vulnerabilities have been discovered in podman. An update for podman is now available for Red Hat Enterprise Linux 7 Extras. CVE ID: CVE-2020-14040 (High), CVE-2020-14370 (Medium)
Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow an authenticated user to potentially enable escalation of privilege via local access. It is recommended to update the Intel Unite App to version 4.2.12212 or later. CVE ID: CVE-2020-12331 (High)
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker can exploit some of these vulnerabilities to take control of an affected system. CVE ID: CVE-2020-26950 (Critical)
Multiple vulnerabilities such as stored XSS and remote code execution have been discovered in moin, a Python clone of WikiWiki. It is recommended to upgrade the moin packages. CVE ID: CVE-2020-15275, CVE-2020-25074
It has been discovered that lack of input validation while handling ACL rulesets can cause write ACL violations in Joomla!. The affected products are Joomla! CMS versions 1.7.0 - 3.9.22. It is recommended to upgrade to Joomla! version 3.9.23.
It has been discovered that a boundary check in libexif, a library to parse EXIF files, can be optimised away by the compiler, resulting in a potential buffer overflow. It is recommended to upgrade the libexif packages. CVE ID: CVE-2020-0452
It has been discovered that the conferencing component on Mitel ShoreTel devices can allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the time_zone object in the HOME_MEETING& page. CVE ID: CVE-2020-28351
It has been discovered that an inaccurate frame deduplication process in ChirpStack Network Server allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. CVE ID: CVE-2020-28349
It has been discovered that there are two heap overflow vulnerabilities in raptor2, a set of parsers for RDF files which is used, amongst others, in LibreOffice. It is recommended to upgrade raptor2 packages. CVE ID: CVE-2017-18926
It has been discovered that there is a denial of service vulnerability in the MIT Kerberos network authentication system, krb5. The lack of a limit in the ASN.1 decoder can lead to infinite recursion and allow an attacker to overrun the stack and cause the process to crash. It is recommended to upgrade the krb5 packages. CVE ID: CVE-2020-28196
It has been discovered that the server component of Apache Guacamole, a remote desktop gateway, does not properly validate data received from RDP servers. This can result in information disclosure or even the execution of arbitrary code. It is recommended to upgrade the guacamole-server packages. CVE ID: CVE-2020-9497 (Medium), CVE-2020-9498 (Medium)
Apple has released security updates to address vulnerabilities in multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
A vulnerability has been discovered in sddm packages, a modern display manager for X11. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges. It is recommended to upgrade the sddm packages. CVE ID: CVE-2020-28049
A vulnerability has been discovered in the GNOME Display Manager which if not detecting any users may make GDM launch initial system setup and thereby permitting the creation of new users with sudo capabilities. It is recommended to upgrade the gdm3 packages. CVE ID: CVE-2020-16125
A vulnerability has been discovered in the bouncycastle crypto library where attackers can obtain sensitive information due to observable differences in its response to invalid input. It is recommended to upgrade the bouncycastle packages. CVE ID: CVE-2020-26939
It has been discovered that a vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software may allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. CVE ID: CVE-2020-3556 (High)
Multiple vulnerabilities have been discovered in Oracle Java SE, Java SE, and Eclipse OpenJ9 of DB2 Recovery Expert. The affected products are DB2 Recovery Expert for LUW 5.5, 5.5 IF 1, 5.5 IF 2, and 5.5.0.1. It is recommended to upgrade to DB2 Recovery Expert LUW 5.5.0.1 IF0.
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in Linux kernel. An update for kernel is now available for Red Hat Enterprise Linux 8. CVE ID: CVE-2020-24490, CVE-2020-25661, CVE-2020-25662
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Multiple vulnerabilities such as XSS, arbitrary file read, and information disclosure have been discovered in grafana. An update for grafana is now available for Red Hat Enterprise Linux 8.
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Multiple vulnerabilities have been discovered in idm:DL1 and idm:client modules. An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8.
The tcpdump packages contain the tcpdump utility for monitoring network traffic. Multiple vulnerabilities such as SMB data printing mishandled, Out of bounds read/write, Buffer over-read, Access to uninitialized buffer, and Resource exhaustion have been discovered in tcpdump. The affected products are Red Hat Enterprise Linux for x86_64 8 x86_64, Red Hat Enterprise Linux for IBM z Systems 8 s390x, Red Hat Enterprise Linux for Power, little endian 8 ppc64le and Red Hat Enterprise Linux for ARM 64 8 aarch64.
SQLite is a C library that implements an SQL database engine. Multiple vulnerabilities have been discovered in sqlite. An update for sqlite is now available for Red Hat Enterprise Linux 8.
GNOME is the default desktop environment of Red Hat Enterprise Linux. Multiple vulnerabilities have been discovered in GNOME. An update for GNOME is now available for Red Hat Enterprise Linux 8.
An exposure of sensitive information to an unauthorized actor vulnerability has been discovered in FortiMail. This vulnerability may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file. The affected products are FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below, and FortiMail versions 6.4.1 and below. CVE ID: CVE-2020-15933
Multiple vulnerabilities have been discovered in wordpress. It is recommended to upgrade the wordpress packages. CVE ID: CVE-2020-28040 (Medium), CVE-2020-28039 (Critical), CVE-2020-28038 (Medium), CVE-2020-28037 (Critical), CVE-2020-28036 (Critical), CVE-2020-28035 (Critical), CVE-2020-28034 (Medium), CVE-2020-28033 (High), CVE-2020-28032 (Critical)
Multiple vulnerabilities such as Deserialization of Untrusted Data, Access to Critical Private Variable via Public Method, and Information Exposure of Sensitive Information to an Unauthorized Actor have been discovered in ARC Informatique's Equipment- PcVue. Successful exploitation of these vulnerabilities can allow an attacker to execute arbitrary code, expose sensitive data, and prevent legitimate users from connecting to PcVue services. CVE ID: CVE-2020-26867 (Critical), CVE-2020-26868 (High), CVE-2020-26869 (High)
Multiple vulnerabilities such as Improper Input Validation, and Cleartext Transmission of Sensitive Information have been discovered in NEXCOM's Equipment- NIO 50. Successful exploitation of these vulnerabilities can allow an attacker to view sensitive information and cause a denial-of-service condition due to improper input validation. CVE ID: CVE-2020-25151 (Medium), CVE-2020-25155 (Medium)
Uncontrolled Resource Consumption vulnerability has been discovered in WAGO's Equipment- 750-88x and 750-352. Successful exploitation of this vulnerability can allow an attacker to crash the device being accessed using a denial-of-service attack. CVE ID: CVE-2020-12516 (High)
Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker can exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that vulnerabilities exists in multiple products of BIG-IP. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been identified in Android, a remote attacker can exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and sensitive information disclosure on the targeted system. The affected versions are Android 8.0, 8.1, 9, 10 &11.
Google has released Chrome version 86.0.4240.183 for Windows, Mac, and Linux which will roll out over the coming days/weeks. This version addresses vulnerabilities which an attacker can exploit to take control of an affected system. CVE ID: CVE-2020-16004 (High), CVE-2020-16005 (High), CVE-2020-16006 (High), CVE-2020-16007 (High), CVE-2020-16008 (High), CVE-2020-16009 (High), CVE-2020-16011 (High)
A critical remote code execution vulnerability CVE-2020-14750 has been discovered in Oracle WebLogic Server. A remote attacker can exploit this vulnerability to take control of an affected system. The affected products and versions are Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0. CVE ID: CVE-2020-14750 (Critical)
The QtSvg module contains classes for displaying the contents of SVG files. The malformed SVG images are able to cause a segmentation fault in qtsvg-opensource-src. It is recommended to upgrade the qtsvg-opensource-src packages. CVE ID: CVE-2018-19869 (Medium)
Multiple vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks. It is recommended to upgrade the linux packages.
Multiple vulnerabilities have been discovered in cimg, a powerful image processing library. It is recommended to upgrade the cimg packages. CVE ID: CVE-2018-7588 (High), CVE-2018-7589 (High), CVE-2018-7637 (High), CVE-2018-7638 (High), CVE-2018-7639 (High), CVE-2018-7640 (High), CVE-2018-7641 (High), CVE-2019-1010174 (Critical)
Multiple vulnerabilities such as Stack-based Buffer Overflow, and Improper Restriction of XML External Entity Reference have been discovered in WECON's Equipment- LeviStudioU. Successful exploitation of these vulnerabilities may allow an attacker to execute code under the privileges of the application and obtain sensitive information. CVE ID: CVE-2020-16243 (High), CVE-2020-25186 (Medium)
Multiple vulnerabilities such as Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation, NULL Pointer Dereference, Improper Access Control, Argument Injection, Resource Management Errors, and Uncontrolled Resource Consumption have been discovered in Mitsubishi Electric's Equipment- MELSEC iQ-R, Q and L Series. Successful exploitation of these vulnerabilities by malicious attackers may result in network functions entering a denial-of-service condition or allow malware execution, and could cause a denial-of-service condition in the Ethernet port on the CPU module. CVE ID: CVE-2020-5653 (Critical), CVE-2020-5654 (High), CVE-2020-5655 (High), CVE-2020-5656 (Critical), CVE-2020-5657 (High), CVE-2020-5658 (Medium), CVE-2020-5652 (High)
Multiple vulnerabilities have been discovered in Samba. An attacker could exploit these vulnerabilities to take control of an affected system. The affected version are Samba 3.6.0, Samba 4.0 and later. CVE ID: CVE-2020-14318 (Medium), CVE-2020-14323 (Medium), CVE-2020-14383 (Medium)
Authentication Bypass by Capture-replay and Command Injection vulnerabilities have been discovered in JUUKO Industrial Radio Remote Control. Successful exploitation of these vulnerabilities can allow attackers to replay commands, control the device, view commands, and/or stop the device from running. CVE ID: CVE-2018-17932 (High), CVE-2018-19025 (High)
It has been discovered that WebSphere Application Server Admin Console can allow a remote attacker to traverse directories on the system. An attacker can send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. The affected versions are WebSphere Application Server 7.0, 8.0, 8.5, and 9.0. CVE ID: CVE-2020-4782 (Medium)
Red Hat Satellite is a systems management tool for Linux-based infrastructure which allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Multiple vulnerabilities have been discovered in Red Hat Satellite. An update is now available for Red Hat Satellite 6.8 for RHEL 7.
The MariaDB is a community-developed, commercially supported fork of the MySQL Relational Database Management System (RDBMS). Multiple vulnerabilties have been discovered in MariaDB. An attacker can use these vulnerabilities to cause a hang or frequently repeatable crash (denial of service). CVE ID: CVE-2020-13249, CVE-2020-15180, CVE-2020-2752, CVE-2020-2760, CVE-2020-2812, CVE-2020-2814
Multiple vulnerabilities have been discovered in OpenJDK. An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2020-14779 (Low), CVE-2020-14781 (Low), CVE-2020-14782 (Low), CVE-2020-14792 (Medium), CVE-2020-14796 (Low), CVE-2020-14797 (Low), CVE-2020-14803 (Medium)
Vulnerability has been discovered in the Java SE, Java SE Embedded product of Oracle Java SE JAXP. This vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. The affected versions are Java SE: 7u261, 8u251, 11.0.7, 14.0.1, and Java SE Embedded: 8u251. CVE ID: CVE-2020-14621 (Medium)
kpatch-patch is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. It has been discovered that the metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt, and memory corruption in net/packet/af_packet.c leads to elevation of privilege. An update is now available for Red Hat Enterprise Linux 8. CVE ID: CVE-2020-14385, CVE-2020-14386
Multiple vulnerabilities have been discovered in NTPv4 that affect AIX. An attacker can exploit some of these vulnerabilities to consume all available memory resources, cause the daemon to crash or system time change or result in a denial of service condition. The affected products are AIX 7.1, 7.2 and VIOS 3.1 CVE ID: CVE-2020-15025 (Medium), CVE-2020-13817 (High), CVE-2020-11868 (Medium)
Fastd is a fast and secure tunnelling daemon. A receive buffer handling vulnerability has been discovered which allows a denial of service, when receiving packets with an invalid type code. It is recommended to upgrade the fastd packages. CVE ID: CVE-2020-27638
Multiple vulnerabilities have been discovered in phpmyadmin which can result in sensitive information leak, XSS attack through the transformation feature & inject malicious SQL in to a query. CVE ID: CVE-2019-19617 (Critical), CVE-2020-26934 (Medium), CVE-2020-26935
Multiple vulnerabilities have been discovered in OpenJDK Java runtime, which can result in denial of service, information disclosure, bypass of access/sandbox restrictions or the acceptance of untrusted certificates. It is recommended to upgrade the openjdk-11 packages. CVE ID: CVE-2020-14779 (Low), CVE-2020-14781, CVE-2020-14782 (Low), CVE-2020-14792 (Medium), CVE-2020-14796 (Low), CVE-2020-14797 (Low), CVE-2020-14798 (Low), CVE-2020-14803 (Medium)
FreeType is a popular software development library used to render text onto bitmaps, and provides support for other font-related operations. It has been discovered that a heap-based buffer overflow vulnerability occurs while handling the embedded PNG bitmaps in FreeType. Opening malformed fonts may result in denial of service or the execution of arbitrary code. CVE ID: CVE-2020-15999
It has been discovered that FruityWifi has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system. The affected versions are FruityWifi through 2.4. CVE ID: CVE-2020-24848
Microsoft has released a security update to address vulnerabilities in Edge (Chromium-based). An attacker can exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities such as cross site scripting and information disclosure have been discovered in VMware Horizon Server and VMware Horizon Client for Windows respectively. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed.The affected versions are Horizon Server 7.x, 8.x and Horizon Client for Windows 5.x and prior. CVE ID: CVE-2020-3997 (Medium), CVE-2020-3998 (Low)
NVIDIA has released a software security update for NVIDIA GeForce Experience, all versions prior to 3.20.5.70 software. This update addresses vulnerabilities that may lead to denial of service, escalation of privileges, code execution, or information disclosure. CVE ID: CVE‑2020‑5977 (High), CVE‑2020‑5978 (Low), CVE‑2020‑5990 (High)
B. Braun Medical Inc., develops, manufactures, and markets innovative medical products and services. Multiple vulnerabilities have been discovered in OnlineSuite versions AP 3.0 and earlier products. Successful exploitation of these vulnerabilities can allow an attacker to escalate privileges, download and upload arbitrary files, and perform remote code execution.
Multiple vulnerabilities have been discovered in netty-3.9 - Asynchronous event-driven network application framework. A remote attacker can use these vulnerabilities to extract sensitive information. CVE ID: CVE-2019-16869 (High), CVE-2019-20444 (Critical), CVE-2019-20445 (Critical), CVE-2020-7238 (High)
It has been discovered that libetpan - Mail Framework for C Language, incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker can possibly use this vulnerability to perform a response injection attack. CVE ID: CVE-2020-15953 (High)
It has been discovered that pip did not properly sanitize the filename during pip install. A remote attacker can possible use this vulnerability to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack. CVE ID: CVE-2019-20916 (High)
It has been discovered that mod_auth_mellon incorrectly handled cookies, and requests. An attacker can possibly use these vulnerabilities to cause a Cross-Site Session Transfer attack, redirect a user to a malicious URL, or access sensitive information. CVE ID: CVE-2017-6807 (Medium), CVE-2019-3877 (Medium), CVE-2019-3878 (High)
It has been discovered that the FileImporter extension in MediaWiki do not properly attribute various user actions to a specific user's IP address. This results in an inability to properly audit and attribute various user actions performed via the FileImporter extension. The affected versions are FileImporter extension in MediaWiki through 1.35.0. CVE ID: CVE-2020-27621
Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker can exploit some of these vulnerabilities to take control of an affected system.
The double-free vulnerability occur when free() is called more than once with the same memory address as an argument. Double-free vulnerability has been discovered in BlueZ, a suite of Bluetooth tools, utilities and daemons. A remote attacker can potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. CVE ID: CVE-2020-27153 (High)
Multiple vulnerabilities have been discovered in Tomcat. An attacker can possibly use these vulnerabilities to cause denial of service or execute arbitrary code. CVE ID: CVE-2020-11996 (High), CVE-2020-13934 (High), CVE-2020-13935 (High), CVE-2020-9484 (High)
Pam-python enables PAM modules to be written in Python. It has been discovered that Pam-python mishandled certain environment variables. A local attacker can potentially use this vulnerability to execute programs as root. CVE ID: CVE-2019-16729 (High)
Google has released Chrome version 86.0.4240.111 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker can exploit to take control of an affected system. CVE ID: CVE-2020-16000 (High), CVE-2020-16001 (High), CVE-2020-16002 (High), CVE-2020-15999 (High), CVE-2020-16003 (Medium)
Grunt is a JavaScript task runner/build system/maintainer tool. It has been discovered that Grunt did not properly load yaml files. An attacker can possibly use this vulnerability to execute arbitrary code. CVE ID: CVE-2020-7729 (High)
Oracle has released its Critical Patch Update for October 2020 to address 402 vulnerabilities across multiple products. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities in VMware ESXi, Workstation, Fusion and NSX-T were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. A remote attacker can exploit one of these vulnerabilities to take control of an affected system. CVE ID: CVE-2020-3981 (High), CVE-2020-3982 (Medium), CVE-2020-3992 (Critical), CVE-2020-3993 (High), CVE-2020-3994 (High), CVE-2020-3995 (High)
Multiple critical vulnerabilities have been discovered in various Adobe products. An attacker can exploit some of these vulnerabilities to take control of an affected system. CVE ID: CVE-2020-24420, CVE-2020-24424, CVE-2020-24421, CVE-2020-9747, CVE-2020-24416, CVE-2020-24409, CVE-2020-24414, CVE-2020-24410, CVE-2020-24411, CVE-2020-24425, CVE-2020-9748, CVE-2020-9749, CVE-2020-9750, CVE-2020-24418, CVE-2020-24419, CVE-2020-24423
Classic Buffer Overflow vulnerability has been discovered in Rockwell Automation's Equipment- 1794-AENT Flex I/O Series B. Successful exploitation of these vulnerabilities can crash the device being accessed, resulting in a buffer overflow condition that may allow remote code execution. CVE ID: CVE-2020-6083 (High), CVE-2020-6084 (High), CVE-2020-6085 (High), CVE-2020-6086 (High), CVE-2020-6087 (High)
Multiple vulnerabilities such as Stack-based Buffer Overflow and Improper Restriction of XML External Entity Reference have been discovered in WECON's Equipment- LeviStudioU. Successful exploitation of these vulnerabilities can allows an attacker to execute code under the privileges of the application and obtain sensitive information. CVE ID: CVE-2020-16243 (High), CVE-2020-25186 (Medium)
Protection Mechanism Failure vulnerability has been discovered in Capsule Technologies' Equipment- SmartLinx Neuron 2. Successful exploitation of this vulnerability can provide an attacker with full control of a trusted device on a hospital’s internal network. CVE ID: CVE-2019-5024 (High)
Multiple vulnerabilities in Advanced Virtualization for RHEL 8.1.1 module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products virt:8.1 and virt-devel:8.1 modules. The updates are now available for Advanced Virtualization for RHEL 8.1.1. CVE ID: CVE-2020-14364 (Medium), CVE-2020-1983 (Medium)
Multiple vulnerabilities have been discovered in Bluetooth L2CAP & A2MP implementation and in Bluetooth HCI event packet parser in the Linux kernel. A physically proximate remote attacker can use this to cause a denial of service (system crash) or possibly execute arbitrary code or expose sensitive information. CVE ID: CVE-2020-12351, CVE-2020-12352, CVE-2020-24490
It has been discovered that FlightGear can write arbitrary files if received a special nasal script. A remote attacker can exploit this with a crafted file to execute arbitrary code. CVE ID: CVE-2016-9956 (High)
Multiple vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks. It is recommend to upgrade linux packages. CVE ID: CVE-2020-12351, CVE-2020-12352, CVE-2020-25211, CVE-2020-25643, CVE-2020-25645
Multiple vulnerabilities have been discovered in python. An update for rh-python36-python, rh-python36-python-pip, and rh-python36-python-virtualenv is now available for Red Hat Software Collections. CVE ID: CVE-2019-16935 (Medium), CVE-2019-18348 (Medium), CVE-2019-20907 (High), CVE-2019-20916 (High), CVE-2020-8492 (Medium), CVE-2020-14422 (Medium), CVE-2020-26116 (High)
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
A remote code execution vulnerability exists in Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability can execute arbitrary code. CVE ID: CVE-2020-17022
SQL Injection vulnerability has been discovered in Advantech R-SeeNet Versions 1.5.1 through 2.4.10 . Successful exploitation of this vulnerability can allow remote attackers to retrieve sensitive information from the R-SeeNet database. CVE ID: CVE-2020-25157 (High)
A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability can run arbitrary code in the context of the current user. CVE ID: CVE-2020-17023
Adobe has released security updates to address vulnerabilities affecting Magento Commerce and Magento Open Source. An attacker can exploit some of these vulnerabilities to take control of an affected system. CVE ID: CVE-2020-24407(Critical), CVE-2020-24400 (Critical), CVE-2020-24402(Important), CVE-2020-24401 (Important) , CVE-2020-24404 (Important) , CVE-2020-24406(Moderate), CVE-2020-24408 (Important), CVE-2020-24405 (Important), CVE-2020-24403 (Important)
Advantech WebAccess/SCADA Versions 9.0 and prior, a browser-based SCADA software package may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. CVE ID: CVE-2020-25161 (High)
Multiple vulnerabilities have been discovered in Wibu-Systems AG's Equipment- CodeMeter versions prior to 7.10a, 6.81 & 6.90 . Successful exploitation of these vulnerabilities can allow an attacker to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code execution, read heap data, and prevent normal operation of third-party software dependent on the CodeMeter. CVE ID: CVE-2020-14509 (Critical), CVE-2020-14517 (Critical), CVE-2020-14519 (High), CVE-2020-14513 (High), CVE-2020-14515 (High), CVE-2020-16233 (High)
It has been discovered that the Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This may allow an attacker to steal password hashes stored on the system. The affected Juniper Networks Junos OS on NFX350 are 19.4 versions prior to 19.4R3 & 20.1 versions prior to 20.1R1-S4, 20.1R2. CVE ID: CVE-2020-1669 (Medium)
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
The product BIG-IP version 11.x,12.x,13.x,14.x,15.x & 16.x, OpenSSH Client sessions is vulnerable to a man-in-the-middle attack. CVE ID: CVE-2020-14145 (Medium)
Out-of-bounds Read vulnerability has been discovered in LCDS' Equipment- LAquis SCADA. Successful exploitation of this vulnerability can allow an attacker to execute code under the privileges of the application. CVE ID: CVE-2020-25188 (High)
Untrusted Search Path vulnerability has been discovered in Flexera's Equipment- InstallShield. Successful exploitation of this vulnerability can allow execution of a malicious DLL. CVE ID: CVE-2016-2542 (High)
Stack-based Buffer Overflow vulnerability has been discovered in Fieldcomm Group's Equipment- HARP-IP Developer kit Release 1.0.0.0 and hipserver Release 3.6.1. Successful exploitation of this vulnerability can crash the device being accessed or a buffer overflow condition may allow remote code execution. CVE ID: CVE-2020-16209 (Critical)
Multiple vulnerabilities have been discovered in multiple products of Siemens. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.
A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability can gain the ability to execute code on the target server or client. CVE ID: CVE-2020-16898
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in OpenShift Container Platform 4.4.27 openshift-jenkins-2-container which can lead to information disclosure & cross-site scripting. An update for openshift-jenkins-2-container is now available. CVE ID: CVE-2020-2231(Medium), CVE-2020-2230(Medium), CVE-2020-2229 (Medium), CVE-2019-17638 (Critical)
A vulnerability has been discovered in dom4j - Flexible XML framework for Java. If incorrectly handled reading XML data. A remote attacker can exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code. CVE ID: CVE-2020-10683 (Critical)
Adobe has released security updates for Adobe Flash Player for Windows, macOS,Linux and Chrome OS. These updates address a critical vulnerability in Adobe Flash Player. Successful exploitation can lead to an exploitable crash,potentially resulting in arbitrary code execution in the context of the current user. CVE ID: CVE-2020-9746 (High)
A vulnerability has been discovered in the kernel of Red Hat Enterprise Linux Server 7. An update for kernel is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. CVE ID: CVE-2019-19527 (Medium)
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Multiple Vulnerabilities have been discovered in Red Hat JBoss Enterprise Application Platform 7.3.3 which allows Denial of Service, Provide Misleading Information, Access Confidential Data. CVE ID: CVE-2020-14299 (Critical), CVE-2020-14338 ( Medium ), CVE-2020-14340 , CVE-2020-1954 (Medium).
A Vulnerability has been discovered in Siemens SIMATIC S7-300 S7-400 CPUs, which can allows to access confidential data. The authentication protocol between a client and a PLC via port 102/tcp insufficiently protects the transmitted password. This can allow an attacker to intercept the network traffic to obtain valid PLC credentials. CVE ID: CVE-2020-15791(Medium)
Improper Authentication vulnerability has been discovered in Hitachi ABB Power Grids' Equipment- XMC20 Multiservice-Multiplexer. Successful exploitation of this vulnerability can allow an attacker to remotely take control of the product. CVE ID: CVE-2018-10933 (Critical)
In Apache Tomcat HTTP/2 Request mix-up, it has been discovered that if an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. CVE ID: CVE-2020-13943
Multiple vulnerabilities have been discovered in the SUSE Linux Enterprise 15 SP2 kernel. The updates have been issued for various security and bug fixes. CVE ID: CVE-2020-26088 (Medium), CVE-2020-25284 (Medium), CVE-2020-14390 (Medium), CVE-2020-14385 (Medium), CVE-2020-2521, CVE-2020-0432 (High), CVE-2020-0431 (High), CVE-2020-0427 (Medium), CVE-2020-0404 (High).
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. Security update has been released to fix this vulnerability. CVE ID: CVE-2020-15095 (Medium)
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. Successful exploitation may allow an attacker to eavesdrop on all encrypted communications sent over that TLS connection. Security updates has been released to fixed this in OpenSSL. CVE ID: CVE-2020-1968 (Low)
A vulnerability has been discovered in httpcomponents-client, a Java library for building HTTP-aware applications that can misinterpret a malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. CVE ID: CVE-2020-13956
A vulnerability has been discovered in Eclipse Web Tools Platform, a component of the Eclipse IDE, XML and DTD files referring to external entities. It can be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences. CVE ID: CVE-2019-17637 (High)
A potential Cross-Site Scripting (XSS) vulnerability has been discovered in rails, a ruby based MVC framework. Views that allow the user to control the default value of the `t` and `translate` helpers can be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. CVE ID: CVE-2020-15169 (Medium)
A vulnerability has been discovered in IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) which can allow an unauthenticated attacker to cause a denial of service due to a hang in the execution of a terminate command. CVE ID: CVE-2020-4420 (High)
Multiple vulnerabilities have been discovered in MOXA's Equipment- NPort IAW5000A-I/O Series Serial Device Servers. Successful exploitation of these vulnerabilities can allow an attacker to gain access to and hijack a session, allow an attacker with user privileges to perform requests with administrative privileges, allow the use of weak passwords, allow credentials of third-party services to be transmitted in cleartext, allow the use of brute force to bypass authentication on an SSH/Telnet session and allow access to sensitive information without proper authorization. CVE ID: CVE-2020-25198 (High), CVE-2020-25194 (High), CVE-2020-25153 (Critical), CVE-2020-25190 (High), CVE-2020-25196 (Critical), CVE-2020-25192 (Medium)
Johnson Controls has confirmed an arbitrary file deletion vulnerability with all versions of victor Web Client. The vulnerability can allow a remote unauthenticated attacker to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack. CVE ID: CVE-2020-9048 (High)
An uncontrolled resource consumption vulnerability has been discovered in Mitsubishi Electric's MELSEC iQ-R Series equipment when it gets some specially crafted packets from an attacker. Successful exploitation of this vulnerability could result in a denial-of-service condition. CVE ID: CVE-2020-16850
Go Toolset provides the Go programming language tools and libraries. An update for go-toolset-1.13 and go-toolset-1.13-golang is now available for Red Hat Developer Tools which fixes multiple vulnerabilities. CVE ID: CVE-2020-16845 (High), CVE-2020-15586 (Medium), CVE-2020-14040 (High)
Red Hat AMQ Interconnect is a component of the AMQ 7 product family. Red Hat AMQ Interconnect 1.9.0 has released packages available for A-MQ Interconnect that includes security and bug fixes, and enhancements. CVE ID: CVE-2020-11023 (Medium) , CVE-2020-11022 (Medium), CVE-2020-7656 (Medium)
Multiple vulnerabilities have been discovered in golang-go.crypto package. It is recommended to upgrade to latest release. CVE ID: CVE-2020-9283 (High) , CVE-2019-11841 (Medium), CVE-2019-11840 (Medium)
Apache ActiveMQ, a Java message broker, uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. It is recommended to upgrade the activemq packages. CVE ID: CVE-2020-13920 (Medium)
Multiple vulnerabilities have been identified in IBM Security Access Manager and IBM Security Verify Access products which can allow an attacker to obtain sensitive information using timing side channel attacks which can lead to further attacks against the system. CVE ID: CVE-2020-4699, CVE-2020-4661, CVE-2020-4660
The update for hexchat fixes a vulnerability that implies a directory traversal possibility if a user can be convinced to connect to a server with a hostname with ".." in its name. CVE ID: CVE-2016-2087 (High)
Multiple vulnerabilities like NullPointerException in - DerValue.equals(DerValue), NegativeArraySizeException in - sun.security.util.DerInputStream.getUnalignedBitString(), Less Affine Transformations etc. have been discovered in Java-1_7_0-openjdk . The update for java-1_7_0-openjdk fixes the issues. CVE ID: CVE-2020-14621 (Medium), CVE-2020-14593 (High), CVE-2020-14583 (High), CVE-2020-14581 (Low), CVE-2020-14579 (Low), CVE-2020-14578 (Low), CVE-2020-14577 (Low)
Cross-Site Scripting vulnerability has been discovered in the web-based management interface of Cisco Firepower Management Center that could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. CVE ID: CVE-2020-3320 (Medium)
Sympa, a modern mailing list manager, allows privilege escalation through setuid wrappers which can allow a local attacker to obtain root access. It is recommended to upgrade the sympa packages. CVE ID: CVE-2020-10936 (High)
Multiple vulnerabilities such as such as OOB access, denial of service, buffer overflow and out-of-bounds read/write have been discovered in Qemu. It is recommended to upgrade the qemu packages. CVE ID: CVE-2020-24352 , CVE-2020-16092 (Low) , CVE-2020-15863 (High) , CVE-2020-14364 (Medium)
Multiple vulnerabilities such as Remote Code Execution, Denial of Service, and Disclosure of Sensitive Information have been identified in Integrated Lights-Out 4 (iLO 4) firmware for Moonshot and Edgeline cartridges and blades, and Moonshot iLO Chassis Manager firmware. CVE ID: CVE-2020-11914 (Medium), CVE-2020-11912 (Medium), CVE-2020-11911 (Medium), CVE-2020-11907 (Medium), CVE-2020-11906 (Medium), CVE-2020-11900 (High), CVE-2020-11898 (Critical), CVE-2020-11896 (Critical)
An unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a policy is triggered. CVE ID: CVE-2020-7316 (Medium)
Multiple vulnerabilities have been discovered in Thunderbird, which may lead to the execution of arbitrary code or denial of service. CVE ID: CVE-2020-15678 (High), CVE-2020-15677 (Medium), CVE-2020-15676 (Medium), CVE-2020-15673 (High)
A vulnerability has been discovered in tigernvc, a Virtual Network Computing client and server implementation. The viewer implementation mishandles TLS certificate exceptions, storing the certificates as authorities, meaning that the owner of a certificate can impersonate any server after a client has added an exception. CVE ID: CVE-2020-26117
It has been discovered that Spice incorrectly handled QUIC image decoding. A remote attacker can use this to cause Spice to crash, resulting in a denial of service or possibly execute arbitrary code. CVE ID: CVE-2020-14355
A vulnerability has been discovered in PHP, a server-side, HTML-embedded scripting language. When PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge a cookie which is supposed to be secure. CVE ID: CVE-2020-7070 (Medium)
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Multiple vulnerabilities such as amplification of an incoming query into a large number of queries directed to a target and infinite loop via malformed DNS answers received from upstream servers have been detected. An update for unbound is now available for Red Hat Enterprise Linux 7.7. CVE ID: CVE-2020-12663 (High) , CVE-2020-12662 (High)
Multiple vulnerabilities have been identified in Red Hat Container Native Virtualization 2.4 for RHEL 8 x86_64 & 7 x86_64. Red Hat OpenShift Virtualization release 2.4.2 is available with updates to packages and images that fix all bugs and add enhancements. CVE ID: CVE-2019-11756 (High), CVE-2019-17006, CVE-2019-17023 (Medium), CVE-2020-12402 (Medium), CVE-2020-12825 (High), CVE-2020-14352 (High), CVE-2020-14365 (High), CVE-2020-15586 (Medium), CVE-2020-16845 (High)
Multiple vulnerabilities such as NULL profile dereference in dbi_profile ,memory corruption and stack corruption have been discovered in Perl-DBI. It is recommended to update the Perl-DBI packages. CVE ID: CVE-2019-20919 (Medium) , CVE-2013-7491 (Medium) , CVE-2013-7490 (Medium)
Multiple vulnerabilities have been discovered in OpenSSH and OpenSSL shipped with IBM Security Access Manager Appliance. OpenSSH & OpenSSL can allow a remote attacker to obtain sensitive information. Affected Products and Versions are IBM Security Access Manage 7.0 & 8.0. CVE ID: CVE-2019-1559 (Medium) , CVE-2018-15473 (Medium)
It has been discovered that OpenConnect has a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. An attacker can use it to provoke a Denial of Service attack. CVE ID: CVE-2019-16239 (Critical)
Multiple vulnerabilities have been discovered in Apache Tika. It can have excessive memory usage by using a crafted or corrupt PSD file. An attacker can use it to cause a Denial of Service attack. CVE ID: CVE-2020-1951 (Medium), CVE-2020-1950 (Medium)
It has been discovered that OpenDMARC is prone to a signature-bypass vulnerability with multiple "From:" addresses. An attacker can use it to bypass spam and abuse filters. CVE ID: CVE-2019-16378 (Critical)
Multiple vulnerabilities have been discovered in Android devices. Security patches have been issued. The most severe of these issues is a high security vulnerability in the System component that can enable a remote attacker using a specially crafted transmission to gain access to additional permissions.
Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository. Affected products and versions are WebSphere Service Registry and Repository V8.5 & V9.0 and WebSphere Application Server V8.5.5 & V8.0. CVE ID: CVE-2020-4629 (Low), CVE-2020-4576
MariaDB is a multi-user, multi-threaded SQL database server. Multiple vulnerabilities have been identified in rh-mariadb102-mariadb and rh-mariadb102-galera. An update for rh-mariadb102-mariadb and rh-mariadb102-galera has been rolled out for Red Hat Software Collections.
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. An update for rh-maven35-jackson-databind has been rolled out for Red Hat Software Collections. CVE ID: CVE-2020-24750 (High)
An update for cockpit-ovirt, imgbased, redhat-release-virtualization-host, and redhat-virtualization-host has been rolled out for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. This update has been rated as having a security impact of Important by Red Hat Product Security. CVE ID: CVE-2020-14364 (Medium), CVE-2020-10713 (High)
The urllib3 is a powerful, user-friendly HTTP client for Python. It has been discovered that urllib3 incorrectly handled certain character sequences. A remote attacker can possibly use this issue to perform Carriage Return Line Feed (CRLF) injection. CVE ID: CVE-2020-26137
It has been discovered that Yaws does not properly sanitize XML input and mishandled certain input when running CGI scripts. A remote attacker can use these vulnerabilities to execute an XML External Entity (XXE) injection attack and to execute arbitrary commands respectively. CVE ID: CVE-2020-24916 (Critical), CVE-2020-24379 (Critical)
A vulnerability has been identified in Brotli a lossless compression algorithm and format, if incorrectly handled certain inputs an attacker can possibly use this issue to cause a crash. CVE ID: CVE-2020-8927 (Medium)
Rack-cors provides support for Cross-Origin Resource Sharing (CORS) for Rack compatible web applications. It has been discovered that rack-cors does not properly handle relative file paths. An attacker can use this vulnerability to access arbitrary files. CVE ID: CVE-2019-18978 (Medium)
The Cyrus IMAP Server can execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name and allow users to create any mailbox with administrative privileges. An attacker can use these vulnerabilities to cause a crash or possibly execute arbitrary code and obtain sensitive information respectively. CVE ID: CVE-2019-19783 (Medium), CVE-2019-11356 (Critical)
A potential security vulnerability has been identified in HPE IP Console Switch G2 4x1Ex32. The vulnerability can be remotely exploited to allow Stored XSS, code injection. CVE ID: CVE-2020-24627, CVE-2020-24628
Multiple vulnerabilities have been discovered in the Xen hypervisor, which can result in denial of service, guest-to-host privilege escalation or information leaks. CVE ID: CVE-2020-25595 (High), CVE-2020-25596 (Medium), CVE-2020-25597 (Medium), CVE-2020-25599 (High), CVE-2020-25600 (Medium), CVE-2020-25601 (Medium), CVE-2020-25602 (Medium), CVE-2020-25603 (High), CVE-2020-25604 (Medium).
It has been discovered that SNMP Trap Translator (SNMPTT) does not drop privileges as configured and does not properly escape shell commands in certain functions. A remote attacker, by sending a malicious crafted SNMP trap, can possibly execute arbitrary shell code with the privileges of the process or cause a Denial of Service condition. CVE ID: CVE-2020-24361 (Critical)
Multiple vulnerabilities such as Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature and Improper Resource Shutdown or Release have been discovered in Wibu-Systems AG’s CodeMeter Equipment. Successful exploitation of these vulnerabilities can allow an attacker to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code execution, read heap data, and prevent normal operation of third-party software dependent on the CodeMeter. CVE ID: CVE-2020-14509 (Critical), CVE-2020-14519 (High), CVE-2020-14517 (Critical), CVE-2020-16233 (High), CVE-2020-14513 (High), CVE-2020-14515 (High)
An information exposure vulnerability has been Identified in IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On. The affected versions are IBM Security Access Manager for Enterprise Single Sign-On 8.2.0, 8.2.1, 8.2.2. CVE ID: CVE-2020-4576 (Medium)
It has been discovered that an incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE ID: CVE-2020-0543 (Medium)
Multiple Vulnerabilities such as SQL Injection, Cross-site Request Forgery and Command Injection have been discovered in MB connect line’s Equipment- mymbCONNECT24, mbCONNECT24. Successful exploitation of these vulnerabilities can allow a remote attacker to gain unauthorized access to arbitrary information or allow remote code execution. CVE ID: CVE-2020-24569, CVE-2020-24568, CVE-2020-24570
ruby-gon is a ruby library to send data to JavaScript from a Ruby application. It has been discovered that Gon gem does not properly escape certain input. An attacker can use this vulnerability to execute a cross-site scripting (XSS) attack. CVE ID: CVE-2020-25739 (Medium)
It has been discovered that crafted custom field name may be used to inject HTML into bug_actiongroup_page in MantisBT. The affected versions are MantisBT before 2.24.3. CVE ID: CVE-2020-25830
It has been discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker can use this issue to forge an authentication token and steal the credentials of the domain admin. CVE ID: CVE-2020-1472 (Critical)
libapreq2 is a safe, standards-compliant, high-performance library used for parsing HTTP cookies, query-strings and POST data. It has been discovered that libapreq2 did not properly sanitize the Content-Type field in certain, crafted HTTP requests. An attacker can use this vulnerability to cause libapreq2 to crash. CVE ID: CVE-2019-12412
Kramdown is a fast, pure-Ruby Markdown-superset converter for ruby library. It has been discovered that kramdown insecurely handled certain crafted input. An attacker can use this vulnerability to read restricted files or execute arbitrary code. CVE ID: CVE-2020-14001 (Critical)
It has been discovered that WebSphere Application Server is vulnerable to an information disclosure vulnerability. IBM WebSphere Application Server traditional can allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. The affected versions are WebSphere Application Server 7.0, 8.0, 8.5, and 9.0. CVE ID: CVE-2020-4576
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Birthday attack against 64-bit block ciphers has been discovered in SSL/TLS. An update for openshift-enterprise-console-container is now available for Red Hat OpenShift Container Platform 4.5. CVE ID: CVE-2016-2183 (High)
A potential HTTP request smuggling vulnerability has been discovered in WEBrick. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to “smuggle” a request. CVE ID: CVE-2020-25613
The cloud-init packages provide a set of init scripts for cloud instances. Multiple vulnerabilities have been discovered in cloud-init. An update for cloud-init is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2020-8631 (Medium), CVE-2020-8632 (Medium), CVE-2018-10896 (High)
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. A memory leak vulnerability has been discovered in the create_helper() function in /src/helper.c. An update for dnsmasq is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2019-14834 (Low)
Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Multiple vulnerabilities have been discovered in SDL. An update for SDL is now available for Red Hat Enterprise Linux 7.
Multiple vulnerabilities such as Path Traversal, Uncontrolled Resource Consumption, Information Exposure, Improper Authentication, and Information Disclosure have been discovered in B&R Industrial Automation GmbH's Equipment- SiteManager and GateManager. Successful exploitation of these vulnerabilities can allow for arbitrary information disclosure, manipulation, and a denial-of-service condition. CVE ID: CVE-2020-11641 (High), CVE-2020-11642 (High), CVE-2020-11643 (Medium), CVE-2020-11644 (Medium), CVE-2020-11645 (Medium), CVE-2020-11646 (Medium)
The libexif packages provide a library for extracting extra information from image files. Multiple vulnerabilities have been discovered in libexif. An update for libexif is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2019-9278 (High), CVE-2020-0093 (Medium), CVE-2020-13113 (High), CVE-2020-13114 (High), CVE-2020-0182 (Medium), CVE-2020-12767 (Medium)
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Multiple vulnerabilities have been discovered in freerdp. An update for freerdp is now available for Red Hat Enterprise Linux 7.
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Multiple vulnerabilities such as Optimizer unspecified, C API unspecified, DML unspecified, and Stored Procedure unspecified have been discovered in mysql of MariaDB. An update for mariadb is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2019-2974 (Medium), CVE-2020-2752 (Medium), CVE-2020-2780 (Medium), CVE-2020-2812 (Medium), CVE-2020-2574 (Medium)
libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. It has been discovered that xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL and use after free vulnerability exits in xsltCopyText in transform.c can lead to information disclosure. An update for libxslt is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2019-11068 (Critical), CVE-2019-18197 (High)
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Multiple vulnerabilities such as potential DoS by holding a monitor job while querying QEMU guest-agent, and potential denial of service via active pool without target path have been discovered in libvirt. An update for libvirt is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2019-20485 (Medium), CVE-2020-10703 (Medium)
The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. An out-of-bounds read vulnerability in CiffDirectory::readDirectory due to lack of size check has been discovered in exiv2. An update for exiv2 is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2019-17402 (Medium)
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Multiple vulnerabilities such as privilege escalation, Information leak, and DoS have been discovered in freeradius. An update for freeradius is now available for Red Hat Enterprise Linux 7.
GLib provides the core application building blocks for libraries and applications written in C. It has been discovered that file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress and missing authorization allows local attacker to access the input bus of another user. An update for glib2 and ibus is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2019-12450 (Critical), CVE-2019-14822 (High)
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. A remotely triggerable DoS vulnerability has been discovered in svnserve 'get-deleted-rev'. An update for subversion is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2018-11782 (Medium)
It has been discovered that libuv incorrectly handled certain paths. An attacker can possibly use this vulnerability to cause a crash or execute arbitrary code. CVE ID: CVE-2020-8252
It has been discovered that IBM Cloud Private is vulnerable to Kubernetes vulnerabilities. The affected versions are IBM Cloud Private 3.2.1 CD and 3.2.2 CD. CVE ID: CVE-2020-8557 (Medium), CVE-2020-8559 (Medium)
Multiple vulnerabilities have been discovered in the Perl5 Database Interface (DBI). An attacker can trigger a denial-of-service (DoS) and possibly execute arbitrary code. It is recommended to upgrade the libdbi-perl packages. CVE ID: CVE-2019-20919 (Medium), CVE-2020-14392 (Medium), CVE-2020-14393 (High)
Multiple vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service, or information leak. It is recommended to upgrade the linux-4.19 packages.
Multiple vulnerabilities have been discovered in qt4-x11, the legacy version of the Qt toolkit. It is recommended to upgrade the qt4-x11 packages. CVE ID: CVE-2018-15518 (High), CVE-2018-19869 (Medium), CVE-2018-19870 (High), CVE-2018-19871 (Medium), CVE-2018-19872 (Medium), CVE-2018-19873 (Critical), CVE-2020-17507 (Medium)
libpgf is a Progressive Graphics File (PGF) library. It has been discovered that libPGF lacked proper validation when opening a specially crafted PGF file. An attacker can possibly use this vulnerability to cause a denial of service. CVE ID: CVE-2015-6673 (Critical)
Teeworlds is an online multi-player platform 2D shooter. It has been discovered that Teeworlds server does not properly handle certain network traffic. A remote, unauthenticated attacker can use this vulnerability to cause Teeworlds server to crash. CVE ID: CVE-2020-12066 (High)
It has been discovered that Squid incorrectly handled certain Content-Length headers, incorrectly validated certain data and incorrectly handled certain Cache Digest response messages sent by trusted peers. A remote attacker can possibly use these vulnerabilities to perform an HTTP request smuggling and splitting attack, resulting in cache poisoning and causes Squid to consume resources, resulting in a denial of service. CVE ID: CVE-2020-15049 (High), CVE-2020-15810 (Medium), CVE-2020-15811 (Medium), CVE-2020-24606 (High)
It has been discovered that DPDK incorrectly handled vhost crypto. An attacker inside a guest can use these issues to perform multiple attacks, including denial of service attacks, obtaining sensitive information from the host, and possibly executing arbitrary code on the host. CVE ID: CVE-2020-14374, CVE-2020-14375, CVE-2020-14376, CVE-2020-14377, CVE-2020-14378
It has been discovered that the LibVNCClient vendored in SSVNC incorrectly handled certain packet lengths. A remote attacker can possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. CVE ID: CVE-2018-20020 (Critical), CVE-2018-20021 (High), CVE-2018-20022 (High), CVE-2018-2024 (High)
Multiple vulnerabilities have been discovered in iTALC. A remote attacker can exploit these vulnerabilities to expose and obtain sensitive information, cause a denial of service, or execute arbitrary code. CVE ID: CVE-2019-15681 (High), CVE-2018-15127 (Critial), CVE-2018-20019 (Critical), CVE-2018-20020 (Critical), CVE-2018-20021 (High), CVE-2018-20022 (High), CVE-2018-20023 (High), CVE-2018-20024 (High), CVE-2018-20748 (Critical), CVE-2018-20749 (Critical), CVE-2018-20750 (Critical), CVE-2018-7225 (Critical), CVE-2019-15681 (High)
Multiple vulnerabilities have been discovered in yaws, a high performance HTTP 1.1 webserver written in Erlang. Reject external resource requests in DAV in order to avoid XML External Entity (XXE) attacks and Sanitize CGI executable in order to avoid command injection via CGI requests. It is recommended to upgrade the yaws package. CVE ID: CVE-2020-24379 (Critical), CVE-2020-24916 (Critical)
A vulnerability was discovered in lua5.3, a simple, extensible, embeddable programming language whereby a negation overflow and segmentation fault can be triggered in getlocal and setlocal. It is recommended to upgrade the lua5.3 packages. CVE ID: CVE-2020-24370 (Medium)
It has been discovered that a cross-site scripting (XSS) vulnerability in ruby-gon, a Ruby library to send/convert data to Javascript from a Ruby application. It is recommended to upgrade the ruby-gon packages. CVE ID: CVE-2020-25739
Buffer Copy Without Checking Size of Input vulnerability has been discovered in Yokogawa's Equipment- Main equipment. Successful exploitation of this vulnerability can terminate the program abnormally. CVE ID: CVE-2020-16232 (Low)
Multiple vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work. It has been discovered that SpecialUserRights can leak whether a user existed or not, multiple code paths lacked HTML sanitisation allowing for cross-site scripting and TOTP validation applied insufficient rate limiting against brute force attempts. It is recommended to upgrade the mediawiki package. CVE ID: CVE-2020-25813, CVE-2020-25814, CVE-2020-25827, CVE-2020-25828
It has ben discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker can possibly use this vulnerability to eavesdrop on encrypted communications. It is recommended to upgrade the openssl1.0 packages. CVE ID: CVE-2020-1968 (Low)
It has been discovered that libquicktime incorrectly handled certain malformed MP4 files. If a user is tricked into opening a specially crafted MP4 file, a remote attacker can use this issue to cause libquicktime to crash, resulting in a denial of service. CVE ID: CVE-2017-9122 (Medium), CVE-2017-9123 (Medium), CVE-2017-9124 (Medium), CVE-2017-9125 (Medium), CVE-2017-9126 (Medium), CVE-2017-9127 (Medium), CVE-2017-9128 (Medium)
It has been discovered that MiniUPnPd does not properly validate callback addresses, incorrectly handled unpopulated user XML input, empty description when port mapping, and do not properly parse certain PCP requests. A remote attacker can possibly use this issue to expose sensitive information and cause MiniUPnPd to crash, resulting in a denial of service. CVE ID: CVE-2019-12107 (High), CVE-2019-12108 (High), CVE-2019-12109 (High), CVE-2019-12110 (High), CVE-2019-12111 (High)
Alien is part of a new generation of Android banking trojans which have integrated remote-access features into their codebases to steal user credentials from 226 different applications. The malware is distributed via phishing sites & SMS, for example malicious page tricking the victims into downloading fake software updates or fake Corona apps and can be purchased as a Malware-as-a-Service (MaaS) on hacker forums on the dark web.
Multiple vulnerabilities such as Improper Access Control, and Relative Path Traversal have been discovered in 3S-Smart Software Solutions' Equipment- CoDeSys. Successful exploitation of these vulnerabilities can allow an attacker to gain unauthorized access and obtain administrative privileges. CVE ID: CVE-2012-6068 (Critical), CVE-2012-6069 (Critical)
Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker can exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that discovered that atftpd incorrectly handled certain malformed packets, and not properly lock the thread list mutex. A remote attacker can send a specially crafted packet to cause atftpd to crash, resulting in a denial of service or an attacker can send a large number of tftpd packets simultaneously when running atftpd in daemon mode to cause atftpd to crash, resulting in a denial of service. CVE ID: CVE-2019-11365 (Critical), CVE-2019-11366 (Medium)
It has been discovered that PackageKit incorrectly handled certain methods and local deb packages. A local attacker can use this vulnerability to learn the MIME type of any file on the system or to install untrusted packages, contrary to expectations. CVE ID: CVE-2020-16121, CVE-2020-16122
It has been discovered that Aptdaemon incorrectly handled the Locale property. A local attacker can use this vulnerability to test for the presence of local files. CVE ID: CVE-2020-15703
It has been discovered that DAViCal Andrew's Web Libraries (AWL) do not properly manage session keys. An attacker can possibly use this vulnerability to impersonate a session. CVE ID: CVE-2020-11728 (High)
Insufficient logging, and improper neutralization of input vulnerability have been discovered in FortiGate and FortiNAC repectively. The affected products are FortiGate versions 6.2.4 and below, FortiGate version 6.4.0, and FortiNAC version 8.7.2 and below. It is recommended to upgrade to FortiGate 6.4.1 or above and FortiNAC 8.7.3 or above. CVE ID: CVE-2020-12818, CVE-2020-12816 (High)
RDFLib is a pure Python package for working with RDF. It has been discovered that RDFLib did not properly load modules on the command-line. An attacker can possibly use this vulnerability to cause RDFLib to execute arbitrary code. CVE ID: CVE-2019-7653 (Critical)
A DLL hijacking vulnerability has been discovered in Eaton. An attacker can execute arbitrary code by replacing the vci11un6.DLL and cinpl.DLL when application tries to load the DLLs to perform normal operations. The affected product is 9000x programing and configuration software version 2.0.38 and prior. CVE ID: CVE-2020-6654 (High)
It has been discovered that a race condition arises in Xen when migrating timers of x86 HVM guests between its vCPU-s, the locking model used allows for a second vCPU of the same guest also operating on the timers to release a lock that it do n't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e. a Denial of Service (DoS). CVE ID: CVE-2020-25604
It has been discovered that the BusyBox wget applet incorrectly validated SSL certificates. A remote attacker can possibly use this issue to intercept secure communications. CVE ID: CVE-2018-1000500 (High)
It has been discovered that FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. An attacker may be able to use a maliciously crafted file to create a buffer overflow and potentially expose small amounts of memory from the PostScript process. CVE ID: CVE-2015-9382 (Medium)
It has been discovered that the LTSP Display Manager (ldm) incorrectly handled user logins from unsupported shells. A local attacker can possibly use this issue to gain root privileges. CVE ID: CVE-2019-20373 (High)
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker can exploit some of these vulnerabilities to take control of an affected system. CVE ID: CVE-2020-15677 (Medium), CVE-2020-15676 (Medium), CVE-2020-15678 (Medium), CVE-2020-15673 (High), CVE-2020-15675 (High), CVE-2020-15674 (High)
Cross-site Scripting vulnerability has been discovered in General Electric's Equipment- Reason S20 managed Ethernet Switch. Successful exploitation of these vulnerabilities can allow unauthorized accounts manipulation and allow for remote code execution. GE recommends that S20 users upgrade to firmware Version 07A06 or higher to fix this vulnerability. CVE ID: CVE-2020-16242 (Medium), CVE-2020-16246 (Medium)
Multiple vulnerabilities such as Authorization Bypass Through User-controlled Key, and Use of a One-Way Hash Without a Salt have been discovered in GE Digital's Equipment- APM Classic, a tool to analyze and process data. Successful exploitation of these vulnerabilities can allow access to sensitive information. CVE ID: CVE-2020-16240 (High), CVE-2020-16244 (High)
Multiple vulnerabilities have been discovered in DB2 Query Management Facility, Query Management Facility Classic Edition, and Query Management Facility Enterprise Edition. An unauthenticated attacker can obtain sensitive information, cause low confidentiality impact, low integrity impact, no availability impact and can cause a denial of service resulting in a low availability impact using unknown attack vectors. CVE ID: CVE-2020-14583 (High), CVE-2020-14593 (High), CVE-2020-14621 (Medium), CVE-2020-14556 (Medium), CVE-2020-14581 (Low), CVE-2020-14579 (Low), CVE-2020-14578 (Low), CVE-2020-14577 (Low), CVE-2019-17639 (Medium)
TNEF is a tool to unpack MIME application/ms-tnef attachments. It has been discovered that TNEF incorrectly handled filenames. If a user is tricked into opening a specially crafted email attachment, an attacker can possibly use this issue to write arbitrary files to the filesystem or cause TNEF crash, resulting in a denial of service. CVE ID: CVE-2019-18849 (Medium)
An improper neutralization of input vulnerability has been discovered in FortiAnalyzer and FortiTester, which may allow a remote authenticated attacker to inject script related HTML tags via the Storage Connectors Name Parameter and IPv4/IPv6 address fields respectively. The affected products are FortiAnalyzer versions 6.2.5 , 6.4.1 and below. FortiTester versions 3.8.0; 3.7.0 and below. CVE ID: CVE-2020-12815, CVE-2020-12817
Google has released Chrome version 85.0.4183.121 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker can exploit to take control of an affected system. CVE ID: CVE-2020-15960 (High), CVE-2020-15961 (High), CVE-2020-15962 (High), CVE-2020-15963 (High), CVE-2020-15965 (High), CVE-2020-15966 (Medium), CVE-2020-15964 (Low)
It has been discovered that MISP can perform an unwanted action because of a POST operation on a form that is not linked to the login page. The affected versions are MISP before 2.4.132. CVE ID: CVE-2020-25766 (Medium)
LibOFX is a client-side implementation of Open Financial Exchange specification. It has been discovered that LibOFX does not properly check for errors in certain situations, leading to a NULL pointer dereference. A remote attacker can use this issue to cause a denial of service attack. CVE ID: CVE-2019-9656 (High)
noVNC is a HTML5 VNC client - daemon and programs. It has been discovered that noVNC does not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker can use this issue to conduct cross-site scripting (XSS) attacks. CVE ID: CVE-2017-18635 (Medium)
mysql module before v3.3.0 & pgsql module of the InspIRCd IRC daemon contains vulnerability. When combined with the sqlauth or sqloper modules these vulnerabilities can be used to remotely crash an InspIRCd server by any user able to connect to a server. It is recommended to upgrade the InspIRCd packages. CVE ID: CVE-2019-20917 (Medium), CVE-2020-25269 (Medium)
Researchers have reported a new Android malware that targets victim's personal device data, browser credentials and Telegram messaging application files. The Android malware collects all two-factor authentication (2FA) security codes sent to devices, sniffs out Telegram credentials and launches Google account phishing attacks. The malware may be used to launch attacks on critical sector organisations.
Multiple vulnerabilities such as SQL Injection, Cross-site Request Forgery, Command Injection have been discovered in MB connect line's Equipment- mymbCONNECT24, mbCONNECT24. Successful exploitation of these vulnerabilities can allow a remote attacker to gain unauthorized access to arbitrary information or allow remote code execution. CVE ID: CVE-2020-24569 (High), CVE-2020-24568 (High), CVE-2020-24570 (High)
It has been discovered that Exim SpamAssassin does not properly handle configuration strings. An attacker can possibly use this issue to execute arbitrary code. CVE ID: CVE-2019-19920 (High)
It has been discovered that ModSecurity v3 enabled global regular expression matching which can result in denial of service. It is recommended to upgrade the modsecurity packages. CVE ID: CVE-2020-15598
It has been discovered that Apache ZooKeeper as used by IBM QRadar SIEM is vulnerable due to the failure to check permissions by the getACL() command to information disclosure. A remote attacker by sending a specially-crafted request, can exploit this vulnerability to obtain sensitive information. CVE ID: CVE-2019-0201 (Medium)
It has been discovered that Parallels Remote Application Server (RAS) has a Business Logic Error causing remote code execution. This may allow an authenticated user to tamper with requests between Parallels Clients and backend servers resulting in unintended access to any server in the Parallels RAS Farm or other servers in the same internal domain. In addition, authenticated user may be able to launch and execute applications not made available via Parallels RAS filtering in the environment. CVE ID: CVE-2020-15860 (Critical)
It has been discovered that Email-Address-List does not properly parse email addresses during email-ingestion. A remote attacker can use this issue to cause an algorithmic complexity attack, resulting in a denial of service. CVE ID: CVE-2018-18898 (High)
It has been discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle memory under certain error conditions in the Bluez 5 module. An attacker can use this issue to cause PulseAudio to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE ID: CVE-2020-15710
A RFD Protection Bypass via jsessionid vulnerability has been discovered in Spring Framework of VMware. The affected versions are Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions. CVE ID: CVE-2020-5421 (High)
Multiple vulnerabilities such as Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, and Improper Resource Shutdown or Release have been discovered in Wibu-Systems AG's Equipment- CodeMeter. Successful exploitation of these vulnerabilities can allow an attacker to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code execution, read heap data, and prevent normal operation of third-party software dependent on the CodeMeter. CVE ID: CVE-2020-14509 (Critical), CVE-2020-14517 (Critical), CVE-2020-14519 (High), CVE-2020-14513 (High), CVE-2020-14515 (High), CVE-2020-16233 (High)
Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in Advantech's Equipment- WebAccess Node. Successful exploitation of this vulnerability can allow an attacker to escalate their privileges. CVE ID: CVE-2020-16202 (High)
Multiple vulnerabilities such as Cross-site Request Forgery, Improper Neutralization of Script in Attributes in a Web Page, Protection Mechanism Failure, Algorithm Downgrade, and Configuration have been discovered in Philips' Equipment- Clinical Collaboration Platform. Successful exploitation of these vulnerabilities can allow an attacker to trick a user into executing unauthorized actions or provide the attacker with identifying information that can be used for subsequent attacks. CVE ID: CVE-2020-14506 (Low), CVE-2020-14525 (Low), CVE-2020-16198 (Medium), CVE-2020-16200 (Medium), CVE-2020-16247 (Medium)
Multiple vulnerabilities such as HTML Injection, denial of service, and escalation of privileges have been discovered in Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP appliance. CVE ID: CVE-2020-8245, CVE-2020-8246, CVE-2020-8247
It has been discovered xawtv can be made to expose sensitive information and escalateuser privileges if it received specially crafted input. A local attacker can possibly use this issue to open and write to arbitrary files and escalate privileges. CVE ID: CVE-2020-13696 (Medium)
It has been discovered that Perl DBI module incorrectly handled certain inputs and file. An attacker could possibly use this issue to execute arbitrary code and expose sensitive information respectively. CVE ID: CVE-2013-7490 (Medium), CVE-2014-10401 (Medium)
Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization has been dicovered in Python. A remote attacker may be able to use a specially crafted URL to locate cookies or authentication data and send that information to a different host than when parsed correctly. The affected versions are Python 2.7.x through 2.7.16 and 3.x through 3.7.2. CVE ID: CVE-2019-9636 (Critical)
An incomplete SSL server certification validation vulnerability has been discovered in the Trend Micro Security 2019 (v15) consumer family of products, which can allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. It is recommended to upgarde to the latest versions of Trend Micro Security 2020 (version 16) and the newly release 2021 (version 17). CVE ID: CVE-2020-15604 (Low), CVE-2020-24560 (Low)
Apple has released security updates to address vulnerabilities in multiple products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities such as Information disclosure, Access bypass, and Cross-site scripting have been discovered in Drupal core. CVE ID: CVE-2020-13670, CVE-2020-13667, CVE-2020-13669, CVE-2020-13668, CVE-2020-13666
It has been discovered that StoreBackup do not properly manage lock files. A local attacker can use this vulnerability to cause a denial of service or escalate privileges and run arbitrary code. This vulnerability can be mitigated by updating the system. CVE ID: CVE-2020-7040 (High)
An improper neutralization of input during web page generation has been discovered in the SSL VPN portal of FortiOS which may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS). The affected versions are FortiOS version 6.2.1 and below, 6.0.8 and below and 5.6.12 and below. CVE ID: CVE-2019-15706 (Medium)
It has been discovered that MCabber, a small Jabber (XMPP) console client does not properly manage roster pushes. An attacker could possibly use this vulnerability to remotely perform man-in-the-middle attacks. CVE ID: CVE-2016-9928 (High)
It has been discovered that websocket-extensions do not properly parse special headers. A remote attacker can use this vulnerability to cause regex backtracking, resulting in a denial of service. CVE ID: CVE-2020-7663 (High)
A command injection vulnerability has been discovered in Trend Micro ServerProtect for Linux can allow an attacker to execute arbitrary code on an affected system. The affected version is ServerProtect for Linux (SPLX) 3.0. It is recommended to update to the latest builds. CVE ID: CVE-2020-24561
LuaJIT is a Just in time compiler for Lua programming language version 5.1. It has been discovered that an out-of-bounds read vulnerability existed in LuaJIT. An attacker can use this vulnerability to cause a denial of service (application crash) or possibly expose sensitive information. CVE ID: CVE-2020-15890 (High)
It has been discovered that GUPnP incorrectly handled certain subscription requests. A remote attacker with specially crafted network traffic can possibly use this issue to exfiltrate data or use GUPnP to perform DDoS attacks. CVE ID: CVE-2020-12695 (High)
bsdiff is used to generate or apply a patch between two binary files. It has been discovered that bsdiff mishandled certain input. If a user were tricked into opening a malicious file, an attacker could cause bsdiff to crash or potentially execute arbitrary code. CVE ID: CVE-2014-9862 (High)
It has been discovered that MilkyTracker, music creation tool, did not properly handle certain input. And if a user is tricked into opening a malicious file, an attacker can cause MilkyTracker to crash or potentially execute arbitrary code. CVE ID: CVE-2019-14464 (Medium), CVE-2019-14496 (High), CVE-2019-14497 (High)
Multiple vulnerabilities have been discovered in various Video Over IP (Internet Protocol) encoder devices, also known as IPTV/H.264/H.265 video encoders. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code and perform other unauthorized actions on a vulnerable system. CVE ID: CVE-2020-24214, CVE-2020-24215, CVE-2020-24216, CVE-2020-24217, CVE-2020-24218, CVE-2020-24219
Multiple vulnerabilities such as Use of Hard-coded Cryptographic Key, Cross-site Scripting, Improper Access Control, and Incorrect Permission Assignment for Critical Resource have been discovered in ENTTEC's Equipment- Datagate Mk2, Storm 24, Pixelator, E-Streamer Mk2. Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized SSH/SCP access to devices, inject malicious code, run commands with root privileges, and read, write, and execute files in system directories as any user. CVE ID: CVE-2019-12774 (Medium), CVE-2019-12775 (High), CVE-2019-12776 (High), CVE-2019-12777 (High)
Out-of-bounds read vulnerability has been discovered in Adobe Media Encoder that could lead to information disclosure in the context of the current user. The affected versions are Adobe Media Encoder 14.3.2 and earlier versions. It ie recommended to upgrade to Adobe Media Encoder 14.4. CVE ID: CVE-2020-9739, CVE-2020-9744, CVE-2020-9745
It has been discovered that GitLab is vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. The affected versions are GitLab before version 13.3.4. CVE ID: CVE-2020-13300 (Critical)
Multiple vulnerabilities such as privilege escalation, out-of-bounds read, denial of service, and information disclosure have been discovered in VMware Workstation, Fusion and Horizon Client. CVE ID: CVE-2020-3980 (Medium), CVE-2020-3986 (Medium), CVE-2020-3987 (Medium), CVE-2020-3988 (Medium), CVE-2020-3989 (Low), CVE-2020-3990 (Low)
Path Traversal vulnerability has been discovered in Web Mail User Interface in McAfee Email Gateway (MEG). This vulnerability allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory. The affected versions are McAfee Email Gateway (MEG) prior to 7.6.406 Hotfix (HF) 1264651. It is recommended to upgrade to Email Gateway 7.6.406 HF 1264651. CVE ID: CVE-2020-7268 (Medium)
MySQL is a multi-user, multi-threaded SQL database server. Multiple vulnerabilities have been discovered in mysql packages. An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.
It has been discovered that cryptsetup incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVE ID: CVE-2020-14382
A vulnerability has been discovered in the Private Internet Access (PIA) VPN Client for Linux which allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. The affected versions are PIA VPN Client for Linux 1.5 through 2.3+. CVE ID: CVE-2020-15590
Dovecot is an IMAP server for Linux and other UNIX-like systems. Multiple vulnerabilities such as Resource exhaustion via deeply nested MIME parts, Out of bound reads in dovecot NTLM implementation, and Crash due to assert in RPA implementation have been discovered in dovecot. An update for dovecot is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. CVE ID: CVE-2020-12100 (High), CVE-2020-12673 (High), CVE-2020-12674 (High)
It has been discovered that there was a directory traversal attack in pip, the Python package installer. When an URL is given in an install command, as a Content-Disposition header is permitted to have ../ components in their filename, arbitrary local files (eg. /root/.ssh/authorized_keys) can be overidden. It is recommended to upgrade the python-pip packages. CVE ID: CVE-2019-20916 (High)
A flaw has been discovered in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove() can lead to a crash and denial of service. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability. CVE ID: CVE-2020-9490 (High)
Administrators with QRadar Risk Manager appliances in their deployment are being alerted to changes in Configuration Source Manager due to the approaching end of life of Adobe Flash. Due to removal of Adobe Flash, the Configuration Source Management (CSM) functionality is integrated in to the Configuration Monitor. The updated Configuration Monitor interface is available to administrators who upgrade their QRadar deployment in upcoming fix pack releases.
It has been discovered that the X.Org X Server incorrectly handled the input extension protocol, XkbSelectEvents function, XRecordRegisterClients function, XkbSetNames function, and incorrectly initialized memory. A local attacker could possibly use this issue to escalate privileges and obtain sensitive information. CVE ID: CVE-2020-14346, CVE-2020-14347, CVE-2020-14361, CVE-2020-14362, CVE-2020-14345
Permissive Cross-domain Policy with Untrusted Domains vulnerability has been discovered in HMS Networks' Equipment- Ewon Flexy and Cosy. Successful exploitation of this vulnerability could allow attackers to retrieve limited confidential information. CVE ID: CVE-2020-16230 (Low)
Stack-based Buffer Overflow vulnerability has been discovered in FATEK Automation's Equipment- PLC WinProladder. Successful exploitation of this vulnerability could crash the device being accessed; a buffer overflow condition may cause a denial-of-service event and remote code execution. CVE ID: CVE-2020-10597 (High)
It has been discovered that in all fix pack levels of IBM Db2 V11.1, and V11.5 editions running on all platforms of IBM Java SDK a vulnerability related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. CVE ID: CVE-2019-2949 (Medium)
Multiple vulnerabilities such as Improper Neutralization of Formula Elements in a CSV File, Cross-site Scripting, Improper Authentication, Improper Check for Certificate Revocation, Improper Handling of Length Parameter Inconsistency, Improper Validation of Syntactic Correctness of Input, Improper Input Validation, and Exposure of Resource to Wrong Sphere have been discovered in Philips' Equipment- Patient Information Center iX (PICiX); PerformanceBridge Focal Point; IntelliVue Patient Monitors MX100, MX400-MX850, and MP2-MP90; and IntelliVue X2, and X3. Successful exploitation of these vulnerabilities could result in unauthorized access, interrupted monitoring, and collection of access information and/or patient data. CVE ID: CVE-2020-16214 (Medium), CVE-2020-16218 (Low), CVE-2020-16222 (Medium), CVE-2020-16228 (Medium), CVE-2020-16224 (Medium), CVE-2020-16220 (Low), CVE-2020-16216 (Medium), and CVE-2020-16212 (Medium)
A buffer overflow vulnerability has been discovered in PAN-OS, which allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. The affected versions are All versions of PAN-OS 8.0, PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, PAN-OS 9.0 versions earlier than PAN-OS 9.0.9, and PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. CVE ID: CVE-2020-2040 (Critical)
SQL Injection vulnerability has been discovered in AVEVA™ Enterprise Data ManagementWebv2019 and all prior versions formerly known as eDNAWeb. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected device.
Multiple vulnerabilities have been discovered such as Privilege Escalation, DLL Search Order Hijacking & DLL Injection in McAfee Agent for Windows, and Privilege Escalation in McAfee Agent for MAC. The affected versions are McAfee Agent for Windows and MAC Prior to 5.6.6. CVE ID: CVE-2020-7311 (High), CVE-2020-7312 (High), CVE-2020-7315 (Medium), and CVE-2020-7314 (High)
A race condition vulnerability has been discovered in the Twilio Authy 2-Factor Authentication Application, which allows a user to potentially approve/deny an access request prior to unlocking the application with a pin on older Android devices, effectively bypassing the PIN requirement. The affected products are Twilio Authy App below 24.3.7. CVE ID: CVE-2020-24655
An arbitrary code execution vulnerability has been discovered in grunt before 1.3.0, a Javascript task runner. This vulnerability occured due to the unsafe loading of YAML documents. CVE ID: CVE-2020-7729 (High)
It has been discovered that GnuTLS could be made to crash or run programs if it received specially crafted network traffic. CVE ID: CVE-2020-24659 (Medium)
It has been discovered that multiple devices supporting both Bluetooth BR/EDR and LE using Cross-Transport Key Derivation (CTKD) for pairing could allow a remote attacker to conduct a man-in-the-middle attack. If a device is within wireless range of a vulnerable Bluetooth device and becomes paired or bonded on a transport and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength, an attacker could exploit this vulnerability to conduct a man-in-the-middle attack between devices previously bonded to gain access to restricted profiles or services. CVE ID: CVE-2020-15802
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-09-05 or later address all of these issues.
Google has released Chrome version 85.0.4183.102 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CVE ID: CVE-2020-6573, CVE-2020-6574, CVE-2020-6575, CVE-2020-6576, CVE-2020-15959
Adobe has released security updates to address vulnerabilities in Adobe Experience Manager, Adobe Framemaker and Adobe InDesign. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in multiple products of Siemens. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. CVE ID: CVE-2020-14386 (High)
Multiple vulnerabilities such as Information disclosure, Cross-site scripting, and Improper masking of secrets have been discovered in jenkins plugin. An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.4. CVE ID: CVE-2020-2181 (Medium), CVE-2020-2182 (Medium), CVE-2020-2190 (Medium), CVE-2020-2224 (Medium), CVE-2020-2225 (Medium), CVE-2020-2226 (Medium)
An ASP.NET cookie prefix spoofing vulnerability has been discovered in .NET Core. An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. CVE ID: CVE-2020-1045
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Multiple vulnerabilities have been discovered in golang. An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. CVE ID: CVE-2020-14040 (High), CVE-2020-15586 (Medium), CVE-2020-16845 (High)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple vulnerabilities have been discovered in php package. An update for the php:7.3 module is now available for Red Hat Enterprise Linux 8.
The librepo library provides a C and Python API to download repository metadata. It has been discovered that a missing path validation in repomd.xml may lead to directory traversal. An update for librepo is now available for Red Hat Enterprise Linux 8. CVE ID: CVE-2020-14352 (High)
A cross site scripting vulnerability has been discovered in IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On. The affected products are IBM Security Access Manager for Enterprise Single Sign-On 8.2.1, 8.2.2. CVE ID: CVE-2020-4575 (Medium)
Multiple vulnerabilities such as Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, and Improper Resource Shutdown or Release have been discovered in Wibu-Systems AG's Equipment- CodeMeter. Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code execution, read heap data, and prevent normal operation of third-party software dependent on the CodeMeter. CVE ID: CVE-2020-14513 (High), CVE-2020-14519 (High), CVE-2020-14509 (Critical), CVE-2020-14517 (Critical), CVE-2020-16233 (High), CVE-2020-14515 (High)
A vulnerability has been discovered in the sized-chunks crate for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement. CVE ID: CVE-2020-25796
Multiple vulnerabilities have been discovered in netty, a Java NIO client/server socket framework. The affected version of Netty is 1:4.1.7-2+deb9u2. It is recommended to upgrade the netty packages. CVE ID: CVE-2019-20444 (Critical), CVE-2019-20445 (Critical), CVE-2020-7238 (High), and CVE-2020-11612 (Critical)
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. Multiple vulnerabilities have been discovered in dovecot. An update for dovecot is now available for Red Hat Enterprise Linux 7. CVE ID: CVE-2020-12674 (High), CVE-2020-12673 (High), CVE-2020-12100 (High)
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It has been discovered that HTTP Request Smuggling and HTTP Request Splitting could result in cache poisoning in squid. An update for the squid:4 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.1 Extended Update Support. CVE ID: CVE-2020-15810, CVE-2020-15811
Red Hat Data Grid is a distributed, in-memory datastore. It has been discovered that compression/decompression codecs don't enforce limits on buffer allocation sizes in netty and improper validation of certificate with host mismatch in SMTP appender in log4j. CVE ID: CVE-2020-11612 (Critical) and CVE-2020-9488 (Low)
It has been discovered that asyncpg allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder. The affected versions are asyncpg before 0.21.0. It is recommended to upgrade the asyncpg packages. CVE ID: CVE-2020-17446 (Critical)
A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear. A specially crafted malformed file can cause a memory corruption. An attacker can provide a malicious file to trigger this vulnerability. The affected version is Accusoft ImageGear 19.7.
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. It has been discovered a Node disk DOS vulnerability exists while writing to container /etc/hosts. An update for openshift is now available for Red Hat OpenShift Container Platform 4.4.
Predictable Exact Value from Previous Values vulnerability has been discovered in Mitsubishi Electric's various equipments. Successful exploitation of this vulnerability could be used to hijack TCP sessions and allow remote command execution.
Red Hat JBoss Enterprise Application Platform (EAP) CD20 is a platform for Java applications based on the WildFly application runtime. Multiple vulnerabilities have been discovered in JBoss EAP Continuous Delivery 20.
It has been discovered that Python-RSA incorrectly handled certain ciphertexts. An attacker could possibly use this issue to obtain sensitive information.
Multiple vulnerabilities have been discovered in Apache HTTPD server. The apache2 packages are affected by these vulnerabilities. It is recommended to upgrade the apache2 packages.
It has been discovered that Shadankun Server Security Type is vulnerable to Denial of Service because newly detected attack source IP addresses can not be added as blocking targets for a certain time. The affected versions are Attack blocking Kun server security type Target product version 1.5.3 and earlier.
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. An update for git is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.
It has been discovered that flask-cors allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. The affected versions are flask-cors before 3.0.9.
It has been observed an improper authentication vulnerability in Bitdefender Endpoinit Security Tools for Windows and Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product’s security settings. This vulnerability affects Bitdefender Endpoinit Security Tools for Windows versions prior to 6.6.18.261; Endpoint Security SDK versions prior to 6.6.18.261.
Kleopatra is a certificate manager and a universal crypto GUI. It has been discovered that the Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr and URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.
Multiple vulnerabilities have been discovered in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. These vulnerabilities could allow an unauthenticated, remote attacker to exhaust process memory of an affected device.
It has been discovered that Lilypond, a program for typesetting sheet music, do not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which can result in the execution of arbitrary code when rendering a typesheet file with embedded Postscript code. It is recommended to upgrade the lilypond packages.
Multiple vulnerabilities have been discovered in OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files. It is recommended to upgrade the openexr packages.
A heap-based buffer overflow vulnerability has been discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if a malformed PDF file is opened.It is recommended to upgrade the mupdf packages.
Multiple vulnerabilities such as Remote Code Execution (RCE) and Cross-Site Scripting(XSS) have been discovered in the management screen of baserCMS 4.3.6 and earlier. It is recommended to upgrade to the new version 4.3.7 or apply patch.
It has been discovered that Squid incorrectly validated certain data and incorrectly handled certain Cache Digest response messages sent by trusted peers. A remote attacker could possibly use these vulnerabilities to perform an HTTP request smuggling attack, resulting in cache poisoning or cause Squid to consume resources, resulting in denial of service.
Multiple vulnerabilities in BIND, a DNS server implementation, have been discovered. These vulnerabilities affected the bind9 packages. It is recommended to upgrade the bind9 packages.
Multiple vulnerabilities such as Authentication Bypass Using an Alternate Path or Channel, Improper Restriction of Excessive Authentication Attempts, Improper Authentication, Missing Authorization, Execution with Unnecessary Privileges, Unrestricted Upload of File with Dangerous Type, Path Traversal, Improper Authorization, Cross-site Scripting, Use of Unmaintained Third-Party Components, Insufficiently Protected Credentials, and Hidden Functionality have been discovered in OpenClinic GA Equipment. Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, discover restricted information, view/manipulate restricted database information, and/or execute malicious code.
Multiple vulnerabilities such as Reflected Cross-site Scripting, Stored Cross-site Scripting, Cross-site Request Forgery, Hidden Functionality, and Use of Unmaintained Third-Party Components have been discovered in Red Lion's Equipment- N-Tron 702-W / 702M12-W. Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to sensitive information, execute system commands, and perform actions in the context of an attacked user.
Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.
An Improper access control vulnerability has been discovered in NITORI App. A remote attacker may lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. The affected versions are NITORI App for Android versions 6.0.4 and earlier, and NITORI App for iOS versions 6.0.2 and earlier. It is recommended to update the App to the latest version.
It has been discovered that libmysofa incorrectly handled certain input files. An attacker could possibly use this vulnerability to cause a denial of service or other unspecified impact.
It has been discovered that the Lua module for Nginx, a high-performance web and reverse proxy server, is prone to a HTTP request smuggling vulnerability. It is recommended to upgrade the nginx packages.
Multiple vulnerabilities have been discovered in BIG-IP products. An attacker could exploit these vulnerabilities to take control of an affected system.
A vulnerability has been discovered in Nova live migration. This vulnerability occurs while performing soft reboot of an instance which has previously undergone live migration. The affected versions are Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0.
It has been discovered that a ZTE product is impacted by the cryptographic vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability to account credential enumeration attack or brute-force attack for password guessing. The affected versions is ZXIPTV-WEB-PV5.09.08.04. It is recommended to upgrade to ZXIPTV-WEB-PV5.09.08.04P3 or later.
Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. It is recommended to upgrade to MACC 8.3.1.
It has been discovered that lack of escaping in mod_latestactions allows XSS attacks in Joomla!. The affected versions are Joomla! CMS versions 3.9.0 to 3.9.20. It is recommended to upgrade to version 3.9.21.
Google has released Chrome version 85.0.4183.83 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities such as Remote Unauthorized Access and Cross-Site Scripting have been discovered in the Aruba Intelligent Edge Switches web management interface. Successful exploitation of these vulnerabilities could result in unauthorized administrative access to the switch.
Stack-based Buffer Overflow vulnerability has been discovered in WECON's Equipment- LeviStudioU. Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application.
Inadequate Encryption Strength vulnerability has been discovered in Emerson's Equipment- OpenEnterprise SCADA Software. Successful exploitation of this vulnerability could allow an attacker access to credentials held by OpenEnterprise used for accessing field devices and external systems.
Path Traversal vulnerability has been discovered in Advantech's Equipment- iView. Successful exploitation of this vulnerability could allow an attacker to read/modify information, execute arbitrary code, limit system availability, and/or crash the application.
The kernel packages contain the Linux kernel, the core of any Linux operating system. Null pointer dereference in search_keyring and heap-based buffer overflow in lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c have been discovered in kernel. An update for kernel is now available for Red Hat Enterprise Linux 6.
It has been discovered that Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart.
Multiple vulnerabilities have been identified in Citrix Hypervisor that may, in certain configurations, allow privileged code in an HVM guest VM to execute code in the control domain, potentially compromising the host. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix Hypervisor 8.2 LTSR.
A directory traversal vulnerability has been discovered in Icinga Web 2, a web interface for Icinga, which could result in the disclosure of files readable by the process. It is recommended to upgrade the icingaweb2 packages.
Several vulnerabilities have been discovered in libjackson-json-java, a Java JSON processor. It is recommended to upgrade the libjackson-json-java packages.
It has been discovered that in inetutils-telnetd, an implementation of a telnet daemon, arbitrary remote code execution might have been possible via short writes or urgent data. It is recommended to upgrade the inetutils-telnetd packages.
It has been discovered that wolfSSL incorrectly implements the TLS 1.3 client state machine. An attacker in a privileged position can read or modify communications between clients using the wolfSSL library and TLS 1.3 servers.
Multiple vulnerabilities have been discovered in sqlite3, a C library that implements an SQL database engine. It is recommended to upgrade the sqlite3 packages.
It has been discovered that an ansi escape sequence injection exists in software-properties, a manager for apt repository sources. An attacker could manipulate the screen of a user prompted to install an additional repository (PPA). It is recommended to upgrade the software-properties packages.
Several memory leaks were discovered in proftpd-dfsg, a versatile, virtual-hosting FTP daemon, when mod_facl or mod_sftp is used which could lead to memory exhaustion and a denial-of-service. It is recommended to upgrade the proftpd-dfsg packages.
A vulnerability has been discovered in Foxit Studio Photo that could expose the application to Out-of-Bounds Write Information Disclosure vulnerability and crash if users were using PSD File tampered. The affected versions are Foxit Studio Photo 3.6.6.927 and earlier.
Multiple vulnerabilities such as partial denial of service vulnerability in VMware ESXi and vCenter Server and Stored Cross-Site Scripting (XSS) vulnerability affecting VMware App Volumes have been discovered in VMware. The affected versions are ESXi 6.5, 6.7 and 7.0, vCenter Server 6.5, 6.7 and 7.0, Cloud Foundation (ESXi and vCenter) 3.x.x and 4.x.x, App Volumes 2.x and 4.
Multiple vulnerabilities such as Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, and Improper Access Control have been discovered in Treck Inc's Equipment- TCP/IP. Successful exploitation of these vulnerabilities may allow remote code execution or exposure of sensitive information.
Multiple vulnerabilities such as Improper Input Validation, Improper Access Control, and Improper Authentication have been discovered in Philips' Equipment- SureSigns VS4. Successful exploitation of these vulnerabilities could allow an attacker access to administrative controls and system configurations, which could allow changes to system configuration items causing patient data to be sent to a remote destination.
Multiple cross-site scripting vulnerabilities have been discovered in Exment. The affected versions are Exment versions below v3.6.0. It is recommended to upgrade to versions above v3.6.0.
Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that websocket-extensions ruby module allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. It is recommended to upgrade the ruby-websocket-extensions packages.
Multiple vulnerabilities have been discovered in QEMU. An attacker inside a guest or a remote attacker could possibly use these vulnerabilities to leak host memory to obtain sensitive information, cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code.
It has been discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information.
It has been discovered that the build triggers in quay can disclose robot account names and existence of private repos within namespaces. An update is now available for Red Hat Quay 3.3.
It has been discovered that IBM Content Navigator is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. The affected versions are IBM Content Navigator 3.0.7 and 3.0.8.
It has been discovered that the Kommbox component in Rangee GmbH RangeeOS could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible. The affected version is RangeeOS 8.0.4.
Google has released Chrome version 84.0.4147.135 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.
Multiple vulnerabilities such as Privilege Escalation, Whitelist Bypass, and Persistancy have been discovered in voidtools Everything service. An attacker could take advantage of these vulnerabilities to achieve privilege escalation, persistence and possible whitelist bypass by using the technique of implanting an arbitrary unsigned dynamic link library which is executed by a signed service that runs as NT AUTHORITY\SYSTEM. All Everything versions prior to 1.4.1.990 that include the Everything service feature are affected by these vulnerabilities.
Stored XSS vulnerability has been discovered in jenkins-2-plugins of matrix project and DoS in python RSA. An update for jenkins-2-plugins and python-rsa is now available for Red Hat OpenShift Container Platform 4.5.
It has been discovered that GNOME Shell incorrectly handled the login screen password dialog. Sensitive information could possibly be exposed during user logout.
It has been discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions and the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A local attacker could possibly use these vulnerabilities to cause a denial of service.
It has been discovered that Ark did not properly sanitize zip archive files before performing extraction. An attacker could use this vulnerability to construct a malicious zip archive that, when opened, would create files outside the extraction directory.
Red Hat Ceph Storage is a scalable, open, software-defined storage platform. A HTTP header injection via CORS ExposeHeader tag has been discovered in radosgw of ceph. An update is now available for Red Hat Ceph Storage 3.3 on Ubuntu 16.04.
Dell EMC ECS contains remediation for an Exposure of Resource Vulnerability that could be exploited by malicious users to compromise the affected system. The affected version is Dell EMC ECS versions prior to 3.5.
LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. A websocket decoding buffer overflow vulnerability has been discovered in libvncserver. An update for libvncserver is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.
It has been discovered that Oniguruma incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact.
Multiple vulnerabilities such as out-of-bounds read, heap buffer overflow, and NULL pointer dereference have been discovered in the epson2 and epsonds backends of SANE, a library for scanners. A malicious remote device could exploit these to trigger information disclosure, denial of service and possibly remote code execution. The affected versions are SANE Backends before 1.0.30. It is recommended to upgrade the sane-backends packages.
An issue has been discovered in the PostgreSQL database system where an uncontrolled search path could allow users to run arbitrary SQL functions with elevated priviledges when a superuser runs certain `CREATE EXTENSION' statements. It is recommended to upgrade the posgresql-9.6 packages.
It has been discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen.
It has been discovered that when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. The affected version is Apache Shiro 1.6.0.
It has been discovered that in libEtPan, a mail library, a STARTTLS response injection affects IMAP, SMTP, and POP3. It is recommended to upgrade the libetpan packages.
It has been discovered that the DataImportHandler of lucene-solr, has a feature in which the whole DIH configuration can come from a request's dataConfig parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. It is recommended to upgrade the lucene-solr packages.
It has been discovered that a malicious JavaScript code was able to execute arbitrary Java code on htmlunit. It is recommended to upgrade the htmlunit packages.
madlib-object-utils is a small set of utility functions for working with objects. It has been discovered that madlib-object-utils package is vulnerable to Prototype Pollution via setValue. It is recommended to upgrade madlib-object-utils to version 0.1.7 or higher.
It has been discovered that Cloud Foundry CAPI (Cloud Controller), when used in a deployment where an app domain is also the system domain, is vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer’s app handling some requests that were expected to go to certain system components. The affected Cloud Foundry Products are CAPI all versions prior to 1.97.0 and CF Deployment all versions prior to 13.12.0.
It has been discovered that Salt allows remote attackers to determine which files exist on the server, bypass authentication perform command injection, incorrectly validated method calls and sanitized paths. An attacker could use these to extract sensitive information, execute arbitrary code or crash the server, and access some methods without authentication.
Multiple vulnerabilities have been discovered in Struts2. The affected versions are Struts 2.0.0 - 2.5.20. It is recommended to upgrade to Struts 2.5.22.
It has been discovered that Dell Encryption and Dell Endpoint Security Suite contain a privilege escalation vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. The affected products are Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8.
Multiple vulnerabilities have been discovered in Jenkins core and its plugins. The affected versions are Jenkins weekly up to and including 2.251, Jenkins LTS up to and including 2.235.3, Email Extension Plugin up to and including 2.73, Flaky Test Handler Plugin up to and including 1.0.4, Pipeline Maven Integration Plugin up to and including 3.8.2, and Yet Another Build Visualizer Plugin up to and including 1.11.
It has been discovered that when SSL/TLS Forward Proxy Decryption mode has been configured to decrypt the web transactions, the PAN-OS URL filtering feature inspects the HTTP Host and URL path headers for policy enforcement on the decrypted HTTPS web transactions but does not consider Server Name Indication (SNI) field within the TLS Client Hello handshake. This allows a compromised host in a protected network to evade any security policy that uses URL filtering on a firewall configured with SSL Decryption in the Forward Proxy mode. A malicious actor can then use this technique to evade detection of communication on the TLS handshake phase between a compromised host and a remote malicious server.
It has been discovered that Fuel CMS allows SQL Injection via parameter 'col' in pages/items, permissions/items, navigation/items and logs/items. Exploiting this vulnerability could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The affected versions are Fuel CMS 1.4.7.
It has been discovered that Concourse for VMware Tanzu in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. The affected versions are Concourse for VMware Tanzu 6.3 versions prior to 6.3.1. It is recommended to upgrade to Concourse for VMware Tanzu 6.3.1.
Reflected Cross Site Scripting vulnerability has been discovered in Teradici PCoIP Management Console that could allow an attacker to take over the user's active session if the user is exposed to a malicious payload. The affected versions are Teradici PCoIP Management Console prior to 20.07. It is recommended to update to Management Console 20.07 or later.
It has been discovered that a vulnerability exists in the IBM Event Streams schema registry that allows unauthorized access to create, edit and delete schemas. The affected version is IBM Event Streams 10.0.0.
Multiple vulnerabilities have been discovered in Citrix Endpoint Management (CEM), also referred to as XenMobile. The versions of Citrix Endpoint Management (CEM) affected by these vulnerabilities are XenMobile Server 10.12 before RP2, XenMobile Server 10.11 before RP4, XenMobile Server 10.10 before RP6, XenMobile Server 10.11 before RP6, XenMobile Server 10.12 before RP3, and XenMobile Server before 10.9 RP5.
Adobe has released security updates to address vulnerabilities affecting Adobe Acrobat, Reader, and Lightroom. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that a spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.
It has been discovered that a remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. This includes a cross-site scripting vulnerability (CVE-2020-6284) in NetWeaver (Knowledge Management).
Multiple vulnerabilities have been discovered in multiple products of Siemens. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Synchronous Access of Remote Resource without Timeout vulnerability has been discovered in Tridium's Equipment- Niagara. Successful exploitation of this vulnerability could result in a denial-of-service condition.
Path Traversal vulnerability has been discovered in Schneider Electric's Equipment- APC Easy UPS On-Line. Successful exploitation of these vulnerabilities could lead to remote code execution.
Multiple vulnerabilities such as Improper Authentication, and Path Traversal have been discovered in Yokogawa's Equipment- CENTUM. Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to send tampered communication packets or create/overwrite any file and run any commands.
It has been discovered that an arbitrary script may be executed on the user's web browser, and when accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. The affected versions are CyberMail Ver.6.x, and CyberMail Ver.7.x.
Multiple vulnerabilities such as Improper Authorization, Cross site scripting, Unrestricted Upload of File with Dangerous Type, Cross-site request forgery, Privilege escalation vulnerability, and Unprotected Storage of Credentials have been discovered in Data Loss Prevention for Mac agent and Data Loss Prevention ePO extension of McAfee.
Apple has released security updates to address vulnerabilities in iCloud for Windows 7.20 (for Windows 7 and later) and 11.3 (for Windows 10 and later). An attacker could exploit some of these vulnerabilities to take control of an affected system.
Google has released Chrome version 84.0.4147.125 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. A websocket decoding buffer overflow vulnerability has been discovered in libvncserver. An update for libvncserver is now available for Red Hat Enterprise Linux 8.
It has been discovered that Network Security Service (NSS) incorrectly handled certain signatures. An attacker could possibly use this vulnerability to expose sensitive information.
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. It has been discovered that BIND does not sufficiently limit the number of fetches performed when processing referrals and a logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c. An update for bind is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support.
Samba is a SMB/CIFS file, print, and login server for Unix. It has been discovered that Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT server. A remote attacker could possibly use this vulnerability to cause Samba to crash, resulting in a denial of service.
It has been discovered that ruby-kramdown processes the template option inside Kramdown documents by default, which allows unintended read access or unintended embedded Ruby code execution. It is recommended to upgrade the ruby-kramdown packages.
Post-authentication command injection vulnerability has been discovered in the User Portal of Sophos XG Firewall. The affected versions are Sophos XG Firewall v18.0 MR1-Build396 and older and Sophos XG Firewall v17.5 MR12 and older. It is recommended to upgrade the XG Firewall to SFOS v18.
Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. Multiple vulnerabilities have been discovered in CloudForms. An update is now available for CloudForms Management Engine 5.11.
Multiple vulnerabilities have been discovered in firejail, a sandbox program to restrict the running environment of untrusted applications. It is recommended to upgrade the firejail packages.
Multiple vulnerabilities such as Out-of-bounds Read, Stack-based Buffer Overflow, Heap-based Buffer Overflow, Write-what-where Condition, and Improper Input Validation have been discovered in Delta Electronics' Equipment- TPEditor. Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
OS Command Injection vulnerability has been discovered in Geutebrück's Equipment- G-Cam and G-Code. Successful exploitation of this vulnerability could allow remote code execution as root.
Exposure of Sensitive Information Through Sent Data vulnerability has been discovered in Multiple Trailer and Brake Manufacturers' Equipment- Power Line Communications Bus / PLC4TRUCKS / J2497. Successful exploitation of these vulnerabilities could make it possible to read PLC signals using active antennas reliably at 6 feet and up to 8 feet away, subject to environmental conditions.
A vulnerability has been discovered in the SUBSCRIBE method of UPnP, a network protocol for devices to automatically discover and communicate with each other. Insuficient checks on this method allowed attackers to use vulnerable UPnP services for DoS attacks or possibly to bypass firewalls. It is recommended to upgrade the gupnp packages.
Multiple vulnerabilities such as Heap-based Buffer Overflow, Out-of-bounds Read, Out-of-bounds Write, Type Confusion, Stack-based Buffer Overflow, and Double Free have been discovered in Advantech's Equipment- WebAccess HMI Designer. Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
Multiple vulnerabilities have been discovered in GitLab. GitLab has released versions 13.2.3, 13.1.6 and 13.0.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important security fixes, and it is strongly recommended that all GitLab installations be upgraded to one of these versions immediately.
Multiple vulnerabilities such as Use of Hard-Coded Credentials, Origin Validation Error, Missing Authentication for Critical Function, and Authentication Bypass Using an Alternate Path of Channel have been discovered in temi, a teleconference robot produced by Robotemi Global Ltd. These vulnerabilities could be used by a malicious actor to spy on temi’s video calls, intercept calls intended for another user, and even remotely operate temi – all with zero authentication.
Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered and fixed in MySQL. The new upstream version changed compiler options and caused a regression in certain scenarios. These vulnerabilities have been fixed in the updated version of MySQL 8.0.21 and MySQL 5.7.31.
An integer overflow vulnerability has been discovered in the json-c JSON library, which could result in denial of service or potentially the execution of arbitrary code if large malformed JSON files are processed. It is recommended to upgrade the json-c packages.
Multiple vulnerabilities have been discovered in the IBM SDK, Java Technology Edition that is shipped with IBM WebSphere Application Server. These vulnerabilities might affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition.
It has been discovered that libpcre in PCRE allows an integer overflow via a large number after a (?C substring. An attacker may be able cause an integer overflow that negatively impacts applications. The affected versions are PCRE before 8.44.
Multiple vulnerabilities such as Stack-based Buffer Overflow, Out-of-bounds Read, and Access of Uninitialized Pointer have been discovered in Delta Electronics' Equipment- Industrial Automation CNCSoft ScreenEditor. Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
Multiple vulnerabilities such as Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, and Improper Access Control have been discovered in Treck Inc's Equipment- TCP/IP. Successful exploitation of these vulnerabilities may allow remote code execution or exposure of sensitive information.
It has been discovered that the libvirt package sets incorrect permissions on the UNIX domain socket. A local attacker could use this vulnerability to access libvirt and escalate privileges.
It has been discovered that that Point-to-Point Protocol (ppp) incorrectly handled module loading. A local attacker could use this vulnerability to load arbitrary kernel modules and possibly execute arbitrary code.
It has been discovered that Whoopsie incorrectly handled memory and parsing files. A local attacker could use these vulnerabilities to cause Whoopsie to consume memory or crash, resulting in a denial of service or possibly execute arbitrary code.
It has been discovered that Apport incorrectly dropped privileges when making certain D-Bus calls, parsed configuration files, and implemented certain checks. A local attacker could use these vulnerabilities to read arbitrary files, cause Apport to crash, escalate privileges and run arbitrary code.
An integer overflows vulnerability exists in libX11, that could lead to heap corruption when processing crafted messages from an input method. It is recommended to upgrade the libx11 packages.
A privilege escalation vulnerability has been discovered in Net-SNMP, a set of tools for collecting and organising information about devices on computer networks, due to incorrect symlink handling. It is recommended to upgrade the net-snmp packages.
kpatch-patch is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Multiple vulnerabilities have been discovered in kpatch's kernel. An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-08-05 or later address all of these issues.
It has been spotted that Taidoor malware is being used in new attacks. The new Taidoor samples have versions for 32- and 64-bit systems and are usually installed on a victim's systems as a service dynamic link library (DLL). This DLL file, in turn, contains two other files. The first file is a loader, which is started as a service. The loader decrypts the second file, and executes it in memory, which is the main Remote Access Trojan (RAT).
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-08-05 or later address all of these issues.
It has been discovered that Atlassian FishEye allow remote attackers to view the HTTP password of a repository via an information disclosure vulnerability in the logging feature. The affected versions are Atlassian FishEye version < 4.8.3. The fixed versions are Atlassian FishEye version 4.8.3 and 4.9.0.
It has been discovered that there was a potential cross-site scripting vulnerability via iframe HTML elements in Zabbix, a PHP-based monitoring system. It is recommended to upgrade the zabbix packages.
It has been discovered that Squid incorrectly handled caching certain requests, URN requests, URL decoding, and input validation. A remote attacker could possibly use these vulnerabilities to perform cache-injection attacks or gain access to reverse proxy features, bypass access checks, bypass certain rule checks, and cause Squid to crash, resulting in a denial of service respectively.
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. It has been discovered that BIND does not sufficiently limit the number of fetches performed when processing referrals. An update for bind is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.
It has been discovered that SQLite incorrectly handled certain shadow tables, corrupt records, and errors during parsing. An attacker could exploit these vulnerabilities to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.
It has been discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code.
LibVNCServer is a C library that enables to implement VNC server functionality into own programs. A websocket decoding buffer overflow vulnerability has been discovered that libvncserver. An update for libvncserver is now available for Red Hat Enterprise Linux 7.
It has been discovered that SKYSEA Client View provided by Sky Co. LTD. is vulnerable to privilege escalation. A user who can login to the PC where the product is installed may obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations. The affected products are SKYSEA Client View Version 12.200.12n to 15.210.05f. It is recommended to apply the patch.
It has been discovered that Evolution Data Server has a vulnerability that allows a malicious server to crash the mail client. It is recommended to upgrade the evolution-data-server packages.
It has been discovered that in libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow. It is recommended to upgrade the libopenmpt packages.
It has been discovered that `add_password` in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors. It is recommended to upgrade the libpam-radius-auth packages.
NETGEAR has released a fix for a pre-authentication command injection security vulnerability in R8300. The affected versions are R8300 running firmware versions prior to 1.0.2.134.
It has been discovered that the Ark archive manager did not sanitize extraction paths, which could result in maliciously crafted archives writing outside the extraction directory. It is recommended to upgrade the ark packages.
Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center.
Insertion of Sensitive Information into Log File vulnerability has been discovered in Philips' Equipment- DreamMapper. Successful exploitation of this vulnerability could allow an attacker access to the log file information containing descriptive error messages.
Multiple vulnerabilities such as XML external entity (XXE), and Caching routes have been discovered in PgSQLXML and RootNode respectively of Quarkus. An update is now available for Red Hat build of Quarkus.
It was discovered that there was an issue where kdepim-runtime would default to using unencrypted POP3 communication despite the UI indicating that encryption was in use. It is recommended to upgrade the kdepim-runtime packages.
Multiple vulnerabilities such as Use-After-Free, and Heap-based overflow have been discovered in DaviewIndy. An attackers could exploit these vulnerabilities to cause arbitrary code execution. It is recommended to update software over DaviewIndy 8.98.8 version or higher.
Missing Authorization vulnerability has been discovered in Inductive Automation's Equipment- Ignition 8. Successful exploitation of this vulnerability could allow an attacker to gain access to sensitive information.
Multiple vulnerabilities such as Permission Issues, Path Traversal, and Unquoted Search Path or Element have been discovered in Mitsubishi Electric's Equipment- Multiple Factory Automation Engineering Software products, Factory Automation products, and Factory Automation Engineering products. Successful exploitation of this vulnerability may enable the reading of arbitrary files, allow execution of a malicious binary, obtain unauthorized information, tamper the information, and cause a denial-of-service condition.
Multiple vulnerabilities such as command injection, use-after-free, out-of-bounds read, access issue, and cross site scripting have been discovered in WebKitGTK and WPE WebKit. The affected versions are WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4.
It has been discovered that Toyota Motor's Global TechStream (GTS) contains a buffer overflow vulnerability. An attacker may execute arbitrary code or cause a denial of service (DoS) condition. The affected products are Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earlier.
Multiple vulnerabilities have been discovered in Red Hat Process Automation Manager 7.7.1. It is recommended to upgrade to Red Hat Process Automation Manager 7.8.0.
Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.
openstack-tripleo-heat-templates is a collection of OpenStack Orchestration templates and tools (codename heat), which can be used to help deploy OpenStack. It has been discovered that there is no sVirt protection for OSP16 VMs due to disabled SELinux in openstack-tripleo-heat-templates. An update for openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 16.1 (Train).
Multiple vulnerabilities such as arbitrary code execution, arithmetic overflow, heap-based buffer overflow, and use-after-free have been discovered in the GRUB2 bootloader. It is recommended to upgrade the grub2 packages.
It has been discovered that once an actor has infiltrated a network with Netwalker, a combination of malicious programs may be executed to harvest administrator credentials, steal valuable data, and encrypt user files. In order to encrypt the user files on a victim network, the actors typically launch a malicious PowerShell script embedded with the Netwalker ransomware executable. Two of the most common vulnerabilities exploited by actors using Netwalker are Pulse Secure VPN (CVE-2019-11510) and Telerik UI (CVE-2019-18935).
Nagios Log Server is a popular Centralized Log Management, Monitoring, and Analysis software that allows organizations to view, sort, and configure logs. It has been discovered that Nagios Log Server version 2.1.6 was vulnerable to Stored XSS. An attacker (in this case, an authenticated regular user) could exploit this vulnerability to execute malicious JavaScript aimed to steal cookies, redirect users, perform arbitrary actions on the victim’s (in this case, an admin’s) behalf, logging their keystroke and more. It is recommended to update the application to the latest version.
Mozilla has released security updates to address vulnerabilities in Firefox 79, Firefox for iOS 28, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Magento has released updates for Magento Commerce 2 (formerly known as Magento Enterprise Edition) and Magento Open Source 2 (formerly known as Magento Community Edition). Successful exploitation could lead to arbitrary code execution and signature verification bypass.
Multiple vulnerabilities such as Out-of-bounds Read, and Heap-based Buffer Overflow have been discovered in Delta Electronics' Equipment- Delta Industrial Automation DOPSoft. Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
luajit is a just in time compiler for Lua. It has been discovered that an out-of-bounds read could happen if __gc handler frame traversal is mishandled. It is recommended to upgrade the luajit packages.
Multiple vulnerabilities such as Heap-based Buffer Overflow, and Uncontrolled Resource Consumption have been discovered in Softing Industrial Automation's Equipment- OPC. Successful exploitation of these vulnerabilities could crash the device being accessed. A buffer-overflow condition may also allow remote code execution.
Sympa is a modern mailing list manager. It has been discovered that Sympa incorrectly handled HTTP GET/POST requests, URL parameters and environment variables. An attacker could possibly use this issue to insert, edit or obtain sensitive information, perform XSS attacks and gain root privileges respectively.
PostgreSQL is an advanced object-relational database management system. XML external entity (XXE) vulnerability has been discovered in PgSQLXML of postgresql-jdbc. An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8.
curl is a command line tool for transferring data with URL syntax. It has been discovered that when using -J (--remote-header-name) and -i (--include) in the same command line, a malicious server could force curl to overwrite the contents of local files with incoming HTTP headers. It is recommended to upgrade the curl packages.
Multiple vulnerabilities have been discovered in salt, these vulnerabilities are related to remote hackers bypassing authentication to execute arbitrary commands and getting informations about files on the server. It is recommended to upgrade the salt packages.
Multiple vulnerabilities such as Improper Neutralization of Null Byte or NUL Character, Off-by-one Error, Use of Hard-coded Credentials, and Use of Password Hash with Insufficient Computational Effort have been discovered in Secomea's Equipment- GateManager. Successful exploitation of these vulnerabilities could allow a remote attacker to gain remote code execution on the device.
Google has released Chrome version 84.0.4147.105 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
It has been discovered that SQLite incorrectly handled query-flattener optimization. An attacker could use this vulnerability to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.
It has been discovered that libslirp incorrectly handled replying to certain ICMP echo requests. A remote attacker could possibly use this issue to cause libslirp to crash, resulting in a denial of service.
It has been discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use these vulnerabilities to cause librsvg to consume resources or crash, resulting in a denial of service.
Multiple vulnerabilities such as Heap-based buffer overflow, Stack-based buffer overflow, and Use-after-free have been fixed in MilkyTracker, a music tracker for composing music in the MOD and XM module file formats. It is recommended to upgrade the milkytracker packages.
Multiple vulnerabilities have been discovered and resolved in Pulse Connect Secure and Pulse Policy Secure. It is recommended to upgrade the Pulse Connect Secure and Pulse Policy Secure server software version to the 9.1R8.
It has been discovered that the IBM QRadar Advisor with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. The affected versions are Qradar Advisor 1.1 - 2.5.2. It is recommended to update to 2.5.3.
Multiple vulnerabilities have been discovered in Poppler, a PDF rendering library, that could lead to denial of service or possibly other unspecified impact when processing maliciously crafted documents. It is recommended to upgrade the poppler packages.
It has been discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted image file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service.
It has been discovered that there is an improper authorization vulnerability in several Huawei smartphones. The software does not properly restrict certain operation in certain scenario, the attacker should do certain configuration before the user turns on student mode function. Successful exploitation could allow the attacker to bypass the limit of student mode function. The affected products are HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8).
The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. It has been discovered that EC2 and credential endpoints are not protected from a scoped context and Credentials endpoint policy logic allows changing credential owner and target project ID. An update for openstack-keystone is now available for Red Hat OpenStack Platform 10 (Newton).
It has been discovered that IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple vulnerabilities have been discovered in openjdk. An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data, incorrectly handled sscanf failures, WEBM files, AVI files, JPEG files, M3U8 files. An attacker could possibly use these issues to cause denial of service, obtain sensitive data or other unspecified impact.
A vulnerability has been discovered in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software that could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system.
It has been discovered that when a specific response header has a value that is too long, Jetty will throw an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. This may lead to disclosure of sensitive data. The affected versions are 9.4.27.v20200227, 9.4.28.v20200408, and 9.4.29.v20200521.
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
A vulnerability has been discovered in the automatic update service of Citrix Workspace app for Windows that could result in a local user escalating their privilege level to that of an administrator on the computer running Citrix Workspace app for Windows and a remote compromise of the computer running Citrix Workspace app when Windows file sharing (SMB) is enabled. The affected versions are Citrix Workspace app for Windows 1912 LTSR and Citrix Workspace app for Windows 2002.
Multiple vulnerabilities such as Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, and Improper Access Control have been discovered in Treck Inc.'s Equipment- TCP/IP. Successful exploitation of these vulnerabilities may allow remote code execution or exposure of sensitive information.
fast-http is a library that allows you to create a tiny web server. It has been discovered that the fast-http packages are vulnerable to Directory Traversal. There is no path sanitization in the path provided at fs.readFile in index.js.
Uvicorn is a lightning-fast ASGI server. It has been discovered that Uvicorn's implementation of the HTTP protocol for the httptools parser is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.
Multiple vulnerabilities such as SQL injection and cross-site scripting have been discovered in SAINT. An attacker would need an account on the SAINT system in order to exploit the SQL injection vulnerabilities. An authenticated SAINT user would need to click on a malicious link or button provided by an attacker in order for the cross-site scripting vulnerabilities to be exploited. It is recommended to upgrade to SAINT 9.8.21 or higher.
Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when DLL files are allowed to download without prompting additional warning to the user. An attacker who successfully exploited this vulnerability could drop the DLL files on the users Download folder (or equivalent) and gain elevated privileges.
Stack-based Buffer Overflow vulnerability has been discovered in HMS Industrial Networks AB's Equipment- eCatcher. Successful exploitation of this vulnerability could crash the device being accessed. In addition, a buffer overflow condition may allow remote code execution with highest privileges.
It has been discovered that IBM Verify Gateway (IVG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. The affected versions of IBM Verify Gateway are RADIUS 1.0.0, PAM 1.0.0, 1.0.1 and WinLogin 1.0.0, 1.0.1.
Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Protection Mechanism Failure vulnerability has been discovered in Capsule Technologies' Equipment- SmartLinx Neuron 2. Successful exploitation of this vulnerability could provide an attacker with full control of a trusted device on a hospital’s internal network.
Multiple vulnerabilities have been discovered in multiple products of Siemens. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.
Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
Oracle has released its Critical Patch Update for July 2020 to address 433 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The Apache Software Foundation has released security advisories to address multiple vulnerabilities in Apache Tomcat. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.
Protection Mechanism Failure vulnerability has been discovered in Capsule Technologies' Equipment- SmartLinx Neuron 2. Successful exploitation of this vulnerability could provide an attacker with full control of a trusted device on a hospital’s internal network.
It has been discovered that multiple vulnerabilities in Java affects the IBM FlashSystem 900. An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, no availability impact, and a concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
Multiple vulnerabilities such as denial of service, XML External Entity Injection, cross-site scripting, command injection, and out-of-bound vulnerabilities have been discovered in IBM QRadar SIEM.
It has been discovered that Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers, which leads to HTTP request smuggling and Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace and a later Content-Length header. These vulnerabilities result in HTTP request smuggling. When malformed or abnormal HTTP requests are interpreted, the system can interpret them inconsistently, allowing the attacker to 'smuggle' a request to one device while the other device is unaware of it.
jbig2dec is a decoder implementation of the JBIG2 image compression format. A heap-based buffer overflow vulnerability has been discovered in jbig2_image_compose in jbig2_image.c. An update for jbig2dec is now available for Red Hat Enterprise Linux 8.
D-Bus is a system for sending messages between applications. A denial of service via file descriptor leak has been discovered in dbus. An update for dbus is now available for Red Hat Enterprise Linux 7.
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It has been discovered that malformed NOOP commands leads to DoS in dovecot. An update for dovecot is now available for Red Hat Enterprise Linux 8.
Multiple vulnerabilities such as denial of service, heap-based buffer overflow, and use-after-free have been discovered in openjpeg2. It is recommended to upgrade the openjpeg2 packages.
It has been discovered that /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection and GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. It is recommended to upgrade the mailman packages.
It has been discovered that there exists a directory traversal vulnerability in rack < 2.2.0 that allows an attacker to perform directory traversal vulnerability in the Rack::Directory app which could result in information disclosure and reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
Multiple vulnerabilities such as Server Side Request Forgery and Cross-site Scripting have been discovered in Hitachi Ops Center Analyzer viewpoint and Hitachi Infrastructure Analytics Advisor/Hitachi Ops Center Analyzer respectively. The affected products are Hitachi Ops Center Analyzer viewpoint version 10.0.0-00 or more and less than 10.3.0-00, Hitachi Infrastructure Analytics Advisor 2.0.0-00 or more and less than 10.3.0-00 and Hitachi Ops Center Analyzer 10.0.0-00 or more and less than 10.3.0-00.
It has been discovered that the affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are version < 7.13.16, 8.0.0 ≤ version < 8.5.7, 8.6.0 ≤ version < 8.9.2, and 8.10.0 ≤ version < 8.10.1.
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Improper Restriction of XML External Entity Reference vulnerability has been discovered in Rockwell Automation's Equipment- Logix Designer Studio 5000. Successful exploitation of this vulnerability could allow an unauthenticated attacker to craft a malicious file, which when parsed, could lead to some information disclosure of hostnames or other resources from the program.
VMware Fusion, VMRC for Mac and Horizon Client for Mac contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC for Mac or Horizon Client for Mac is installed.
It has been discovered that there was a possible signature verification issue in firmware update daemon library fwupd as the return value of gpgme_op_verify_result was not being checked. It is recommended to upgrade the fwupd packages.
It has been discovered that an OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network-based attacker to execute arbitrary OS commands with root privileges. An attacker would require some level of specific information about the configuration of an impacted firewall or perform brute-force attacks to exploit this issue.
It has been discovered that Carbon Black Response application add on to IBM QRadar SIEM is vulnerable to cross site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. The affected versions are Carbon Black Response 1.0.1 - 1.3.0.
libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. It has been discovered that an overly large SETTINGS frames in nghttp2 can lead to DoS. An update for nghttp2 is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
An SQL-injection vulnerability has been discovered in VeloCloud. The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.
Multiple vulnerabilities have been discovered in Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in a number of security issues. It is recommended to update to the required versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP.
Multiple vulnerabilities such as Missing Authentication for Critical Function, and Unprotected Storage of Credentials have been discovered in Grundfos Pumps Corporation's Equipment- CIM 500. Successful exploitation of these vulnerabilities could allow access to cleartext credential data.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-07-05 or later address all of these issues.
Multiple vulnerabilities such as Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation, NULL Pointer Dereference, Improper Access Control, Argument Injection, and Resource Management Errors have been discovered in Mitsubishi Electric's Equipment- GOT2000 Series. Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition or remote code execution.
Multiple vulnerabilities such as Stack-based Buffer Overflow, and Out-of-Bounds Read have been discovered in Phoenix Contact's Equipment- Automation Worx Software Suite. Successful exploitation could allow an attacker to execute arbitrary code under the privileges of the application.
Samba has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Cross-site Scripting vulnerability has been discovered in ABB's Equipment- System 800xA Information Manager. Successful exploitation of this vulnerability could allow an attacker to inject and execute arbitrary code on the information manager server.
Multiple vulnerabilities such as Path Traversal, Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, and Improper Authentication have been discovered in Nortek's Equipment- Linear eMerge 50P/5000P. Successful exploitation of these vulnerabilities could allow a remote attacker to gain full system access.
Multiple vulnerabilities have been discovered in OpenClinic GA's Equipment- OpenClinic GA. Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, discover restricted information, view/manipulate restricted database information, and/or execute malicious code.
It has been discovered that Docker, a Linux container runtime, created network bridges which by default accept IPv6 router advertisements. This could allow an attacker with the CAP_NET_RAW capability in a container to spoof router advertisements, resulting in information disclosure or denial of service. It is recommended to upgrade the docker.io packages.
It has been discovered that Apache Guacamole 1.1.0 and older may mishandle pointers involved in processing data received via RDP static virtual channels. If a user connects to a malicious or compromised RDP server, a series of specially-crafted PDUs could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. It is recommended to upgrade from Apache Guacamole 1.1.0 to 1.2.0.
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. An attacker could exploit this vulnerability to take control of an affected system.
Multiple vulnerabilities such as Out-of-bounds Read, and Heap-based Buffer Overflow have been discovered in Delta Electronics' Equipment- Delta Industrial Automation DOPSoft. Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
Multiple vulnerabilities such as Improper Restriction of XML External Entity Reference and Uncontrolled Resource Consumption have been discovered in Mitsubishi Electric's Equipment- Factory Automation Engineering Software Products. Successful exploitation of these vulnerabilities could allow a local attacker to send files outside of the system as well as cause a denial-of-service condition.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
It has been discovered that when Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability. This vulnerability affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). This issue does not affect PAN-OS 7.1.
It has been discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information.
It has been discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information.
Multiple vulnerabilities have been fixed in zziplib, a library providing read access on ZIP-archives. They are basically all related to invalid memory access and resulting crash or memory leak. It is recommended to upgrade the zziplib packages.
It has been discovered that pngquant, a PNG (Portable Network Graphics) image optimising utility, is susceptible to a buffer overflow write issue triggered by a maliciously crafted png image, which could lead into denial of service or other issues. It is recommended to upgrade the pngquant packages.
It has been discovered that libtiprc, a transport-independent RPC library, could be used for a denial of service or possibly unspecified other impact by a stack-based buffer overflow due to a flood of crafted ICMP and UDP packets. It is recommended to upgrade the libtirpc packages.
A vulnerability has been discovered in Libtasn1, a library to manage ASN.1 structures, allowing a remote attacker to cause a denial of service against an application using the Libtasn1 library. It is recommended to upgrade the libtasn1-6 packages.
It has been discovered that there was a "roster push attack" in mcabber, a console-based Jabber (XMPP) client. This is identical to CVE-2015-8688 for gajim. It is recommended to upgrade the mcabber packages.
It has been discovered that there was a command injection vulnerability in picocom, a minimal dumb-terminal emulation program. It is recommended to upgrade the picocom packages.
It has been discovered that a specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. An attacker could exploit this vulnerability to cause a denial-of-service condition. The affected versions are Apache Tomcat 8.5.0 to 8.5.55, 9.0.0.M1 to 9.0.35 and 10.0.0-M1 to 10.0.0-M5.
Multiple vulnerabilities such as Cleartext Transmission of Sensitive Information, Uncontrolled Resource Consumption, Hidden Functionality, and Improper Access Control have been discovered in Schneider Electric's Equipment- Triconex TriStation and Triconex Tricon Communication Module. Successful exploitation of these vulnerabilities may allow an attacker to view clear text data on the network, cause a denial-of-service condition, or allow improper access.
It has been discovered that there was an out-of-bounds access vulnerability in the server-server protocol in the ngircd Internet Relay Chat (IRC) server. It is recommended to upgrade the ngircd packages.
It has been discovered that there was a vulnerability in lynis, a security auditing tool. The license key could be obtained by simple observation of the process list when a data upload is being performed. It is recommended to upgrade the lynis packages.
Multiple vulnerabilities such as Improper Authentication, Cleartext Transmission of Sensitive Information, Missing Encryption of Sensitive Data, and Storing Passwords in a Recoverable Format have been discovered in BIOTRONIK's Equipment- CardioMessenger II-S T-Line and CardioMessenger II-S GSM. Successful exploitation of these vulnerabilities could allow an attacker with physical access to the CardioMessenger to obtain sensitive data, obtain transmitted medical data from implanted cardiac devices with the implant’s serial number or impact Cardio Messenger II product functionality. Successful exploitation of these vulnerabilities could allow an attacker with adjacent access to influence communications between the Home Monitoring Unit (HMU) and the Access Point Name (APN) gateway network.
Multiple vulnerabilities have been discovered in Baxter's Equipment- Baxter ExactaMix EM 2400 & EM 1200, Phoenix Hemodialysis Delivery System, PrismaFlex and PrisMax, and Sigma Spectrum Infusion Pumps. Successful exploitation of these vulnerabilities could allow an attacker to take control of an affected system.
Multiple vulnerabilities have been discovered in Mitsubishi Electric's Equipment- MC Works64 and MC Works32. Successful exploitation of these vulnerabilities may allow remote code execution, a denial-of-service condition, information disclosure, or information tampering.
Improper Verification of Cryptographic Signature vulnerability has been discovered in Johnson Controls' Equipment- exacqVision. Successful exploitation of this vulnerability could allow an attacker with administrative privileges to potentially download and run a malicious executable that could allow the execution of operating system commands on the system.
Multiple vulnerabilities such as Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, and Improper Access Control have been discovered in Treck Inc's Equipment- TCP/IP. Successful exploitation of these vulnerabilities may allow remote code execution or exposure of sensitive information.
Multiple vulnerabilities such as Improper Input Validation, Improper Restriction of Operations Within The Bounds of a Memory Buffer, Permissions, Privileges, and Access Controls, and Exposure of Sensitive Information to an Unauthorized Actor have been discovered in Rockwell Automation's Equipment- FactoryTalk View SE. Successful exploitation of these vulnerabilities may allow a remote authenticated attacker to manipulate data of affected devices.
Improper Input Validation vulnerability has been discovered in Rockwell Automation's Equipment- FactoryTalk Services Platform. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute remote COM objects with elevated privileges.
Multiple vulnerabilities such as buffer overflow or memory corruption have been discovered in ICONICS' Equipment- GENESIS64 and GENESIS32. Successful exploitation of these vulnerabilities may allow remote code execution or denial of service.
Improper Access Control vulnerability has been discovered in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 that allows local users to view sensitive files via a carefully crafted HTTP request parameter. It is recommended to upgrade to Advanced Threat Defense (ATD) 4.10.0.
It has been discovered that VMware Tools for macOS contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs.
Drupal has released security updates to address multiple vulnerabilities such as Access bypass, Arbitrary PHP code execution and Cross Site Request Forgery affecting Drupal 7, 8.8, 8.9, and 9.0. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The affected versions are BIND 9.16.0 to 9.16.3, BIND 9.11.14 to 9.11.19, BIND 9.14.9 to 9.14.12, BIND 9.16.0 to 9.16.3 and versions 9.11.14-S1 to 9.11.19-S1 of BIND Supported Preview Edition.
Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that an elevation of privilege vulnerability exists in Windows 10 version 1903 when the Windows Spatial Data Service improperly handles objects in memory. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation.
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that an untrusted search patch vulnerability exists in Trend Micro Security 2020 that could allow an attacker to run arbitrary code on a vulnerable system. The affected versions are Premium Security 2020 for Windows v16.0.1146 and earlier, Maximum Security 2020 for Windows v16.0.1146 and earlier, Internet Security 2020 for Windows v16.0.1146 and earlier, and Antivirus+ 2020 for Windows v16.0.1146 and earlier. It is recommended to upgrade all Trend Micro Security 2020 versions to v16.0.1373.
Google has released Chrome version 83.0.4103.106 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
A Path Traversal vulnerability has been discovered in Hitachi Automation Director and Hitachi Ops Center Automator. The affected versions are Hitachi Automation Director 8.1.1-00 or more and less than 10.1.1-00 (Windows), Hitachi Automation Director 8.2.0-00 or more and less than 10.1.1-00 (Linux) and Hitachi Ops Center Automator 10.0.0-00 or more and less than 10.1.0-00 (Windows, Linux). It is recommended to upgrade to the appropriate version.
Multiple vulnerabilities have been discovered in Citrix Workspace app and Receiver for Windows that could result in a local user escalating their privilege level to administrator during the uninstallation process. These vulnerabilities do not affect Citrix Workspace app and Receiver on any other platforms.
It has been discovered that unencrypted user credentials were stored in transaction logs in Philips' Equipment- IntelliBridge Enterprise (IBE) system. Successful exploitation of this vulnerability may allow an existing administrator and/or high privileged system user access to credentials to the hospital’s clinical information systems.
Multiple vulnerabilities such as Improper Input Validation, Path Traversal, and Unrestricted Upload of File with Dangerous Type have been discovered in Rockwell Automation's Equipment- FactoryTalk Linx Software. Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition, obtain remote code execution, and read sensitive information.
Cross-site Scripting vulnerability has been discovered in OSIsoft's Equipment- PI Web API 2019. Successful exploitation of this vulnerability could allow a remote authenticated attacker with write access to a PI Server to trick a user into interacting with a PI Web API endpoint that executes arbitrary JavaScript in the user’s browser, resulting in view, modification, or deletion of data as allowed for by the victim’s user permissions.
It has been discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform a Cross-Side Scripting (XSS) attack leading to the execution of arbitrary code. It is recommended to upgrade the roundcube packages.
It has been discovered that PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. It is recommended to upgrade the libphp-phpmailer packages.
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Multiple vulnerabilities have been discovered in Red Hat JBoss Enterprise Application Platform 7.3.0. An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8 that includes bug fixes and enhancements.
Expat is a C library for parsing XML documents. An Integer overflow leading to buffer overflow in XML_GetBuffer() of expat has been discovered. An update for expat is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.
WordPress 5.4.1 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. It is recommended to upgrade to WordPress 5.4.2.
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Unsafe Object Creation vulnerability in JSON has been discovered. An update for pcs is now available for Red Hat Enterprise Linux 8.
Potential security vulnerabilities in Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Dynamic Application Loader (DAL) may allow escalation of privilege, denial of service or information disclosure. Intel recommends that users of Intel CSME, Intel SPS, Intel TXE, Intel AMT, Intel ISM and Intel DAL update to the latest versions provided by the system manufacturer that address these issues.
A privilege escalation vulnerability affecting VMware Horizon Client for Windows has been discovered. A local user on the system where the software is installed may exploit this vulnerability to run commands as any user.
Adobe has released security updates to address vulnerabilities in Flash Player, Experience Manager, and Framemaker. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities such as Improper Input Validation, and Use of Hard Coded Credentials have been discovered in Philips' Equipment- PageWriter TC10, TC20, TC30, TC50, and TC70 Cardiographs. Successful exploitation of these vulnerabilities could allow buffer overflows, or allow an attacker to access and modify settings on the device.
Multiple vulnerabilities have been discovered in multiple Siemens' Equipments. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities such as Uncontrolled Search Path Element, Improper Verification of Cryptographic Signature, Incorrect Default Permissions, Uncaught Exception, Null Pointer Dereference, Improper Input Validation, Cross-site Scripting, and Insertion of Sensitive Information into Log File have been discovered in OSIsoft's Equipment- PI System. Successful exploitation of these vulnerabilities could allow an attacker to access unauthorized information, delete or modify local processes, and crash the affected device.
Resource Exhaustion vulnerability has been discovered in Mitsubishi Electric's Equipment- MELSEC iQ-R series. Successful exploitation of this vulnerability could cause the Ethernet port to enter a denial-of-service condition.
Stack-based Buffer Overflow vulnerability has been discovered in Advantech's Equipment- WebAccess Node. Successful exploitation of this vulnerability could crash the application being accessed; a buffer overflow condition may allow remote code execution.
The Universal Plug and Play (UPnP) protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using SUBSCRIBE functionality, leading to amplified DDoS attacks and data exfiltration.
It has been discovered that the BCC recipients are visible in article detail on external interface. This information disclosure vulnerability affects OTRS 7.0.17 and prior versions, and OTRS 8.0.3 and prior versions. It is recommended to upgrade to OTRS 7.0.18 or OTRS 8.0.4.
It has been discovered that the `ippReadIO` function may under-read an extension field and there was a heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c. It is recommended to upgrade the cups packages.
A vulnerability has been discovered in graphicsmagick, a collection of image processing tools, that results in a heap buffer overwrite when magnifying MNG images. It is recommended to upgrade the graphicsmagick packages.
Multiple vulnerabilities have been discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code. It is recommended to upgrade the nodejs packages.
It has been discovered that there was a file descriptor leak in the D-Bus message bus. An unprivileged local attacker could use this to attack the system DBus daemon, leading to denial of service for all users of the machine. It is recommended to upgrade the dbus packages.
It has been discovered that a vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178. An automatic update to Bitdefender Antivirus Free version 1.0.17.178 or newer fixes this vulnerability.
It has been discovered that the Management Console is vulnerable to a XXE attack when adding and updating a Lifecycle. The XXE attacks can affect any trusted system respective to the machine where the parser is located. This attack may result in disclosing local files, denial of service, server-side request forgery, port scanning and other system impacts on affected systems.
WinGate is a sophisticated integrated Internet gateway and communications server. It has been discovered that WinGate has insecure permissions for the installation directory, which allows local users ability to gain privileges by replacing an executable file with a Trojan horse. The affected versions are WinGate v9.4.1.5998.
It has been discovered that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2. The affected versions are below GnuTLS 3.6.14.
It has been discovered that WebSphere Application Server is vulnerable to a remote code execution vulnerability. The IBM WebSphere Application Server traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects.
Potential security vulnerabilities have been discovered in HPE Edgeline Integrated System Manager. These vulnerabilities, known as the "TCP SACK Panic", could be remotely exploited to cause a remote denial of service. The affected versions are HPE Edgeline EL300 Converged Edge System - Running HPE Edgeline Integrated System Manager Prior to 2.06.
It has been discovered that IBM QRadar is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. The affected products and versions are all SDEE protocol versions before 7.3.0-QRADAR-PROTOCOL-SDEE-7.3-20200429181957 and all SDEE protocol versions before 7.4.0-QRADAR-PROTOCOL-SDEE-7.4-20200429181942.
An improper neutralization of input and an unquoted service path vulnerability has been discovered in FortiAnalyzer and FortiSIEM Windows Agent respectively. The affected versions are FortiAnalyzer version 6.2.3 and below and FortiSIEMWindowsAgent version 3.1.2 and below. It is recommended to upgrade to FortiAnalyzer version 6.2.4 or above or 6.4.0 or above and FortiSIEMWindowsAgent version 3.2.0 or above.
Google has released Chrome version 83.0.4103.97 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that there is an improper handling of exceptional condition vulnerability in Huawei Smartphones. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones.
Multiple vulnerabilities such as data leakage and XSS have been discovered in Django. The affected versions are Django master branch, Django 3.1 (currently at alpha status), Django 3.0, and Django 2.2. It is recommended to upgrade to Django 3.0.7 or Django 2.2.13.
Multiple vulnerabilities such as XSS and CSRF have been discovered in Joomla! CMS. An attacker could exploit these vulnerabilities to take control of an affected system.
url-regex is a package with regular expression for matching URLs. It has been discovered that the affected versions of url-regex package are vulnerable to Regular Expression Denial of Service (ReDoS). An attacker providing a very long string in String.test can cause a Denial of Service.
It has been discovered that IP Encapsulation within IP (RFC2003 IP-in-IP) can be abused by an unauthenticated attacker to unexpectedly route arbitrary network traffic through a vulnerable device.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Missing Authentication for Critical Function vulnerability has been discovered in GE's Equipment- Grid Solutions Reason RT Clocks. Successful exploitation of this vulnerability could allow access to sensitive information, execution of arbitrary code, and cause the device to become unresponsive.
An Improper Access Control vulnerability has been discovered in SWARCO TRAFFIC SYSTEMS' Equipment- CPU LS4000. Successful exploitation of this vulnerability could allow access to the device and disturb operations with connected devices.
It has been discovered that clusters using IPv4 may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with default privilege is able to reconfigure the node’s IPv6 interface and redirect traffic from the node to the compromised pod. It is recommended to upgrade to the latest Calico or Calico Enterprise releases.
Ant is a java based build tool like make. It has been discovered that Apache Ant created temporary files with insecure permissions. An attacker could use this vulnerability to read sensitive information leaked into /tmp, or potentially inject malicious code into a project that is built with Apache Ant.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-06-05 or later address all of these issues.
Flask is a micro web framework based on Werkzeug and Jinja2. It has been discovered that Flask incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
ca-certificates is common CA certificates. It has been discovered that ca-certificates package contained an expired CA certificate that caused connectivity issues. This update removes the "AddTrust External Root" CA.
It has been discovered that use of a hard-coded cryptographic key to encrypt security sensitive data in configuration in FortiClient for Windows may allow an attacker with access to the configuration or the backup file to decrypt the sensitive data via knowledge of the hard-coded key. The affected versions are FortiClient for Windows below 6.4.0. It is recommended to upgrade to FortiClient for Windows 6.4.0.
An Out-Of-Bound (OOB) access vulnerability has been discovered in the Message Signalled Interrupt (MSI-X) device support of QEMU. This vulnerability could occur while performing MSI-X mmio operations when a guest sent address goes beyond the mmio region. A guest user/process may use this vulnerability to crash the QEMU process resulting in DoS scenario.
It has been discovered that a Kubernetes cluster using an affected networking implementation is vulnerable to man-in-the-middle (MitM) attacks. Kubernetes itself is not vulnerable.
Multiple vulnerabilities have been discovered in the Planning Analytics Workspace component of IBM Planning Analytics. An attacker could exploit one of these vulnerabilities to take control of an affected system.
Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected system.
A vulnerability has been discovered in the network stack of Cisco NX-OS Software that could allow an unauthenticated, remote attacker to bypass certain security boundaries or cause a denial of service (DoS) condition on an affected device.
Multiple vulnerabilities have been discovered in multiple products of ABB. An attacker could exploit some of these vulnerabilities to take control of an affected system.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Multiple vulnerabilities such as Out-of-bounds write and Integer overflow have been discovered in freerdp. An update for freerdp is now available for Red Hat Enterprise Linux 7.
A security vulnerability in the exchange of information through Windows Named Pipes has been discovered in PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows. This would allow the interception of sensitive information. Additionally, if the user account had windows impersonation enabled, then the attacker could elevate privilege to execute as Windows System. The affected versions are PCoIP Agent (Standard or Graphics) for Windows 19.11.1 and earlier, and PCoIP Agent (Standard or Graphics) for Windows 2.7.8 and earlier. It is recommended to update the PCoIP Agent for Windows to 19.11.2 (or later) or the 2.7.9 patch.
Multiple vulnerabilities have been discovered in bbPress 2.6. These vulnerabilities have been fixed in bbPress 2.6.5. It is recommended to update from bbPress 2.6 to bbPress 2.6.5.
Unbound is a validating, recursive, and caching DNS resolver. It has been discovered that Unbound incorrectly handled certain queries and malformed answers. A remote attacker could use these vulnerabilities to perform an amplification attack directed at a target or cause Unbound to crash, resulting in a denial of service.
Multiple vulnerabilities such as EternalBlue, BlueKeep, Improper Access Control, and lack of Full Disk Encryption have been discovered in Bosch Recording Station (BRS). Bosch strongly recommends to operate the BRS system in a closed network and prevent unauthorized direct access to the BRS server.
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
A new elevation of privilege vulnerability has been discovered in Android that allows hackers to gain access to almost all apps. This vulnerability has been named StrandHogg 2.0 due to its similarities with the infamous StrandHogg vulnerability.
A Stored XSS vulnerability has been discovered in the File Picker area under Extensions in CMS Made Simple Admin Console. This vulnerability affects the CMS Made Simple latest version (2.2.14) and below.
Multiple vulnerabilities such as Missing Authentication for Critical Function and Deserialization of Untrusted Data have been discovered in Inductive Automation's Equipment- Ignition. Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information and perform remote code execution with SYSTEM privileges.
A system permissions vulnerability has been discovered in all versions of Tyco Kantech EntraPass Security Management Software Editions. An attacker with authorized access to a low-privileged user account could exploit this vulnerability to gain full system level privileges.
An integer overflow vulnerability has been discovered in the sqlite3_str_vappendf function of the src/printf.c file of sqlite3 from version 3.8.3. It is recommended to upgrade the sqlite3 packages.
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. Multiple vulnerabilities have been discovered in Red Hat Data Grid 7.3.5. These vulnerabilities have been fixed in new release Red Hat Data Grid 7.3.6.
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The mod_rewrite configurations of httpd is vulnerable to open redirect vulnerability. An update for httpd24-httpd and httpd24-mod_md is now available for Red Hat Software Collections.
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. A HTTP request smuggling vulnerability with transfer-encoding header containing an obfuscated "chunked" value has been discovered in haproxy and HTTP/2 implementation of haproxy is vulnerable to intermediary encapsulation attacks. An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections.
A vulnerability has been discovered in the Linux kernels SELinux LSM hook implementation where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.
Multiple vulnerabilities such as Improper Access Control, Privilege Escalation, and Unauthorized code execution have been discovered in FortiClient and FortiGateCloud of FortiGuard. The affected products are FortiClient for Windows 6.2.1 and below and FortiGateCloud version 4.4.
Multiple vulnerabilities have been discovered in qmail which could result in the execution of arbitrary code, bypass of mail address verification and a local information leak whether a file exists or not. It is recommended to upgrade the netqmail packages.
Directory traversal vulnerability has been discovered in the Rack::Directory app that is bundled with Rack. If certain directories exist in a director that is managed by `Rack::Directory`, an attacker could, using this vulnerability, read the contents of files on the server that were outside of the root specified in the Rack::Directory initializer. It is recommended to upgrade the ruby-rack packages.
Meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.
Multiple vulnerabilities such as SQL Injection, Path Traversal, and Argument Injection have been discovered in Schneider Electric's Equipment- EcoStruxure Operator Terminal Expert. Successful exploitation of these vulnerabilities could allow unauthorized write access or remote code execution.
Cleartext Storage of Sensitive Information vulnerability has been discovered in Johnson Controls' Equipment- Software House C-CURE 9000 and American Dynamics victor Video Management System. Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application.
A race condition for systems with Message Aggregation enabled has been discovered in Slurm. This race condition vulnerability could allow a user to launch a process as an arbitrary user. This vulnerability has been fixed in Slurm versions 20.02.3 and 19.05.7.
Apple has released a security update to address a vulnerability in Xcode. A remote attacker could exploit this vulnerability to take control of an affected system.
Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.7, and 8.8. A remote attacker could exploit these vulnerabilities to take control of an affected system.
It has been discovered in Apache Tomcat that using a specifically crafted request an attacker will be able to trigger remote code execution via deserialization of the file under their control. The affected versions are Apache Tomcat 10.0.0-M1 to 10.0.0-M4, Apache Tomcat 9.0.0.M1 to 9.0.34, Apache Tomcat 8.5.0 to 8.5.54 and Apache Tomcat 7.0.0 to 7.0.103.
Cisco has released security updates to address multiple vulnerabilities affecting various Cisco products. An attacker could exploit these vulnerabilities to take control of an affected system.
It has been discovered that in some Fortinet products the TCP stacks that lack RFC 5961 3.2 & 4.2 support (or have it disabled at application level) may allow remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST or SYN packet. The affected products are FortiAnalyzer 6.2.3 and below and FortiManager 6.2.3 and below. It is recommended to upgrade FortiAnalyzer to 6.2.4 or above and FortiManager to 6.2.4 or above.
Trend Micro has released a new Critical Patch (CP) for Trend Micro InterScan Web Security Appliance (IWSVA) 6.5. This CP resolves multiple vulnerabilities related to cross-site scripting (XSS), directory traversal information disclosure, authenticated command injection and authentication bypass.
Multiple vulnerabilities such as Improper Restriction of Operations within the Bounds of a Memory Buffer, and SQL Injection have been discovered in Rockwell Automation's Equipment- EDS Subsystem. Successful exploitation of these vulnerabilities could lead to a denial-of-service condition.
Arguments modification via missing support for integrity check vulnerability has been discovered in RAONWIZ Inc K Upload. Automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it.
Multiple vulnerabilities such as Missing Authentication for Critical Function, Improper Ownership Management, and Inadequate Encryption Strength have been discovered in Emerson's Equipment- OpenEnterprise SCADA Software. Successful exploitation of these vulnerabilities could allow an attacker access to OpenEnterprise configuration services or access passwords for OpenEnterprise user accounts.
Bind is an Internet Domain Name Server. It has been discovered that Bind incorrectly limited certain fetches and incorrectly handled checking TSIG validity. A remote attacker could possibly use this issue to cause Bind to consume resources or cause Bind to crash, resulting in a denial of service.
Exim is a mail transport agent. It has been discovered that Exim incorrectly handled certain inputs. A remote attacker could possibly use this vulnerability to access sensitive information or authentication bypass.
Multiple vulnerabilities have been discovered in HPE Superdome Flex Server Remote Management Controller (RMC) and HPE NimbleStorage. A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system.
It has been discovered that jquery is vulnerable to Cross-site Scripting (XSS). The affected versions are jquery prior to 1.9.0. It is recommended to upgrade jquery to version 1.9.0 or higher.
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain sensitive information or perform remote code execution.
Google has released Chrome version 83.0.4103.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
A code injection vulnerability has been discovered in VMware Cloud Director. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution.
Microsoft has discovered a vulnerability involving packet amplification that affects Windows DNS servers. An attacker who successfully exploits this vulnerability could cause the DNS Server service to become nonresponsive.
It has been discovered that Signal Messenger App has a vulnerability which allows a remote non-contact to ring a user's Signal phone and disclose the Signal user's current DNS server. This can result in a remote attacker obtaining coarse information via leaking DNS server IP of a Signal user, which may disclose coarse location as well as changes in internet connections at any given moment.
It has been discovered that WordPress Plugin "Paid Memberships Pro" contains SQL injection vulnerability. An attacker who can access the administrative page of Paid Membership Pro may obtain and/or alter the information stored in the database. It is recommended to upgrade the plugin to version 2.3.3.
Multiple vulnerabilities such as SNMPv2 and remotesupport have been discovered in Dell EMC Isilon OneFS. These vulnerabilities could be exploited by malicious users to compromise the affected system. The affected verions are Dell EMC Isilon OneFS 8.2.2 and earlier.
Multiple vulnerabilities such as stored XSS and remote code execution have been discovered in MathJax and SCORM package of Moodle respectively. The affected versions are 3.8 to 3.8.2, 3.7 to 3.7.5, 3.6 to 3.6.9, 3.5 to 3.5.11 and earlier unsupported versions.
Multiple vulnerabilities have been discovered in Red Hat build of Thorntail. An update is now available for Red Hat build of Thorntail. This release of Red Hat build of Thorntail 2.5.1 includes security updates, bug fixes, and enhancements.
DPDK is a set of libraries for fast packet processing. It has been discovered that DPDK incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. These vulnerabilities affects Ubuntu 20.04 LTS, Ubuntu 19.10 and Ubuntu 18.04 LTS.
Sending malformed NOOP command or sending command followed by sufficient number of newlines or sending mail with empty quoted localpart can cause crash in submission, submission-login or lmtp service, causing denial of service attack. The affected verions are Dovecot prior to 2.3.10.1.
It has been discovered that a locally authenticated user with low privileges in Ivanti Workspace Control v10.3 and v10.4 can acquire admin privileges by changing certain user registry entries. This allows an attacker to start applications with elevated privileges. This only applies to configurations where administrator rights have been added to an application by using Dynamic Privileges. This vulnerability has been resolved in Ivanti Workspace Control 10.4.40.0.
Multiple vulnerabilities such as Pairing Method Confusion and Bluetooth Impersonation Attacks have been discovered in Bluetooth devices supporting LE and BR/EDR implementation. The affected versions are Core Spec, v2.1 to v5.2.
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info" feature.
An XML external entity vulnerability has been discovered in log4net, a logging API for the ECMA Common Language Infrastructure (CLI), sometimes referred to as "Mono". It is recommended to upgrade the log4net packages.
Multiple vulnerabilities have been discovered in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center, Hitachi Compute Systems Manager, JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2.
IBM i users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. The issue can be fixed by applying a PTF to the IBM i Operating System. It is recommended that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
OpenStack Shared Filesystem Service (Manila) provides services to manage network filesystems for use by Virtual Machine instances. User with share-network UUID is able to show create and delete shares. An update for openstack-manila is now available for Red Hat OpenStack Platform 16 (Train).
kpatch is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. A null pointer dereference while receiving CIPSO packet with null category may cause kernel panic. An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.
.NET Core is a managed-software framework. A denial of service vulnerability via untrusted input has been discovered in dotnet. An update for .NET Core is now available for Red Hat Enterprise Linux 8. The updated version is .NET Core Runtime 2.1.18 and SDK 2.1.514.
An improper restriction of XML external entity reference (XXE) vulnerability has been discovered in Palo Alto Networks Panorama management service which allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This vulnerability affects all versions of PAN-OS for Panorama 7.1 and 8.0, PAN-OS for Panorama 8.1 versions earlier than 8.1.13, and PAN-OS for Panorama 9.0 versions earlier than 9.0.7.
The reCaptcha v3 module enables to protect forms using the Google reCaptcha V3. If the reCaptcha v3 challenge succeeds, all the other form validations are bypassed. This makes it possible for attackers to submit invalid or incomplete forms. This vulnerability only affects forms that are protected by reCaptcha v3 and have server side validation steps. It is recommended to upgrade to the latest version of reCAPTCHA v3.
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse.
Adobe has released security updates to address vulnerabilities affecting Adobe DNG Software Development Kit, Acrobat, and Reader. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Cross-site Scripting vulnerability has been discovered in 3S-Smart Software Solutions GmbH's Equipment- CODESYS V3 Library Manager. Successful exploitation of this vulnerability may allow malicious content from manipulated libraries to be displayed or executed.
Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Injection, and Null Pointer Dereference have been discovered in different Equipments- OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River. Successful exploitation of these vulnerabilities could allow remote code execution.
Multiple vulnerabilities such as Uncontrolled Search Path Element, Improper Verification of Cryptographic Signature, Incorrect Default Permissions, Uncaught Exception, Null Pointer Dereference, Improper Input Validation, Cross-site Scripting, and Insertion of Sensitive Information into Log File have been discovered in OSIsoft's Equipment- PI System. Successful exploitation of these vulnerabilities could allow an attacker to access unauthorized information, delete or modify local processes, and crash the affected device.
Multiple vulnerabilities such as Improper Input Validation and Incorrect Privilege Assignment have been discovered in Eaton's Equipment- Intelligent Power Manager. Successful exploitation of these vulnerabilities could allow an attacker to perform command injection or code execution and allow non-administrator users to manipulate the system configurations.
The podman tool manages pods, container images, and containers. Crafted input tar file may lead to local file overwrite during image build process and Use-after-free in GPGME bindings during container image pull. An update for podman is now available for Red Hat Enterprise Linux 7 Extras.
Siemens low & high voltage power meters are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. The vulnerability could allow an attacker to execute a variety of exploits for the purpose of Denial-of-Service (DoS), data extraction, RCE, etc. targeting both availability and confidentiality of the devices and data.
A vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 and PDF-parsing module in ClamAV 0.101 - 0.102.2 that could cause a denial-of-service condition has been fixed. Other issues such as "Attempt to allocate 0 bytes" error when parsing some PDF documents and some minor memory leaks have also been fixed. The libclamunrar has been updated to UnRAR 5.9.2. It is recommended to upgrade ClamAV to 0.102.3.
Multiple vulnerabilities have been discovered in the src wordpress package. An attacker could exploit these vulnerabilities to take control of an affected system. It is recommended to upgrade the wordpress packages.
The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. A heap buffer overflow vulnerability has been discovered during packet reassembly in slirp of QEMU. An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.
Multiple vulnerabilities such as Out of Bounds, Directory Traversal, and Elevation of Privilege have been discovered in the Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Manager (SEPM). It is recommended to upgrade SEP and SEPM to 14.3.
It has been discovered that libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. It is recommended to upgrade the libntlm packages.
Multiple vulnerabilities such as Authentication Bypass and Directory Traversal have been discovered in Salt, an open source project by SaltStack, which have been determined to affect VMware vRealize Operations Manager (vROps). The affected versions are 8.1.0, 8.0.x, and 7.5.0.
A race condition has been discovered in the mkhomedir tool shipped with the oddjob package. This vulnerability allows an attacker to leverage this flaw by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.
Multiple vulnerabilities have been discovered in Wordpress Elementor Pro. These vulnerabilities allows any logged-in user to upload and execute PHP scripts on the blog and a vulnerability in Ultimate Addons for Elementor allows for subscriber registration. It is recommended to upgrade to Elementor Pro 2.9.4.
Multiple vulnerabilities such as Improper Validation of Array Index, Relative Path Traversal, SQL Injection, Stack-based Buffer Overflow, Heap-based Buffer Overflow, and Out-of-bounds Read have been discovered in Advantech's Equipment- WebAccess Node. Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, and compromise system availability.
In WSO2, it has been discovered that the Management Console is vulnerable to a XXE attack when updating an EventPublisher. The XXE attacks can affect any trusted system respective to the machine where the parser is located. This attack may result in disclosing local files, denial of service, server-side request forgery, port scanning and other system impacts on affected systems.
A vulnerability has been discovered in Zulip Desktop 0.5.10, a certification validation handler inadvertently disabled all certificate validation whether or not ignoreCerts was enabled, except during initial association with the server. All versions of Zulip Desktop from 0.5.10 through 5.1.0 are affected. It is recommended to upgrade to latest release.
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
A vulnerability has been discovered in the EC2 credentials API of Keystone, the OpenStack identity service: Any user authenticated within a limited scope (trust/oauth/application credential) could create an EC2 credential with an escalated permission, such as obtaining "admin" while the user is on a limited "viewer" role. It is recommended to upgrade the keystone packages.
ManageEngine DataSecurity Plus application uses default admin credentials to communicate with Dataengine Xnode server. This allows an attacker to bypass authentication for Dataengine Xnode server and execute all operations in the context of admin user.
Google has released Chrome version 81.0.4044.138 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
Multiple vulnerabilities such as Cross-site Scripting, and Path Traversal have been discovered in SAE IT-systems' Equipment- FW-50 Remote Telemetry Unit (RTU). Successful exploitation of these vulnerabilities may allow an attacker to execute remote code, disclose sensitive information, or cause a denial-of-service condition.
Uncontrolled Search Path Element vulnerability has been discovered in Fazecast's Equipment- jSerialComm. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on a targeted system.
SQLite is a C library that implements an SQL database engine.The fts3 of sqlite has an improve shadow table corruption detection. An update for sqlite is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.
Muliple vulnerabilities have been discovered in customer-managed Citrix ShareFile storage zone controllers. These vulnerabilities, if exploited, would allow an unauthenticated attacker to compromise the storage zones controller potentially giving an attacker the ability to access ShareFile users’ documents and folders.
It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform either a Cross-Site Request Forgery (CSRF) forcing an authenticated user to be logged out, or a Cross-Side Scripting (XSS) leading to execution of arbitrary code. It is recommended to upgrade the roundcube packages.
Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The ServiceNow product is affected by a Stored Cross-Site Scripting vulnerability on one of the parameters issued by the client when opening a new Incident Request. By exploiting this vulnerability, an attacker can create a malicious Incident Request which can then be sent out to users in the platform via a direct link to the Request.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-05-05 or later address all of these issues.
A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring (including the quotes) followed immediately by a DOM event listener such as onmouseover. This is fixed in 9.0.0 Patch 2.
A vulnerability has been discovered in JUnit XML launch import starting from version 3.1.0. The XML parser was not configured properly to prevent XML external entity (XXE) attacks. This allows a user to import a specifically-crafted XML file that uses external entities for extraction of secrets from Report Portal service-api module or server-side request forgery. It is recommended to install the latest releases.
A vulnerability was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. LDAP search filters with nested boolean expressions can result in denial of service (slapd daemon crash). It is recommended to upgrade the openldap packages.
A vulnerability has been discovered in SimpliSafe SS3 which is an incomplete fix to TRA-2020-03. An attacker, with physical access, can add PINs without prior knowledge of the PIN. This allows the attacker to disarm the system.
Salt is an open-source remote task and configuration management framework widely used in data centers and cloud servers. SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2. A remote attacker could exploit these vulnerabilities to take control of an affected system.
It has been discovered that there was an integer signedness error in the miniupnpc UPnP client that could allow remote attackers to cause a denial of service attack. It is recommended to upgrade the miniupnpc packages.
Multiple security vulnerabilities have been discovered in the microdns plugin of the VLC media player, which could result in denial of service or potentially the execution of arbitrary code via malicious mDNS packets. It is recommended to upgrade the vlc packages.
Apache OFBiz is vulnerable to Host header injection by accepting arbitrary hosts. It is recommended to upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583.
A vulnerability has been discovered in the CLI of Cisco IOS XE SD-WAN Software that could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
WordPress 5.4 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. It is recommended to upgrade to WordPress 5.4.1.
An invalid pointer access vulnerability has been discovered in Huawei OceanStor 5310 product. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot.
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it results in no response for a long time and there is a memory overflow risk.
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. An integer overflow vulnerability has been discovered in _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c. An update for libtiff is now available for Red Hat Enterprise Linux 8.
The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. A buffer overflow vulnerability has been discovered in function chmd_read_headers(). An update for libmspack is now available for Red Hat Enterprise Linux 8.
GLib provides the core application building blocks for libraries and applications written in C and Intelligent Input Bus (IBus) is an input method framework for multilingual input in Unix-like operating systems. A missing authorization allows local attacker to access the input bus of another user. An update for glib2 and ibus is now available for Red Hat Enterprise Linux 8.
WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Multiple vulnerabilities have been discovered in wavpack that could lead to crashing or Denial of Service. An update for wavpack is now available for Red Hat Enterprise Linux 8.
Irssi is a modular IRC client with Perl scripting. Use after free vulnerability has been discovered in irssi when sending SASL login to server. An update for irssi is now available for Red Hat Enterprise Linux 8.
Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. Multiple vulnerabilities such as Stack-based buffer overflow and Segmentation fault have been discovered in liblouis. An update for liblouis is now available for Red Hat Enterprise Linux 8.
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. Numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib has been discovered in edk2. An update for edk2 is now available for Red Hat Enterprise Linux 8.
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. A memory leak in the create_helper() function in /src/helper.c has been discovered in dnsmasq. An update for dnsmasq is now available for Red Hat Enterprise Linux 8.
Multiple vulnerabilities such as Exposure of Sensitive Information to an Unauthorized Actor, and Improper Input Validation have been discovered in LCDS' Equipment- LAquis SCADA. Successful exploitation of these vulnerabilities could allow unauthorized attackers to view sensitive information and create files in arbitrary locations.
A Stored Cross-Site Scripting (XSS) vulnerability has been discovered in VMware ESXi. A malicious actor with access to modify the system properties of a virtual machine from inside the guest os may be able to inject malicious script which will be executed by a victim's browser when viewing this virtual machine via the ESXi Host Client.
A critical vulnerability has been discovered in Genius Server v. 3.2.2. An authenticated function allows the attacker with administrative privileges to execute arbitrary commands. It is recommended to upgrade to Genius Server version 3.2.8.
Samba has released security updates to address multiple vulnerabilities such as Use-after-free and Denial of Service in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.
re2c is a tool for generating fast C-based recognizers. It has been discovered that re2c could be made to execute arbitrary code if it received a specially crafted file. This vulnerability affects Ubuntu 20.04 LTS releases of Ubuntu and its derivatives.
An unsafe object creation vulnerability has been discovered in ruby-json before 2.3.0. When parsing certain JSON documents, the json gem (including the one bundled with Ruby) can be coerced into creating arbitrary objects in the target system. It is recommended to upgrade the ruby-json packages.
Multiple vulnerabilities such as Path Traversal Recursive Directory Listing and Absolute File Backup Copy have been discovered in Tiny File Manager 2.4.1. Both vulnerabilities are exploitable only while authenticated as a non-readonly user, or while authentication is disabled.
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow.
A SQL injection vulnerability was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone.
It has been discovered that the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue to execute arbitrary code with the privileges of the webserver.
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. An attacker can exploit this vulnerability to inject commands into the httpd.log, read files with 'world' readable file permission or obtain J-Web session tokens. Software releases have been updated to resolve this specific issue.
Google has released Chrome version 81.0.4044.129 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.
It has been discovered that Apache Traffic Server (ATS) is vulnerable to a HTTP/2 slow read attack. The affected versions are ATS 6.0.0 to 6.2.3, ATS 7.0.0 to 7.1.9 and ATS 8.0.0 to 8.0.6.
It has been discovered that it is possible to create a cross site scripting attack on the webarchives of the Mailman mailing list manager, by sending a special type of attachment. It is recommended to upgrade the mailman packages.
Multiple vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. It is recommended to upgrade the php5 packages.
A heap buffer overflow write vulnerability has been discovered in the rzip program (a compression program for large files) when uncompressing maliciously crafted files. It is recommended to upgrade the rzip packages.
It has been discovered that there is a null pointer dereference exploit in libgsf, an I/O abstraction library for GNOME. An error within the "tar_directory_for_file()" function could be exploited to trigger a null pointer dereference and subsequently cause a crash via a crafted TAR file.
It has been discovered that there was a path traversal vulnerability in jsch, a pure Java implementation of the SSH2 protocol. It is recommended to upgrade the jsch packages.
It has been discovered that a NULL pointer dereference could happen in ncmpc, an ncurses-based audio player. This could result in a crash and a denial of service. It is recommended to upgrade the ncmpc packages.
It has been discovered that eog (Eye of GNOME) incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this vulnerability to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code. It is recommended to upgrade the eog packages.
Radicale, a simple calendar and addressbook server - daemon, is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. It is recommended to upgrade the radicale packages.
It was discovered that python-reportlab, a Python library to create PDF documents, is prone to a code injection vulnerability while parsing a color attribute. An attacker can take advantage of this vulnerability to execute arbitrary code if a specially crafted document is processed. It is recommended to upgrade the python-reportlab packages.
Multiple vulnerabilities have been discovered in Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer.
An integer overflow vulnerability has been discovered in QEMU in the way it implemented the ATI VGA emulation. A malicious guest could exploit this vulnerability to crash the QEMU process, resulting in a denial of service.
A remote access vulnerability has been discovered that may allow a remote user to run shell commands on affected systems using HTTP requests to the BIG-IQ user interface. A remote attacker may be able to leverage the Grafana component to run local shell commands on the system.
Multiple vulnerabilities have been discovered in HPE UIoT version 1.4.2 and earlier that could allow unauthorized remote access and access to sensitive data. The versions affected are HPE IOT + GCP 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.
Multiple vulnerabilities such as OS Command Injection, Use of Hard-coded Credentials, Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Cross-site Request Forgery, Information Exposure, and Missing Encryption of Sensitive Data have been discovered in Sierra Wireless' Equipment- AirLink ALEOS. Successful exploitation of these vulnerabilities could allow attackers to remotely execute code, discover user credentials, upload files, or discover file paths.
Due to incorrect buffer handling Squid is vulnerable to multiple vulnerabilities such as cache poisoning, remote execution, and denial of service attacks when processing ESI responses. The affected versions are Squid 3.x - 3.5.28, Squid 4.x - 4.10 and Squid 5.x - 5.0.1. The vulnerabilities have been fixed in Squid 4.11 and Squid 5.0.2.
Due to an integer overflow bug Squid is vulnerable to credential replay and remote code execution attacks against HTTP Digest Authentication tokens. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden.
Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. A HTTP request smuggling vulnerability has been discovered in python-twisted when presented with a Content-Length and a chunked Transfer-Encoding header. An update for python-twisted-web is now available for Red Hat Enterprise Linux 7.
Multiple vulnerabilities in dependent libraries affect IBM Db2 leading to denial of service or privilege escalation. These vulnerabilities affects the Db2 versions V11.1 and V11.5.
The communication between NGINX Controller and NGINX Plus instances skip TLS verification by default. This vulnerability enables a man-in-the-middle (MITM) attack that can intercept the communication channel and read/modify data in transit.
The kernel packages contain the Linux kernel, the core of any Linux operating system. The rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow vulnerability and the offset2lib allows for the stack guard page to be jumped over. An update for kernel is now available for Red Hat Enterprise Linux 6.
An Out-of-Bound Write and Heap Overflow vulnerabilities have been discovered in Apple iOS 13.4.1 and previous versions. These vulnerabilities allows remote code execution capabilities and enables an attacker to remotely infect a device by sending emails that consume significant amount of memory.
Binutils is GNU assembler, linker and binary utilities. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code.
Google has released Chrome version 81.0.4044.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. OpenSSL version 1.1.1g has been released to address the vulnerability affecting versions 1.1.1d, 1.1.1e, and 1.1.1f. An attacker could exploit this vulnerability in a Denial of Service attack.
An Improper Access Control vulnerability has been discovered in Inductive Automation's Equipment- Ignition 8 Gateway. Successful exploitation of this vulnerability could allow an attacker to write endless log statements into the database, which could result in a denial-of-service condition.
The http-parser package provides a utility for parsing HTTP messages. HTTP request smuggling using malformed Transfer-Encoding header has been discovered. An update for http-parser is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.
It has been discovered that Python incorrectly stripped certain characters from requests and incorrectly handled certain HTTP requests. A remote attacker could use these vulnerabilities to perform CRLF injection and cause a denial of service respectively.
The ipfw system facility allows filtering, redirecting, and other operations on IP packets travelling through network interfaces. Incomplete packet data validation may result in accessing out-of-bounds memory or may access memory after it has been freed. Access to out of bounds or freed mbuf data can lead to a kernel panic or other unpredictable results. It is recommended to upgrade the vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot.
It has been discovered that SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack.
HCL AppScan Enterprise Edition contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
An issue has been discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups. It is recommended to upgrade to version 3.9.17.
Multiple vulnerabilities have been discovered in multiple products of Cisco. An attacker could exploit some of these vulnerabilities to take control of an affected system.
A vulnerability has been discovered in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. It is recommended to upgrade the git packages.
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Volume mount race condition with shared mounts led to information leak and integrity manipulation. An update for runc is now available for Red Hat OpenShift Container Platform 4.3.
re2c is a tool for generating C-based recognizers from regular expressions. There is an heap overflow reproducible with a crafted file. The re2c-1.3 version has been affected by this vulnerability.
It has been discovered that there was a path-traversal vulnerability in Apache Shiro, a security framework for the Java programming language. A specially-crafted request could cause an authentication bypass. It is recommended to upgrade the shiro packages.
Due to incorrect URL handling Squid is vulnerable to access control bypass, cache poisoning and cross-site scripting attacks when processing HTTP Request messages. These vulnerabilities have been fixed in Squid 4.8 version.
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. It is recommended to upgrade the file-roller packages.
The Bluetooth BR/EDR specification up to and including version 5.1 in FortiSwitch permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
Apple has released a security update to address vulnerabilities in Xcode. A crafted git URL that contains a newline in it may cause credential information to be provided for the wrong host. A remote attacker could exploit this vulnerability to take control of an affected system. This update is available for macOS Catalina 10.15.2 and later.
A vulnerability has been discovered in the webkit2gtk web engine, a maliciously crafted web content may lead to arbitrary code execution or a denial of service. It is recommended to upgrade the webkit2gtk packages.
TigerVNC is a suite of Virtual Network Computing servers and clients. Multiple vulnerabilities such as Stack use-after-return, Heap buffer overflow and Stack buffer overflow have been discovered in TigerVNC. An update for tigervnc is now available for Red Hat Enterprise Linux 8.
The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. A Buffer overflow vulnerability in read_fru_area_section function in lib/ipmi_fru.c has been discovered. An update for ipmitool is now available for Red Hat Enterprise Linux 7.5 Extended Update Support.
In versions 0.20.0-incubating and Apache Heron does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in remote code execution vulnerabilities. The versions affected are 0.20.2-incubating, 0.20.1-incubating and v-0.20.0-incubating.
The kernel-alt packages provide the Linux kernel version 4.x. Multiple vulnerabilities such as Heap-based overflow, Heap overflow and Null pointer dereference have been discovered in kernel. An update for kernel-alt is now available for Red Hat Enterprise Linux 7.
Vulnerabilities in Veeam ONE Agent components residing on Veeam ONE and Veeam Backup & Replication servers allow executing malicious code remotely without authentication. This may lead to gaining control over the target system.
Multiple vulnerabilities such as Improper Authentication, Information Disclosure, and Denial of Service have been discovered in some Huawei smartphones. Successful exploitation of these vulnerabilities may cause information disclosure, and abnormal service in specific scenario.
Multiple vulnerabilities have been discovered in the IBM HTTP Server used by WebSphere Application Server. Apache HTTP Server could allow a remote attacker to conduct phishing attacks, and execute arbitrary code on the system. An attacker could exploit these vulnerabilities to redirect a victim to arbitrary websites and execute arbitrary code or cause a denial of service condition on the system respectively.
Applications and Services that utilize the FBX-SDK Ver. 2020.0 or earlier can be impacted by buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference, and heap overflow vulnerabilities.
Google has released Chrome version 81.0.4044.113 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.
Multiple vulnerabilities have been discovered in multiple products of Cisco. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been identified within Citrix Hypervisor, which could, if exploited, allow privileged code in a PV guest VM to read a single uninitialized 4kB page of memory (that may contain data left by a previous VM) and also allow privileged code in a guest VM to cause the host to crash. These vulnerabilities affect all currently supported versions of Citrix Hypervisor up to and including Citrix Hypervisor 8.1. Updates have been released to address these issues.
Red Hat CodeReady Workspaces 2.1.0 provides a cloud developer-workspace server and a browser-based IDE built for teams and organizations. JWT proxy bypass allows access to workspace pods of other users. Red Hat CodeReady Workspaces 2.1.0 has been released.
The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. Double-free due to double decompression of sections in crafted ELF causes crash. An update for elfutils is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.
The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. Stack-based buffer overflow vulnerability in ntpq and ntpdc allows denial of service or code execution. An update for NTP is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.
Multiple vulnerabilities such as Authentication Bypass, Authenticated Remote Code Execution, Authenticated Stored Cross Site Scripting and Information Disclosure have been discovered in ClearPass Policy Manager. Successful exploitation of these vulnerabilities could lead to database changes, remote code execution, privilege escalation attack and compromise of some of ClearPass' service accounts respectively.
Oracle has released its Critical Patch Update for April 2020 to address vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This is a security issue because the default "/Uploads" folder is publicly accessible by default, which means unauthorised parties may access the uploaded files via HTTP by guessing the file name.
Multiple vulnerabilities have been discovered in CA API Developer Portal of CA Technologies. These vulnerabilities can allow attackers to bypass access controls, view or modify sensitive information, perform open redirect attacks, or elevate privileges.
A vulnerability has been discovered in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline, the credential helper machinery can be fooled to return credential information for a wrong host. It is recommended to upgrade the git packages.
A vulnerability has been discovered in graphicsmagick, a collection of image processing tools, that results in a heap overflow in 32-bit applications because of a signed overflow on range check in the HuffmanDecodeImage function. It is recommended to upgrade the graphicsmagick packages.
An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user (root) in the Rich Execution Environment (REE) to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The issue is that the Trusted Application (TA) supports an extended number of commands beyond what is needed to implement a fingerprint authentication system compatible with Android.
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Cross Site Scripting (XSS) and Open Redirect vulnerabilities in vRealize Log Insight were discovered. Successful exploitation of this issue may result in a compromise of the victim's workstation.
Multiple vulnerabilities such as Stack-based Buffer Overflow and Out-of-bounds Read were discovered in Eaton's Equipment- HMiSoft VU3 (HMIVU3 runtime not impacted). Successful exploitation of these vulnerabilities could crash the device being accessed and may allow remote code execution or information disclosure.
Stacked-based Buffer Overflow vulnerability has been discovered in Triangle MicroWorks' Equipment- DNP3 Outstation Libraries. Successful exploitation of this vulnerability could possibly allow remote attackers to stop the execution of code on affected equipment.
Multiple vulnerabilities such as Stacked-based Buffer Overflow, Out-of-Bounds Read, and Type Confusion have been discovered in Triangle MicroWorks' Equipment- SCADA Data Gateway. These vulnerabilities allow remote attackers to execute arbitrary code and disclose on affected installations of Triangle Microworks SCADA Data Gateway with DNP3 Outstation channels.
Multiple vulnerabilities have been discovered in multiple products of Siemens. An attacker could exploit some of these vulnerabilities to take control of an affected system.
A remote authenticated authorization bypass vulnerability has been discovered in Wowza Streaming Engine 4.7.8 (build 20191105123929) that allows any read-only user to issue requests to the administration panel in order to change functionality of the application.
From 30 June 2020, Magento will no longer provide software and security updates for Magento 1 e-commerce platform. Affected software include all versions of Magento Commerce 1 and Magento Open Source 1. Websites running on Magento 1 e-commerce platform will continue to function even after the support ends.
Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. WebSphere Application Server Liberty is vulnerable to Cross-site Scripting. Open Liberty 20.0.0.4 Runtime is now available and serves as a replacement for Open Liberty 20.0.0.3.
Mozilla has released security updates to address vulnerabilities in Thunderbird 68.7.0. An attacker could exploit some of these vulnerabilities to take control of an affected system.
It has been discovered that libssh incorrectly handled AES-CTR ciphers. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service.
A sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) was discovered. A malicious actor with network access to an affected vmdir deployment may be able to extract highly sensitive information which could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication.
VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.
Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in Rockwell Automation's Equipment- RSLinx Classic. Successful exploitation of this vulnerability could allow a local authenticated attacker to execute malicious code when opening RSLinx Classic.
IBM WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector.
A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, ACX Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. This issue affects Junos OS 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4.
Multiple information disclosure vulnerabilities in Juniper Networks Junos OS Evolved allow a local, authenticated user with shell access the ability to view sensitive configuration information, such as the hashed values of login passwords and shared secrets. This issue affects Junos OS Evolved.
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. This issue affects Junos OS Evolved and Junos OS 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4, 19.1, 19.2.
A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges.
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows.
Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation allows an attacker to perform brute-force password attacks on the SSH service.
There is an insufficient integrity validation vulnerability in several Huawei products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploitation could allow the attacker to load a crafted file to the device through USB.
The Spamicide module protects Drupal forms with a form field that is hidden from normal users, but visible to spam bots. The module doesn't require appropriate permissions for administrative pages leading to an Access Bypass.
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Crafted requests to kubelet API allowed for memory exhaustion. An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 4.3.
It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Google has released Chrome version 81.0.4044.92 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
A Cross-site Scripting vulnerability has been discovered in HMS Networks' Equipment- eWON Flexy and Cosy. Successful exploitation of this vulnerability could initiate a password change.
A Heap-based Buffer Overflow vulnerability has been discovered in Fuji Electric's Equipment- V-Server Lite. Successful exploitation of this vulnerability could allow a remote attacker to gain elevated privileges for remote code execution.
An Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability has been discovered in KUKA's Equipment- Sim Pro. Successful exploitation of this vulnerability could result in a loss of integrity in external 3D models fetched from remote servers. When tested on real machines, this effect is unpredictable.
Multiple vulnerabilities such as Improper Authentication, Improper Input Validation, Missing Authentication for Critical Function, Improper Check for Unusual or Exceptional Conditions, Exposure of Sensitive Information to an Unauthorized Actor, and Incorrect Default Permissions have been discovered in Synergy Systems & Solutions' Equipment- HUSKY RTU. Successful exploitation of these vulnerabilities could allow an attacker to read sensitive information, execute arbitrary code, or cause a denial-of-service condition.
An Improper Privilege Management vulnerability has been discovered in GE Digital's Equipment- CIMPLICITY. Successful exploitation of this vulnerability could allow an adversary to modify the systemwide CIMPLICITY configuration, leading to the arbitrary execution of code.
Multiple vulnerabilities such as Unrestricted Upload of File with Dangerous Type, SQL Injection, Relative Path Traversal, Missing Authentication for Critical Function, Improper Restriction of XML External Entity Reference, and OS Command Injection have been discovered in Advantech's Equipment- WebAccess/NMS. Successful exploitation of these vulnerabilities may allow an attacker to gain remote code execution, upload files, delete files, cause a denial-of-service condition, and create an admin account for the application.
The krb5-appl packages contain Kerberos-aware versions of telnet, ftp, rsh, and rlogin clients and servers. No bounds checks in nextitem() function allows to remotely execute arbitrary code. An update for krb5-appl is now available for Red Hat Enterprise Linux 6.
The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. An Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate and Key Extraction Side Channel in multiple crypto libraries vulnerabilities have been discovered in nss and ROHNP respectively. An update for nss-softokn is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
Telnet is a popular protocol for logging in to remote systems over the Internet. No bounds checks in nextitem() function allows to remotely execute arbitrary code. An update for telnet is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
A Hard-Coded Administrator Password vulnerability was discovered in OpsRamp Gateway. The OpsRamp Gateway has an administrative account named vadmin that allows root SSH access to the server.
Periscope BuySpeed is a tool to automate the full procure-to-pay process efficiently and intelligently. Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which may allow a local, authenticated attacker to execute arbitrary JavaScript.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-04-05 or later address all of these issues.
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system. The FortiADC version 5.3.4 and below are affected by this vulnerability. It is recommended to upgrade to FortiADC version 5.3.5 or above.
OpenStack Shared Filesystem Service (Manila) provides services to manage network filesystems for use by Virtual Machine instances. An user with share-network UUID is able to show, create and delete shares. An update for openstack-manila is now available for Red Hat OpenStack Platform 15 (Stein).
python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools. A prototype pollution in object's prototype leads to denial of service or remote code execution or property injection vulnerability. An update for python-XStatic-jQuery is now available for Red Hat OpenStack Platform 15 (Stein).
Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
libmtp is a library for communicating with MTP aware devices. An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file and in the ptp-pack.c (ptp_unpack_OPL function) allows attackers to cause a denial of service (out-of-bounds memory access) or remote code execution by inserting a mobile device into a personal computer through a USB cable. It is recommended to upgrade the libmtp packages.
A vulnerability was discovered in the DTLS protocol implementation in GnuTLS, a library implementing the TLS and SSL protocols. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol. It is recommended to upgrade the gnutls28 packages.
Information disclosure vulnerability has been discovered in DotNetNuke CMS (DNN) v.9.5 within the built in Message Center Module. A registered user is able to enumerate any file in the Admin File Manager that is not contained in a secure folder by sending themselves a message with the file attached.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system.
UNC path injection vulnerability has been discovered in Zoom’s video conferencing software for Windows that could let hackers steal Windows passwords and execute arbitrary commands on their devices.
It was discovered that some user-generated CSS selectors in MediaWiki, a website engine for collaborative work, were not escaped. It is recommended to upgrade the mediawiki packages.
Multiple vulnerabilities such as Improper Privilege Management, Missing Required Cryptographic Step, and Path Traversal have been discovered in B&R Automation's Equipment- Automation Studio. Successful exploitation of these vulnerabilities could allow an attacker to delete arbitrary files from this system, fetch arbitrary files, or perform arbitrary write operations.
It has been discovered that qbittorrent, a bittorrent client with a Qt5 GUI user interface, allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, which could result in remote command execution via a crafted name within an RSS feed if qbittorrent is configured to run an external program on torrent completion. It is recommended to upgrade the qbittorrent packages.
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. An Integer overflow vulnerability in UnicodeString::doAppend() has been discovered in nodejs:12. An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.
A critical vulnerability has been discovered in HAProxy’s HTTP/2 HPACK decoder that can be exploited to cause an out-of-bound memory write potentially leading to corruption of data, a crash, or code execution.
Multiple vulnerabilities have been discovered in DrayTek devices which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could result in an attacker executing arbitrary code on the affected system.
A buffer overflow vulnerability has been discovered in some Huawei products. This vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal.
Google has released Chrome version 80.0.3987.162 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
The unzip utility is used to list, test, and extract files from zip archives. An overlapping of files in ZIP container leads to denial of service. An update for unzip is now available for Red Hat Enterprise Linux 7.
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It has been discovered that a multicast DNS responds to unicast queries outside of local network. An update for avahi is now available for Red Hat Enterprise Linux 7.
TagLib is a library for reading and editing the meta-data of different audio formats. It has been discovered that a heap-based buffer over-read via a crafted audio file. An update for taglib is now available for Red Hat Enterprise Linux 7.
The polkit packages provide a component for controlling system-wide privileges. An Improper authorization vulnerability in polkit_backend_interactive_authority_check_authorization function in polkitd has been discovered. An update for polkit is now available for Red Hat Enterprise Linux 7.
Improper Check for Unusual or Exceptional Conditions vulnerability has been discovered in Schneider Electric's Equipment- Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium. Successful exploitation of this vulnerability could result in a denial-of-service condition.
Uncontrolled Resource Consumption vulnerability has been discovered in Mitsubishi Electric's Equipment- MELSEC. Successful exploitation of this vulnerability may render the device unresponsive.
Classic Buffer Overflow vulnerability has been discovered in Hirschmann Automation and Control GmbH's Equipment- HiOS and HiSecOS. Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to overflow a buffer and fully compromise the device.
Protection Mechanism Failure vulnerability has been discovered in Becton, Dickinson and Company's Equipment- Pyxis MedStation and Pyxis Anesthesia (PAS) ES System. The affected BD medical devices utilize a method of software application implementation called “kiosk mode.” This kiosk mode is vulnerable to local breakouts, which could allow an attacker with physical access to bypass kiosk mode and view and/or modify sensitive data.
The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Multiple vulnerabilities such as Local privilege escalation, Manipulation of cupsd.conf and Predictable session cookie have been discovered in CUPS. An update for CUPS is now available for Red Hat Enterprise Linux 7.
The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Multiple vulnerabilities have been discovered in wireshark. An update for wireshark is now available for Red Hat Enterprise Linux 7.
LFTP is a file transfer utility for File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), Hypertext Transfer Protocol (HTTP), and other commonly used protocols. A particular remote file names may lead to current working directory erased. An update for LFTP is now available for Red Hat Enterprise Linux 7.
AdvanceCOMP is a set of recompression utilities for .PNG, .MNG and .ZIP files. An integer overflow vulnerability in png_compress in pngex.cc has been discovered in AdvanceCOMP. An update for advancecomp is now available for Red Hat Enterprise Linux 7.
The texlive packages contain TeXLive, an implementation of TeX for Linux or UNIX systems. A Buffer overflow vulnerability in t1_check_unusual_charstring function in writet1.c has been discovered in texlive. An update for texlive is now available for Red Hat Enterprise Linux 7.
GNOME is the default desktop environment of Red Hat Enterprise Linux. A partial lock screen bypass vulnerability has been discovered in GNOME. An update for GNOME is now available for Red Hat Enterprise Linux 7.
Expat is a C library for parsing XML documents. An Integer overflow vulnerability leading to buffer overflow in XML_GetBuffer() has been discovered in Expat. An update for Expat is now available for Red Hat Enterprise Linux 7.
The rsyslog packages provide an enhanced, multi-threaded syslog daemon. A heap-based overflow vulnerability has been discovered in rsyslog. An update for rsyslog is now available for Red Hat Enterprise Linux 7.
Sphinx (a.k.a. Zloader or Terdot) is a modular malware based on the leaked source code of the infamous Zeus banking trojan and began resurfacing in December 2019. There has been significant increase in volume in March, as Sphinx’s operators looked to take advantage of the interest and news around government relief payments. Sphinx is joining the growing fray of COVID-19-themed phishing and malspam campaigns ramping up worldwide. In the latest campaigns, Sphinx is spreading via coronavirus-themed email sent to victims. Sphinx’s core capability is to harvest online account credentials for online banking sites. When infected users land on a targeted online banking portal, Sphinx dynamically fetches web injections from its command-and-control (C2) server to modify the page that the user sees, so that the information that the user enters into the log-in fields is sent to the cybercriminals.
It has been discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information (kernel memory) or gain administrative privileges.
It has been discovered that Timeshift did not securely create temporary files. An attacker could exploit a race condition in Timeshift and potentially execute arbitrary commands as root.
WebKit2GTK is a web content engine library for GTK+. Multiple vulnerabilities have been discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
The Versiant LYNX Customer Service Portal version 3.5.2 is vulnerable to stored cross-site scripting, which may allow a local, authenticated attacker to execute arbitrary JavaScript.
A vulnerability has been discovered in OTRS, an authenticated user can guess other session IDs based on its own. It is also possible to guess a password reset token or generate an automated password. This issue affects ((OTRS)) Community Edition 5.0.x, 6.0.x and OTRS 7.0.x. It is recommended to upgrade to OTRS 7.0.16, ((OTRS)) Community Edition 6.0.27, 5.0.42.
It was discovered that the BlueZ's HID and HOGP profile implementations don't specifically require bonding between the device and the host. Malicious devices can take advantage of this flaw to connect to a target host and impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source. It is recommended to upgrade the bluez packages.
PostgreSQL is an advanced object-relational database management system (DBMS). Multiple vulnerabilities such as stack-based buffer overflow and missing authorization checks have been discovered in rh-postgresql10-postgresql. An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.
The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. A Buffer overflow vulnerability in read_fru_area_section function in lib/ipmi_fru.c has been discovered. An update for ipmitool is now available for Red Hat Enterprise Linux 7.
Stack-based Buffer Overflow vulnerability has been discovered in Advantech's Equipment- WebAccess. Successful exploitation of this vulnerability may allow remote code execution.
Versions 12.9.1, 12.8.8, and 12.7.8 for GitLab Community Edition (CE) and Enterprise Edition (EE) have been released. These versions contain important security fixes, and it is strongly recommended that all GitLab installations be upgraded to one of these versions immediately.
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Deserialization in snakeyaml YAML() objects can allow remote code execution. An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11.
SVG Image module allows to upload SVG files. The module did not sufficiently protect against malicious code inside SVG files leading to a cross site scripting vulnerability.
An integer overflow vulnerability has been discovered in the International Components for Unicode (ICU) library which could result in denial of service and potentially the execution of arbitrary code. It is recommended to upgrade the icu packages.
Multiple vulnerabilities in SMA were discovered by the Micro Focus Service Management Automation (SMA) R&D Team. These vulnerabilities allow improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.
An improper authentication vulnerability has been discovered in some Huawei smartphones. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploitation could allow the attacker to bypass the authentication to perform unauthorized operations.
Serendipity has released Serendipity 2.3.4, fixing a security flaw that was present on Windows installations only and exploitable only for users with upload rights on the Media library.
A stored XSS vulnerability was discovered in Micro Focus Vibe prior to 4.0.7 which allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser.
DLL Side Loading vulnerability has been discovered in the installer for McAfee Application and Change Control (MACC) prior to 8.3, this allows local users to execute arbitrary code via execution from a compromised folder. It is recommended to install or update to McAfee Application and Change Control (MACC) 8.3 or 8.2.6.
It was discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.
Multiple vulnerabilities such as Path Traversal and Missing Authentication for Critical Function have been discovered in Schneider Electric's Equipment- IGSS (Interactive Graphical SCADA System). Successful exploitation of these vulnerabilities could result in unauthorized access to sensitive data and functions.
Multiple vulnerabilities such as Relative Path Traversal, Incorrect Default Permissions, Inadequate Encryption Strength, Insecure Storage of Sensitive Information, and Stack-based Buffer Overflow have been discovered in VISAM's Equipment- VBASE. Successful exploitation of these vulnerabilities could allow an attacker to read the contents of unexpected files, escalate privileges to system level, execute arbitrary code on the targeted system, bypass security mechanisms, and discover the cryptographic key for the web login.
Adobe has released a security update for the Adobe Creative Cloud Desktop Application for Windows. Successful exploitation could lead to arbitrary file deletion.
Apple has released security updates to address multiple vulnerabilities affecting various Apple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
A memory leak has been discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.
Keijiban Tsumiki provided by Mash room is a CGI to provide Bulletin Board System (BBS) functions. An OS command injection vulnerability has been discovered in Keijiban Tsumiki.
It has been discovered that Vim incorrectly handled certain sources, files and inputs. An attacker could possibly use these vulnerabilities to cause a denial of service or execute arbitrary code.
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. A volume mount race condition with shared mounts leads to information leak/integrity manipulation. An update for runc is now available for Red Hat Enterprise Linux 7 Extras.
Remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. A remote attacker can exploit these vulnerabilities to take control of an affected system.
The devtoolset-8-gcc packages provide the Red Hat Developer Toolset version of GNU Compiler Collection (GCC), as well as related libraries. The POWER9 "DARN" RNG intrinsic produces repeated output. An update for devtoolset-8-gcc is now available for Red Hat Developer Toolset 8 for Red Hat Enterprise Linux.
A denial of service vulnerability (by triggering high CPU consumption) has been discovered in Tor, a connection-based low-latency anonymous communication system. For the stable distribution (buster), this problem has been fixed in version 0.3.5.10-1.
All versions of lix are vulnerable to Machine-In-The-Middle. The package accepts downloads with http and follows location header redirects for package downloads. This allows for an attacker in a privileged network position to intercept a lix package installation and redirect the download to a malicious source.
An SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results. The attack requires an attacker be able to insert specially-crafted data in to certain database tables, which when retrieved can trigger the XSS attack.
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. It is recommended to upgrade the rails packages.
An unsafe object creation vulnerability has been discovered in the json gem bundled with Ruby. When parsing certain JSON documents, the json gem (including the one bundled with Ruby) can be coerced into creating arbitrary objects in the target system.
It was discovered that Twisted incorrectly validated URLs or HTTP methods, incorrectly verified XMPP TLS certificates, incorrectly handled HTTP/2 connections and incorrectly handled certain content-length headers. A remote attacker could use these issues to perform header injection attacks, obtain sensitive information, lead to denial of service and perform HTTP request splitting attacks respectively.
A missing NUL-termination check for the jail_set(2) configuration option "osrelease" may return more bytes when reading the jail configuration back with jail_get(2) than were originally set. For jails with a non-default setting of children.max > 0 ("nested jails") a superuser inside a jail can create a jail and may be able to read and take advantage of exposed kernel memory.
The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. An insecure dropping of privileges when unsetting PRIVILEGED option vulnerability has been discovered in zsh. An update for zsh is now available for Red Hat Enterprise Linux 8.
Cross-site Scripting vulnerability has been discovered in Systech Corporation's Equipment- NDS-5000 Terminal Server. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution.
Improper Access Control vulnerability has been discovered in Insulet's Equipment- Omnipod Insulin Management System. Successful exploitation of this vulnerability may allow an attacker to gain access to the affected products to intercept, modify, or interfere with the wireless RF (radio frequency) communications to or from the product. This may allow attackers to read sensitive data, change pump settings, or control insulin delivery.
Google has released Chrome version 80.0.3987.149 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
Cisco has released security updates to address multiple vulnerabilities in SD-WAN Solution software. An attacker could exploit these vulnerabilities to take control of an affected system.
Drupal has released security updates to address vulnerabilities affecting Drupal 8.7.x and 8.8.x. An attacker could exploit these vulnerabilities to take control of an affected system.
A Pakistani-linked threat actor, APT36, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. The functionalities of the Crimson RAT include stealing credentials from victims’ browsers, capturing screenshots, collecting anti-virus software information, and listing the running processes, drives and directories from victim machines. The use of such data exfiltration capabilities are common for APT36 (also known as Transparent Tribe, ProjectM, Mythic Leopard, and TEMP.Lapis), active since 2016.
Multiple vulnerabilities such as Stack-based Buffer Overflow and Out-of-bounds Read have been discovered in Delta Electronics' Equipment- Delta Industrial Automation CNCSoft ScreenEditor. Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or crash the application.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Remote Code Execution (RCE) vulnerability has been discovered in CMS Made Simple 2.2.13, it is vulnerable using crafted JPG extension files through the Filemanager.
Multiple vulnerabilities have been discovered in Trend Micro Worry-Free Business Security. An attacker could exploit these vulnerabilities to take control of an affected system.
It was discovered that there was a buffer overflow vulnerability in slirp, a SLIP/PPP emulator for using a dial up shell account. This was caused by the incorrect usage of return values from snprintf(3). It is recommended to upgrade the slirp packages.
VMware Workstation and Fusion contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.
Improper Access Control vulnerability has been discovered in Rockwell Automation's Equipment- Allen-Bradley Stratix 5950. Successful exploitation of this vulnerability could allow an attacker to write a modified image to the component.
Trend Micro has released an updated version of Trend Micro Password Manager 5.0 (Windows) that resolves a DLL hijacking vulnerability in both the standalone version of the product and the versions packed with the latest version of Trend Micro Security (Consumer).
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of FortiSIEM could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.
Data collection analyzer MELQIC IU1 series provided by Mitsubishi Electric Corporation contain multiple vulnerabilities in TCP/IP function included in the firmware. By receiving a packet which is specially crafted by an attacker, the network functions of the products may be stopped or malware may be executed.
An out-of-bounds read vulnerability has been discovered in some Huawei products. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products.
Apache ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type by using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE. An attacker can use untrusted data to fill in the DataSource Config after login the sharding-ui.
TIBCO Spotfire Server Script Trust Problem exposes remote code execution vulnerability. This vulnerability allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes.
Improper access control vulnerability in the subsystem for Intel(R) Smart Sound Technology may allow an authenticated user to potentially enable escalation of privilege via local access.
Puppet Server and PuppetDB may leak sensitive information via metrics API. PE 2018.1.13 & 2019.4.0, Puppet Server 6.9.1 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default.
Multiple vulnerabilities have been discovered in various Siemens' Equipment. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Improper Restriction of XML External Entity Reference and Improper Input Validation vulnerabilities have been discovered in Johnson Controls' Equipment- Metasys and EntraPass. Successful exploitation of these vulnerabilities can allow a denial-of-service attack or disclosure of sensitive data and malicious code execution with system-level privileges respectively.
Multiple vulnerabilities such as Use of Hard-coded Cryptographic Key, Use of a Broken or Risky Algorithm for Password Protection, Use of Client-Side Authentication and Cleartext Storage of Sensitive Information have been discovered in Rockwell Automation's Equipment- MicroLogix 1400 Controllers, MicroLogix 1100 Controllers, and RSLogix 500 Software. Successful exploitation of these vulnerabilities could allow an attacker to gain access to sensitive project file information including passwords.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Potential security vulnerabilities in Intel Graphics Drivers may allow escalation of privilege, denial of service and/or information disclosure. Intel has released software updates to mitigate these potential vulnerabilities.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
A Stored XSS vulnerability has been discovered in Ramp Altimeter that allows a malicious user to store arbitrary JavaScript payloads on the application server.
An unauthenticated remote code execution vulnerability was discovered in ManageEngine Desktop Central. This vulnerability could allow remote attackers to execute arbitrary code on affected installations of Desktop Central. Authentication is not required to exploit this vulnerability. It is recommended to update to the latest version.
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. An attacker may exploit this vulnerability to perform an HTTP request smuggling attack.
NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, escalation of privileges, or information disclosure.
Multiple vulnerabilities such as Information Exposure Through Sent Data, Buffer Access with Incorrect Length Value, Missing Authentication for Critical Function, and Classic Buffer Overflow have been discovered in WAGO's Equipment- I/O-CHECK Series PFC100 and Series PFC200. Successful exploitation of these vulnerabilities could allow an attacker to change settings, delete the application, run remote code, cause a system crash, cause a denial-of-service condition, revert to factory settings, and overwrite MAC addresses.
Waitress is a pure Python WSGI server which supports HTTP/1.0 and HTTP/1.1. Multiple vulnerabilities have been discovered in python-waitress. An update for python-waitress is now available for Red Hat OpenStack Platform 15 (Stein).
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. HTTP/1.1 headers with a space before the colon led to filter bypass or request smuggling. An update for ose-installer-artifacts-container and ose-installer-container is now available for Red Hat OpenShift Container Platform 4.2.
It was discovered that there was an out-of-bounds write vulnerability in pdfresurrect, a tool for extracting or scrubbing versioning data from PDF documents. It is recommended to upgrade the pdfresurrect packages.
A vulnerability in the handling of HTTP sessions within Wing FTP Server allows any local user to escalate privileges to root on Linux, MacOS, and Solaris. Exploitation is contingent on an already-established administrative session.
pppd (Point to Point Protocol Daemon) versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol (EAP) packet processing in eap_request and eap_response subroutines.
A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device.
Critical cross site scripting vulnerability has been discovered in Drupal SVG Formatter. This vulnerability is mitigated by the fact that an attacker must be able to upload SVG files. It is recommended to upgrade the SVG Formatter module for Drupal 8.x to SVG Formatter 8.x-1.12.
Insufficient data validation vulnerability has been discovered in the open-source project for YubiKey Validation Server. This issue potentially affects developers, partners, and customers who have used a YubiKey Validation Server to build a self-hosted one-time password (OTP) validation service. The default configuration of the service only exposes the verify API, which could allow an attacker to perform a denial of service, potentially preventing legitimate authentications.
Google has released Chrome version 80.0.3987.132 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
It was discovered that there was an issue where incorrect default permissions on a HTTP cookie store could have allowed local attackers to read private credentials in libzypp, a package management library that powers applications. It is recommended to upgrade the libzypp packages.
The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. OOB heap access via an unexpected response of iSCSI Server vulnerability was discovered. An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.
Uncontrolled Resource Consumption vulnerability has been discovered in Omron's Equipment- PLC CJ Series. Successful exploitation of this vulnerability could cause a denial-of-service condition.
Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in Phoenix Contact's Equipment- Emalytics Controller ILC 2050 BI(L). Successful exploitation of this vulnerability could allow an attacker to change the device configuration and start or stop services.
Improper Access Control vulnerability has been discovered in Emerson's Equipment- ValveLink. Successful exploitation of this vulnerability could allow arbitrary code execution.
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple vulnerabilities have been discovered in Ruby. An update for ruby is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.
Multiple vulnerabilities have been discovered in kernel. An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support.
The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices (Google devices). For Google devices, security patch levels of 2020-03-05 or later address all issues in this bulletin and all issues in the March 2020 Android Security Bulletin.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-03-05 or later address all of these issues.
A vulnerability in the implementation of the wireless egress packet processing of certain Broadcom Wi-Fi chipsets has been discovered. Multiple Cisco wireless products are affected by this vulnerability. This vulnerability could allow an unauthenticated, adjacent attacker to decrypt Wi-Fi frames without the knowledge of the Wireless Protected Access (WPA) or Wireless Protected Access 2 (WPA2) Pairwise Temporal Key (PTK) used to secure the Wi-Fi network.
An use-after-free flaw in the memory pool allocator in ProFTPD, a powerful modular FTP/SFTP/FTPS server, has been discovered. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code. It is recommended to upgrade proftpd-dfsg packages.
Multiple vulnerabilities such as Cross-site Request Forgery, Improper Neutralization of HTTP Headers for Scripting Syntax, and Use of Obsolete Function have been discovered in Honeywell's Equipment- WIN-PAK. Successful exploitation of these vulnerabilities allows an attacker to perform remote code execution.
Google has released Chrome version 80.0.3987.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
OpenSMTPD has released version 6.6.4p1 to address a critical vulnerability. A remote attacker could exploit this vulnerability to take control of an affected server.
It has been discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification. It is recommended to upgrade the python-pysaml2 packages.
KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. Certain environment variables interpreted as arithmetic expressions on startup, lead to code injection vulnerability. An update for ksh is now available for Red Hat Enterprise Linux 8.
Multiple vulnerabilities such as Cleartext Transmission of Sensitive Information, Origin Validation Error, Use of Hard-coded Credentials, Weak Password Recovery Mechanism for Forgotten Password, and Weak Password Requirements have been discovered in various Equipments- RP 210E Remote Panels, DCU 210E Control Units, and Marine Observer Pro (Android App). Successful exploitation of these vulnerabilities could allow a remote attacker to gain root access to the underlying operating system of the device and may allow read/write access.
Multiple vulnerabilities such as Authentication Bypass by Capture-replay and Path Traversal have been discovered in Honeywell's Equipment- NOTI-FIRE-NET Web Server (NWS-3). Successful exploitation of these vulnerabilities could result in an attacker bypassing web server authentication methods.
Deserialization of Untrusted Data vulnerability has been discovered in Rockwell Automation's Equipment- FactoryTalk Diagnostics. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM level privileges.
Improper Authorization vulnerability has been discovered in B&R Industrial Automation GmbH's Equipment- Automation Studio and Automation Runtime. Successful exploitation of this vulnerability may allow a remote attacker to modify the configuration of affected devices.
Adobe has released an update for Adobe After Effects and Media Encoder. This update resolves a critical out-of-bounds write vulnerability that could lead to arbitrary code execution in the context of the current user.
Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Google has released Chrome version 80.0.3987.116 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
Heap-based Buffer Overflow vulnerability has been discovered in Emerson's Equipment- OpenEnterprise SCADA Server. Successful exploitation of this vulnerability could allow an attacker to execute code on an OpenEnterprise SCADA Server.
Improper Privilege Management vulnerability has been discovered in Honeywell's Equipment- INNCOM INNControl 3. Successful exploitation of this vulnerability could allow an attacker to escalate user privileges within the INNControl application.
Improper Input Validation vulnerability has been discovered in Spacelabs' Equipment- Xhibit Telemetry Receiver. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system.
Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Injection, and Null Pointer Dereference have been discovered in various Equipments- OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River. Successful exploitation of these vulnerabilities could allow remote code execution.
Protection Mechanism Failure vulnerability has been discovered in GE's Equipment- Ultrasound Products. The affected GE Healthcare ultrasound devices utilize a method of software application implementation called “Kiosk Mode.” This Kiosk Mode is vulnerable to local breakouts, which could allow an attacker with physical access to gain access to the operating system of affected devices.
Db2 is vulnerable to denial of service. Db2 could allow an attacker to send specially crafted packets to the Db2 server to cause excessive memory usage and cause Db2 to terminate abnormally.
It has been discovered that ClamAV, an antivirus software, was susceptible to a denial of service attack by unauthenticated users via inefficient MIME parsing of especially crafted email files.
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Multiple vulnerabilities such as command injection, disclosure of uninitialized memory and buffer overflow have been discovered in evince, a simple multi-page document viewer.
An Insufficient Verification of Data Authenticity vulnerability in FortiManager may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
Improper Check for Unusual or Exceptional Conditions vulnerability has been discovered in Schneider Electric's Equipment- Magelis HMI Panel. Successful exploitation of this vulnerability could allow a denial-of-service condition.
Improper Check for Unusual or Exceptional Conditions and Improper Access Control vulnerabilities have been discovered in Schneider Electric's Equipment- Modicon BMXNOR0200H. Successful exploitation of these vulnerabilities could allow remote code execution or cause a denial-of-service condition.
An out-of-bound read vulnerability has been discovered in Huawei Firewall products that the IPSec module does not validate a field in a specific message. Attackers can exploit this vulnerability to send malformed message to cause out-of-bound read, compromising normal service.
A denial-of-service (DoS) vulnerability has been discovered in Palo Alto Networks GlobalProtect software running on Mac OS. This vulnerability allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.
Missing XML validation vulnerability has been discovered in the PAN-OS web interface on Palo Alto Networks PAN-OS software. This vulnerability allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6.
Denial of service via an algorithmic complexity attack on email address parsing has been discovered in libemail-address-list-perl. It is recommended to upgrade the libemail-address-list-perl packages.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes. It is recommended to upgrade the openjdk-8 packages.
A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM. This security update addresses the vulnerability by correcting how Microsoft Exchange creates the keys during install.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to gain escalation of privileges.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Unrestricted Upload of File with Dangerous Type and Cross-site Scripting vulnerabilities have been discovered in Digi International's Equipment- ConnectPort LTS 32 MEI. Successful exploitation of these vulnerabilities could limit system availability.
Multiple vulnerabilities have been discovered in multiple products of Siemens. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Improper Authentication and Improper Input Validation vulnerabilities have been discovered in Synergy Systems & Solutions' Equipment- HUSKY RTU. Successful exploitation of these vulnerabilities could allow an attacker to read sensitive information, execute arbitrary code, or cause a denial-of-service condition.
The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Insufficient encoding checks for LZ can cause different integer/buffer overflows.
It has been discovered that libykpiv, a supporting library of the Yubico PIV Tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager.
It has been discovered that libexif incorrectly handled certain files. An attacker could possibly exploit these vulnerabilities to access sensitive information, cause a denial of service or execute arbitrary code.
A system command injection vulnerability has been discovered in FortiAP. This vulnerability in FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.
It has been discovered that Qt incorrectly handled certain PPM images, text files and incorrectly searched for plugins and libraries in the current working directory. A remote attacker could exploit these vulnerabilities to cause a denial of service and execute arbitrary code on an affected system.
An out-of-bounds write vulnerability due to an integer overflow has been reported in libexif, a library to parse exif files. This flaw might be leveraged by remote attackers to cause denial of service, or potentially execute arbitrary code via crafted image files.
It has been discovered that HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access multiple remote vulnerabilities including information disclosure, or denial of service.
A new loader type has been identified that takes advantage of the wlanAPI interface to
enumerate all Wi-Fi networks in the area, and then attempts to spread to these networks,
infecting all devices that it can access in the process.
It has been reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library.
CDP supported devices are vulnerable to heap overflow in Cisco IP Cameras (CVE-2020-3110),
stack overflow in Cisco VoIP devices (CVE-2020-3111), a format string stack overflow vulnerability (CVE-2020-3118),
stack overflow and arbitrary write (CVE-2020-3119), and a resource exhaustion denial-of-service vulnerability (CVE-2020-3120)
in Cisco NX-OS switches and Cisco IOS XR Routers, among others. These vulnerabilities could allow an attacker on the
local network to execute code or cause a denial of service.
Multiple vulnerabilities have been discovered in CA Unified Infrastructure Management (Nimsoft / UIM) of CA Technologies, a Broadcom Company. These vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code or commands, read from or write to systems, or conduct denial of service attacks.
Insufficiently Protected Credentials vulnerability has been discovered
in AutomationDirect's Equipment- C-More Touch Panels EA9 Series. Successful
exploitation of this vulnerability may allow an attacker to get account
information such as usernames and passwords, obscure or manipulate process data, and lock out access to the device.
It has been discovered that Django incorrectly handled input in the PostgreSQL module.
A remote attacker could possibly use this to perform SQL injection attacks.
It has been discovered that GraphicsMagick incorrectly handled certain image files.
An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Symantec has released updates to address issues that were discovered in the Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Small Business Edition (SEP SBE) products.
An Uncontrolled Resource Consumption vulnerability has been
discovered in multiple products of Fortiguard. This vulnerability
could allow an attacker to cause web service portal denial of
service (DoS) via handling special crafted HTTP requests/responses in pieces slowly.
Sudo incorrectly handled memory operations when the pwfeedback
option is enabled. A local attacker could possibly use this issue
to obtain unintended access to the administrator account.
Cosminexus Developer's Kit for Java and Hitachi Developer's Kit for Java
contain the following vulnerabilities: CVE-2020-2583, CVE-2020-2590, CVE-2020-2593,
CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2655, CVE-2020-2659.
Memory mismanagement vulnerability has been discovered in QEMU 4.2.0.
This vulnerability can cause a heap-based buffer overflow or other
out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
A vulnerability has been discovered in OpenSMTPD.
An incorrect check allows an attacker to trick mbox delivery into executing arbitrary
commands as root and lmtp delivery into executing arbitrary commands as an unprivileged user.
Multiple vulnerabilities have been discovered in the stream-tcp code of the intrusion
detection and prevention tool Suricata. These vulnerabilities can cause to bypass any
tcp based signature by either faking a closed TCP session using an evil server or
overlapping a TCP segment with a fake FIN packet.
Cisco has released security updates to address multiple vulnerabilities
affecting the web UI of Cisco Small Business Switches. These vulnerabilities
could allow an unauthenticated, remote attacker to access sensitive device
information and cause a denial of service condition on an affected device.
Multiple vulnerabilities have been discovered in the WebKitGTK+ Web and JavaScript engines.
A remote attacker could exploit a variety of issues related to web browser security, including
cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Multiple vulnerabilities have been discovered in Linux Kernel.
A local attacker could use these vulnerabilities to expose sensitive
information, gain administrative privileges and could possibly use this to cause a denial of service.
Apple has released security updates to address vulnerabilities in multiple products.
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Unprotected Storage of Credentials, Improper Input Validation, Use of Hard-coded Credentials,
Missing Authentication for Critical Function, Unrestricted Upload of File with Dangerous Type
and Inadequate Encryption Strength vulnerabilities have been discovered in GE's equipments - CARESCAPE
Telemetry Server, ApexPro Telemetry Server, CARESCAPE Central Station (CSCS) and Clinical Information
Center (CIC) systems, CARESCAPE B450, B650, B850 Monitors.
Multiple vulnerabilities were identified in Cisco products.
A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, disclose sensitive information,
and bypass security restriction on the targeted system.
OpenSLP is an open source implementation of the Service Location Protocol (SLP).
Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c may lead to remote code execution.
The libarchive programming library can create and read several different streaming archive formats,
including GNU tar, cpio, and ISO 9660 CD-ROM images. Use-after-free vulnerability has been discovered
in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry.
Multiple vulnerabilities have been found in zlib. An attacker could use
this issue to cause zlib to crash, resulting in a denial of service, or
arbitrary code execution.
It was discovered that GraphicsMagick incorrectly handled certain image files.
An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Deserialization of Untrusted Data and SQL Injection vulnerabilities have been discovered
in Honeywell's equipments - MAXPRO VMS & NVR. Successful exploitation of these vulnerabilities
could result in elevation of privileges, cause a denial-of-service condition, or allow unauthenticated remote code execution.
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba.
An attacker could exploit one of these vulnerabilities to take control of an affected system.
Red Hat JBoss Enterprise Application Platform 7.2.6 released
security update which is now available for Red Hat Enterprise Linux 6, Linux 7 and Linux 8.
It was discovered that Sysstat incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or execute arbitrary code.
A vulnerability has been found in the handling of chunked HTTP in openconnect,
an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN.
A malicious HTTP server (after having accepted its identity certificate),
can provide bogus chunk lengths for chunked HTTP encoding and cause a heap-based buffer overflow.
Multiple vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service,
incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
Microsoft has released a security advisory to address a critical vulnerability in Internet Explorer.
A remote attacker could exploit this vulnerability to take control of an affected system.
Google has released Chrome version 79.0.3945.130 for Windows, Mac, and Linux.
This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
Improper Check for Unusual or Exceptional Conditions vulnerability has been discovered in
Schneider Electric's Equipments- Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium.
Successful exploitation of this vulnerability could result in a denial-of-service condition.
Multiple vulnerabilities have been discovered in Cisco Data Center Network Manager (DCNM).
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
A use of hard-coded cryptographic key vulnerability in
FortiSIEM may allow a remote unauthenticated attacker to obtain
SSH access to the supervisor as the restricted user "tunneluser" by
leveraging knowledge of the private key from another installation or a firmware image.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software.
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Intel has released security updates to address vulnerabilities in multiple products.
An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges.
Adobe has released security updates to address vulnerabilities in Illustrator CC and Experience Manager.
An attacker could exploit some of these vulnerabilities to take control of an affected system.
VMware has released a security update to address a vulnerability in VMware Tools.
An attacker could exploit this vulnerability to take control of an affected system.
Oracle has released its Critical Patch Update for January 2020 containing 334 new security patches
to address vulnerabilities across multiple products.
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Multiple vulnerabilities have been discovered in multiple products of Siemens.
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Improper Access Control, Cross-site Request Forgery (CSRF), Cross-site Scripting
and Inclusion of Sensitive Information in Log Files vulnerabilities have been
found in OSIsoft LLC's equipment- PI Vision. Successful exploitation of these
vulnerabilities may allow disclosure of sensitive information and limit the availability of the system.
Improper Input Validation vulnerability has been found in GE/Emerson's equipment- PACSystems RX3i.
Successful exploitation of this vulnerability could cause the system to change to halt-mode,
resulting in a denial-of-service condition.
Multiple vulnerabilities have been discovered in SpamAssassin- Perl-based spam filter using text analysis.
SpamAssassin incorrectly handled certain messages and certain CF files which may cause denial of service
and arbitrary code execution respectively.
A vulnerability has been discovered in Libgcrypt which affects the releases of Ubuntu and its derivatives.
It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use
this attack to recover sensitive information.
A vulnerability has been discovered in nginx which affects the releases of Ubuntu and its derivatives.
A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and
access resources contrary to expectations.
USN-4047-1 fixed a vulnerability in libvirt-Libvirt virtualization toolkit.
This update provides the corresponding update for Ubuntu and its derivatives: Ubuntu 14.04 ESM.
Multiple vulnerabilities have been discovered in the Xen hypervisor,
which could result in denial of service, guest-to-host privilege escalation or information leaks.
A Hard-coded password vulnerability has been discovered in the FortiSIEM database component
that may allow attackers to access the device database via the use of static credentials.
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird.
An attacker could exploit these vulnerabilities to take control of an affected system.
A hook script of ldm, the display manager for the Linux Terminal Server Project
incorrectly parsed responses from an SSH server which could result in local root privilege escalation.
A security issue was discovered in ntpq and ntpdc that incorrectly handled some arguments.
An attacker could possibly use this issue to cause ntpq or ntpdc to crash, execute arbitrary code, or escalate to higher privileges.
A hook script of ldm, the display manager for the Linux Terminal Server Project,
incorrectly parsed responses from an SSH server, which could result in local root privilege escalation.
Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products.
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
A sensitive information disclosure vulnerability has been discovered
in the VMware Workspace ONE SDK. Updates are available to address this vulnerability in affected VMware products.
Cisco has released security updates to address vulnerabilities in Cisco Webex Video Mesh,
Cisco IOS, and Cisco IOS XE Software. A remote attacker could exploit these vulnerabilities
to take control of an affected system.
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR.
An attacker could exploit this vulnerability to take control of an affected system.
A vulnerability has been discovered in the web-based GUI of Cisco IP Phone 6800, 7800,
and 8800 Series with Multiplatform Firmware that could allow an authenticated,
remote attacker to conduct a Cross-Site Scripting (XSS) attack against a user
of the web-based interface of an affected system.
Multiple vulnerabilities have been discovered in Wordpress, a web blogging tool.
An attacker could exploit these vulnerabilities to perform various Cross-Site Scripting (XSS)
and Cross-Site Request Forgery (CSRF) attacks, create open redirects, poison cache, and
bypass authorization access and input sanitation.
Google has released security updates for Chrome version 79.0.3945.117 for Windows,
Mac, and Linux. This version addresses a vulnerability that an attacker could exploit
to take control of an affected system.
Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow,
Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer,
Race Condition, Argument Injection, and Null Pointer Dereference have been discovered in
different Equipments- OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON,
ZebOS by IP Infusion, and VxWorks by Wind River. Successful exploitation of these
vulnerabilities could allow remote code execution.
Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privilege escalation vulnerability,
which is a type of issue whereby an attacker may attempt to compromise the software application
to gain elevated access to resources that are normally protected from an application or user.
Multiple vulnerabilities referred to as Dragonblood have been discovered in FortiGuard's
product- FortiOS, FortiAP-S/W2, Meru AP and Meru Controller. Dragonblood vulnerabilities
exists in WiFi WPA3 standard implementations that can cause password leak,
denial of service or authorization bypass.
Multiple vulnerabilities have been identified in GitLab, a remote
attacker could exploit some of these vulnerabilities to trigger
denial of service, security restriction bypass and sensitive information disclosure on the targeted system.
Multiple vulnerabilities have been discovered in IBM's Equipment.
An attacker could exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities such as Authentication Bypass, SQL Injection, Path Traversal, Command Injection,
Read Access, and Unauthorised Access have been discovered in Cisco Data Center Network Manager (DCNM).
An attacker could exploit these vulnerabilities to take control of an affected system.
