Vulnerability Detection Pipeline (Beta)

Upcoming and New QIDs

Browse, filter by detection status, or search by CVE to get visibility into upcoming and new detections (QIDs) for all severities.

This is a public beta. We welcome your feedback.

Detection Status

  • Under investigation: We are researching a detection and will publish one if it is feasible.
  • In development: We are coding a detection and will typically publish it within a few days.
  • Recently published: We have published the detection on the date indicated, and it will typically be available in the KnowledgeBase on shared platforms within a day.

Non-Qualys customers can audit their network for all published vulnerabilities by signing up for a Qualys Free Trial or Qualys Community Edition.

170 results
CVE
Title
Severity
  • CVE-2020-0404+
    Under Investigation

    SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2020:3544-1)

    Severity
    Critical4
    Qualys ID
    174407
    Date Published
    November 27, 2020
    Vendor Reference
    SUSE-SU-2020:3544-1
    CVE Reference
    CVE-2020-0404, CVE-2020-0427, CVE-2020-0430, CVE-2020-0431, CVE-2020-0432, CVE-2020-12351, CVE-2020-12352, CVE-2020-14351, CVE-2020-14381, CVE-2020-14390, CVE-2020-16120, CVE-2020-2521, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25641, CVE-2020-25643, CVE-2020-25645, CVE-2020-25656, CVE-2020-25668, CVE-2020-25704, CVE-2020-25705, CVE-2020-26088, CVE-2020-27673, CVE-2020-27675, CVE-2020-8694
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Server for SAP 12-SP4

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3544-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3544-1
  • CVE-2020-0404+
    Under Investigation

    SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2020:3532-1)

    Severity
    Critical4
    Qualys ID
    174406
    Date Published
    November 27, 2020
    Vendor Reference
    SUSE-SU-2020:3532-1
    CVE Reference
    CVE-2020-0404, CVE-2020-0427, CVE-2020-0430, CVE-2020-0431, CVE-2020-0432, CVE-2020-12351, CVE-2020-12352, CVE-2020-14351, CVE-2020-14381, CVE-2020-14390, CVE-2020-16120, CVE-2020-2521, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25641, CVE-2020-25643, CVE-2020-25645, CVE-2020-25656, CVE-2020-25668, CVE-2020-25704, CVE-2020-25705, CVE-2020-26088, CVE-2020-27673, CVE-2020-27675, CVE-2020-8694
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Module for Live Patching 15

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3532-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3532-1
  • CVE-2020-0556
    Under Investigation

    SUSE Enterprise Linux Security Update for bluez (SUSE-SU-2020:3516-1)

    Severity
    Critical4
    Qualys ID
    174405
    Date Published
    November 27, 2020
    Vendor Reference
    SUSE-SU-2020:3516-1
    CVE Reference
    CVE-2020-0556
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    SUSE has released security update for bluez to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Software Development Kit 12-SP5
    SUSE Linux Enterprise Server for SAP 12-SP4
    SUSE Linux Enterprise Server for SAP 12-SP3
    SUSE Linux Enterprise Server for SAP 12-SP2
    SUSE Linux Enterprise Server 12-SP5

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3516-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3516-1
  • In Development

    EOL/Obsolete OS: Microsoft Windows 10 Version 1709 End Of Life (EOL)

    Severity
    Urgent5
    Qualys ID
    105941
    Vendor Reference
    Windows 10 1709 EOL
    CVSS Scores
    Base 8.1 / Temporal 7.4
    Description
    The host is running Microsoft Windows 10 Version 1709.
    Microsoft plans to end support for Windows 10, version 1709, for Home, Pro, Pro Education, Pro for Workstations, and IoT Core edition.
    It reached the end of servicing on April 9, 2019.

    QID Detection Logic:
    This QID detects vulnerable versions of Windows 10 1709 post authentication.

    Consequence
    The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks.

    Solution
    N/A

  • CVE-2020-4739
    In Development

    IBM DB2 Arbitrary Code Execution Vulnerability

    Severity
    Critical4
    Qualys ID
    374332
    Vendor Reference
    6370023
    CVE Reference
    CVE-2020-4739
    CVSS Scores
    Base / Temporal
    Description
    DB2 is a family of data management products, including database servers, developed by IBM.

    IBM DB2 on Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client.

    Affected Versions:
    All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on Windows are affected.

    QID Detection Logic: Authenticated (DB2):
    This QID queries the DB2 server to get the server version and fix pack level and checks to see if it's vulnerable.

    Consequence
    An attacker could exploit this vulnerability to execute arbitrary code on the system.

    Solution

    Please refer to the following link CVE-2020-4739 for more details.

    Patches
    6370023
  • CVE-2016-8523
    In Development

    HPE Smart Storage Administrator Remote Code Execution Vulnerability

    Severity
    Critical4
    Qualys ID
    374330
    Vendor Reference
    c05382349
    CVE Reference
    CVE-2016-8523
    CVSS Scores
    Base 8.8 / Temporal 7.9
    Description
    HPE SSA is the main tool for configuring arrays on Smart Array controllers.

    HPE Smart Storage Administrator is prone to Remote Code Execution Vulnerability(CVE-2016-8523) .

    Affected Products:
    HPE SSA prior to 2.60.18.0. QID Detection Logic:
    This QID checks Windows Registry to see if it is running a vulnerable version.

    Consequence
    Successful exploitation of the vulnerability can lead to arbitrary code execution.
    Solution
    Please refer to the c05382349
    Patches
    c05382349
  • CVE-2020-26950
    In Development

    Red Hat Update for thunderbird (RHSA-2020:5146)

    Severity
    Critical4
    Qualys ID
    238890
    Vendor Reference
    RHSA-2020:5146
    CVE Reference
    CVE-2020-26950
    CVSS Scores
    Base / Temporal
    Description
    Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 78.4.3.

    Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)

    Affected Products :

    Red Hat Enterprise Linux for x86_64 8 x86_64
    Red Hat Enterprise Linux for Power, little endian 8 ppc64le
    Red Hat Enterprise Linux for ARM 64 8 aarch64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:5146 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:5146
  • CVE-2020-26950
    In Development

    Red Hat Update for thunderbird (RHSA-2020:5162)

    Severity
    Critical4
    Qualys ID
    238889
    Vendor Reference
    RHSA-2020:5162
    CVE Reference
    CVE-2020-26950
    CVSS Scores
    Base / Temporal
    Description
    Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 78.4.3.

    Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)

    Affected Products :

    Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
    Red Hat Enterprise Linux Server - AUS 8.2 x86_64
    Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
    Red Hat Enterprise Linux Server - TUS 8.2 x86_64
    Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
    Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
    Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:5162 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:5162
  • CVE-2020-26950
    In Development

    Red Hat Update for thunderbird (RHSA-2020:5163)

    Severity
    Critical4
    Qualys ID
    238888
    Vendor Reference
    RHSA-2020:5163
    CVE Reference
    CVE-2020-26950
    CVSS Scores
    Base / Temporal
    Description
    Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 78.4.3.

    Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)

    Affected Products :

    Red Hat Enterprise Linux Server 7 x86_64
    Red Hat Enterprise Linux Workstation 7 x86_64
    Red Hat Enterprise Linux Desktop 7 x86_64
    Red Hat Enterprise Linux for Power, little endian 7 ppc64le

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:5163 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:5163
  • CVE-2020-26950
    In Development

    Red Hat Update for thunderbird (RHSA-2020:5164)

    Severity
    Critical4
    Qualys ID
    238887
    Vendor Reference
    RHSA-2020:5164
    CVE Reference
    CVE-2020-26950
    CVSS Scores
    Base / Temporal
    Description
    Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 78.4.3.

    Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)

    Affected Products :

    Red Hat Enterprise Linux Server 6 x86_64
    Red Hat Enterprise Linux Server 6 i386
    Red Hat Enterprise Linux Workstation 6 x86_64
    Red Hat Enterprise Linux Workstation 6 i386
    Red Hat Enterprise Linux Desktop 6 x86_64
    Red Hat Enterprise Linux Desktop 6 i386
    Red Hat Enterprise Linux for IBM z Systems 6 s390x
    Red Hat Enterprise Linux for Power, big endian 6 ppc64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:5164 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:5164
  • CVE-2020-16013+
    In Development

    Red Hat Update for chromium-browser (RHSA-2020:5165)

    Severity
    Critical4
    Qualys ID
    238886
    Vendor Reference
    RHSA-2020:5165
    CVE Reference
    CVE-2020-16013, CVE-2020-16016, CVE-2020-16017
    CVSS Scores
    Base / Temporal
    Description
    Chromium is an open-source web browser, powered by WebKit (Blink).This update upgrades Chromium to version 86.0.4240.198.

    Security Fix(es): chromium-browser: Inappropriate implementation in V8 (CVE-2020-16013)
    chromium-browser: Inappropriate implementation in base (CVE-2020-16016)
    chromium-browser: Use after free in site isolation (CVE-2020-16017)

    Affected Products :

    Red Hat Enterprise Linux Server 6 x86_64
    Red Hat Enterprise Linux Server 6 i386
    Red Hat Enterprise Linux Workstation 6 x86_64
    Red Hat Enterprise Linux Workstation 6 i386
    Red Hat Enterprise Linux Desktop 6 x86_64
    Red Hat Enterprise Linux Desktop 6 i386
    Red Hat Enterprise Linux for Scientific Computing 6 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:5165 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:5165
  • CVE-2020-26950
    In Development

    Red Hat Update for thunderbird (RHSA-2020:5166)

    Severity
    Critical4
    Qualys ID
    238885
    Vendor Reference
    RHSA-2020:5166
    CVE Reference
    CVE-2020-26950
    CVSS Scores
    Base / Temporal
    Description
    Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 78.4.3.

    Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)

    Affected Products :

    Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
    Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
    Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
    Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:5166 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:5166
  • CVE-2020-25638
    In Development

    Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.3 (RHSA-2020:5175)

    Severity
    Critical4
    Qualys ID
    238884
    Vendor Reference
    RHSA-2020:5175
    CVE Reference
    CVE-2020-25638
    CVSS Scores
    Base / Temporal
    Description
    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8.

    Security Fix(es): hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)

    Affected Products :

    JBoss Enterprise Application Platform 7.3 for RHEL 8 x86_64
    JBoss Enterprise Application Platform 7.3 for RHEL 7 x86_64
    JBoss Enterprise Application Platform 7.3 for RHEL 6 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:5175 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:5175
  • CVE-2019-19770+
    Recently Published

    EulerOS Security Update for kernel (EulerOS-SA-2020-1158)

    Severity
    Urgent5
    Qualys ID
    374261
    Date Published
    November 26, 2020
    Vendor Reference
    EulerOS-SA-2020-1158
    CVE Reference
    CVE-2019-19770, CVE-2019-20095, CVE-2019-11135, CVE-2019-19062, CVE-2019-19543, CVE-2019-19965, CVE-2019-19966, CVE-2019-17351, CVE-2019-19048, CVE-2019-19922, CVE-2019-19332, CVE-2019-11135, CVE-2019-19338, CVE-2019-19927, CVE-2020-7053, CVE-2019-19947, CVE-2019-20054, CVE-2019-20096, CVE-2019-14896, CVE-2019-14895, CVE-2019-14897, CVE-2019-5108, CVE-2019-16230
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for kernel to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP8

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1158
    Patches
    EulerOS-SA-2020-1158
  • CVE-2019-1348+
    Recently Published

    EulerOS Security Update for git (EulerOS-SA-2020-1151)

    Severity
    Urgent5
    Qualys ID
    374254
    Date Published
    November 26, 2020
    Vendor Reference
    EulerOS-SA-2020-1151
    CVE Reference
    CVE-2019-1348, CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387, CVE-2019-1349, CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387, CVE-2019-1350, CVE-2019-1351, CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387, CVE-2019-1352, CVE-2019-1353, CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387, CVE-2019-1354, CVE-2019-1387, CVE-2019-19604
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for git to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP8

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1151
    Patches
    EulerOS-SA-2020-1151
  • CVE-2019-14889
    Recently Published

    EulerOS Security Update for libssh (EulerOS-SA-2020-1164)

    Severity
    Urgent5
    Qualys ID
    374267
    Date Published
    November 26, 2020
    Vendor Reference
    EulerOS-SA-2020-1164
    CVE Reference
    CVE-2019-14889
    CVSS Scores
    Base 8 / Temporal 7
    Description
    Euler has released security update for libssh to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP8

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1164
    Patches
    EulerOS-SA-2020-1164
  • CVE-2020-1967+
    In Development

    Oracle HTTP Server Multiple Vulnerabilities(CPUOCT2020)

    Severity
    Critical4
    Qualys ID
    374283
    Vendor Reference
    cpuoct2020
    CVE Reference
    CVE-2020-1967, CVE-2019-10097, CVE-2019-5482
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description

    Oracle HTTP Server is the Web server component for Oracle Fusion Middleware. It provides a listener for Oracle WebLogic Server and the framework for hosting static pages, dynamic pages, and applications over the Web.

    Affected Versions:
    Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0

    QID Detection Logic (Authenticated):
    This QID checks the vulnerable version of Oracle HTTP Server from file "inventory.xml" from the Home Directory.

    Consequence
    Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data.
    Solution
    Refer to vendor advisory Oracle HTTP Server OCT 2020
    Patches
    CPUOCT2020
  • CVE-2019-18609
    Recently Published

    EulerOS Security Update for librabbitmq (EulerOS-SA-2020-1163)

    Severity
    Critical4
    Qualys ID
    374266
    Date Published
    November 26, 2020
    Vendor Reference
    EulerOS-SA-2020-1163
    CVE Reference
    CVE-2019-18609
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for librabbitmq to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP8

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1163
    Patches
    EulerOS-SA-2020-1163
  • CVE-2019-19977
    Recently Published

    EulerOS Security Update for libesmtp (EulerOS-SA-2020-1160)

    Severity
    Critical4
    Qualys ID
    374263
    Date Published
    November 26, 2020
    Vendor Reference
    EulerOS-SA-2020-1160
    CVE Reference
    CVE-2019-19977
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for libesmtp to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP8

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1160
    Patches
    EulerOS-SA-2020-1160
  • CVE-2019-14811+
    Recently Published

    EulerOS Security Update for ghostscript (EulerOS-SA-2020-1150)

    Severity
    Critical4
    Qualys ID
    374253
    Date Published
    November 26, 2020
    Vendor Reference
    EulerOS-SA-2020-1150
    CVE Reference
    CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for ghostscript to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP8

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1150
    Patches
    EulerOS-SA-2020-1150
  • CVE-2020-28032+
    Recently Published

    Fedora Security Update for wordpress (FEDORA-2020-15e15c35da)

    Severity
    Critical4
    Qualys ID
    280576
    Date Published
    November 26, 2020
    Vendor Reference
    FEDORA-2020-15e15c35da Fedora 31
    CVE Reference
    CVE-2020-28032, CVE-2020-28033, CVE-2020-28035, CVE-2020-28034, CVE-2020-28036, CVE-2020-28037, CVE-2020-28038, CVE-2020-28039, CVE-2020-28040
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Fedora has released security update for wordpress to fix the vulnerability.

    Affected OS:
    Fedora 31

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    Fedora has issued updated packages to fix this vulnerability.

    For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
    Fedora 31 Update

    Patches
    Fedora 31 FEDORA-2020-15e15c35da
  • CVE-2020-28032+
    Recently Published

    Fedora Security Update for wordpress (FEDORA-2020-b386fac43a)

    Severity
    Critical4
    Qualys ID
    280575
    Date Published
    November 26, 2020
    Vendor Reference
    FEDORA-2020-b386fac43a Fedora 32
    CVE Reference
    CVE-2020-28032, CVE-2020-28033, CVE-2020-28035, CVE-2020-28034, CVE-2020-28036, CVE-2020-28037, CVE-2020-28038, CVE-2020-28039, CVE-2020-28040
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Fedora has released security update for wordpress to fix the vulnerability.

    Affected OS:
    Fedora 32

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    Fedora has issued updated packages to fix this vulnerability.

    For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
    Fedora 32 Update

    Patches
    Fedora 32 FEDORA-2020-b386fac43a
  • CVE-2020-0181+
    Recently Published

    Fedora Security Update for libexif (FEDORA-2020-0aa0fc1b0c)

    Severity
    Critical4
    Qualys ID
    280566
    Date Published
    November 26, 2020
    Vendor Reference
    FEDORA-2020-0aa0fc1b0c Fedora 32
    CVE Reference
    CVE-2020-0181, CVE-2020-0198, CVE-2020-0452
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Fedora has released security update for libexif to fix the vulnerability.

    Affected OS:
    Fedora 32

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    Fedora has issued updated packages to fix this vulnerability.

    For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
    Fedora 32 Update

    Patches
    Fedora 32 FEDORA-2020-0aa0fc1b0c
  • CVE-2020-27930+
    Under Investigation

    Apple Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave (HT211946)

    Severity
    Critical4
    Qualys ID
    374284
    Vendor Reference
    HT211946
    CVE Reference
    CVE-2020-27930, CVE-2020-27932, CVE-2020-27950
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Multiple vulnerabilities were addressed in Apple macOS.

    Affected by following vulnerabilities:
    CVE-2020-27930: A memory corruption issue was addressed with improved input validation.
    CVE-2020-27932: A type confusion issue was addressed with improved state handling.
    CVE-2020-27950: A memory initialization issue was addressed.

    Affected versions:
    Prior to Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave.

    QID Detection Logic (Authenticated):
    This QID looks for the missing security patches from Mojave, High Sierra

    Consequence
    A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.

    Solution
    The vendor has issued these fixes: Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave.
    The updates can be downloaded from Apple Downloads.

    For more information regarding the update can be found at HT211946.

    Patches
    HT211946
  • CVE-2020-16012+
    Recently Published

    Fedora Security Update for chromium (FEDORA-2020-3e005ce2e0)

    Severity
    Critical4
    Qualys ID
    280550
    Date Published
    November 26, 2020
    Vendor Reference
    FEDORA-2020-3e005ce2e0 Fedora 32
    CVE Reference
    CVE-2020-16012, CVE-2020-16018, CVE-2020-16019, CVE-2020-16020, CVE-2020-16021, CVE-2020-16022, CVE-2020-16015, CVE-2020-16014, CVE-2020-16023, CVE-2020-16024, CVE-2020-16025, CVE-2020-16026, CVE-2020-16027, CVE-2020-16028, CVE-2020-16029, CVE-2020-16030, CVE-2020-16031, CVE-2020-16032, CVE-2020-16033, CVE-2020-16034, CVE-2020-16035, CVE-2020-16036, CVE-2020-16013, CVE-2020-16016, CVE-2020-16017, CVE-2020-16004, CVE-2020-16005, CVE-2020-16006, CVE-2020-16008, CVE-2020-16009, CVE-2019-8075
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Fedora has released security update for chromium to fix the vulnerability.

    Affected OS:
    Fedora 32

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    Fedora has issued updated packages to fix this vulnerability.

    For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
    Fedora 32 Update

    Patches
    Fedora 32 FEDORA-2020-3e005ce2e0
  • CVE-2020-25694+
    Recently Published

    SUSE Enterprise Linux Security Update for postgresql96 (SUSE-SU-2020:3477-1)

    Severity
    Critical4
    Qualys ID
    174394
    Date Published
    November 26, 2020
    Vendor Reference
    SUSE-SU-2020:3477-1
    CVE Reference
    CVE-2020-25694, CVE-2020-25695, CVE-2020-25696
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    SUSE has released security update for postgresql96 to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Server for SAP 12-SP3
    SUSE Linux Enterprise Server for SAP 12-SP2

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3477-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3477-1
  • CVE-2020-25694+
    Recently Published

    SUSE Enterprise Linux Security Update for postgresql10 (SUSE-SU-2020:3476-1)

    Severity
    Critical4
    Qualys ID
    174393
    Date Published
    November 26, 2020
    Vendor Reference
    SUSE-SU-2020:3476-1
    CVE Reference
    CVE-2020-25694, CVE-2020-25695, CVE-2020-25696
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    SUSE has released security update for postgresql10 to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Module for Server Applications 15-SP2
    SUSE Linux Enterprise Module for Server Applications 15-SP1
    SUSE Linux Enterprise Module for Basesystem 15-SP2
    SUSE Linux Enterprise Module for Basesystem 15-SP1

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3476-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3476-1
  • CVE-2020-25694+
    Recently Published

    SUSE Enterprise Linux Security Update for postgresql12 (SUSE-SU-2020:3463-1)

    Severity
    Critical4
    Qualys ID
    174392
    Date Published
    November 26, 2020
    Vendor Reference
    SUSE-SU-2020:3463-1
    CVE Reference
    CVE-2020-25694, CVE-2020-25695, CVE-2020-25696
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    SUSE has released security update for postgresql12 to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Module for Server Applications 15-SP2
    SUSE Linux Enterprise Module for Basesystem 15-SP2

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3463-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3463-1
  • CVE-2020-25694+
    Recently Published

    SUSE Enterprise Linux Security Update for postgresql10 (SUSE-SU-2020:3464-1)

    Severity
    Critical4
    Qualys ID
    174390
    Date Published
    November 26, 2020
    Vendor Reference
    SUSE-SU-2020:3464-1
    CVE Reference
    CVE-2020-25694, CVE-2020-25695, CVE-2020-25696
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    SUSE has released security update for postgresql10 to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Software Development Kit 12-SP5
    SUSE Linux Enterprise Server for SAP 12-SP4
    SUSE Linux Enterprise Server for SAP 12-SP3
    SUSE Linux Enterprise Server for SAP 12-SP2
    SUSE Linux Enterprise Server 12-SP5

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3464-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3464-1
  • CVE-2020-25694+
    Recently Published

    SUSE Enterprise Linux Security Update for postgresql10 (SUSE-SU-2020:3455-1)

    Severity
    Critical4
    Qualys ID
    174389
    Date Published
    November 26, 2020
    Vendor Reference
    SUSE-SU-2020:3455-1
    CVE Reference
    CVE-2020-25694, CVE-2020-25695, CVE-2020-25696
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    SUSE has released security update for postgresql10 to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Server for SAP 15

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3455-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3455-1
  • CVE-2020-25694+
    Recently Published

    SUSE Enterprise Linux Security Update for postgresql12 (SUSE-SU-2020:3425-1)

    Severity
    Critical4
    Qualys ID
    174385
    Date Published
    November 26, 2020
    Vendor Reference
    SUSE-SU-2020:3425-1
    CVE Reference
    CVE-2020-25694, CVE-2020-25695, CVE-2020-25696
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    SUSE has released security update for postgresql12 to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Module for Server Applications 15-SP1
    SUSE Linux Enterprise Module for Basesystem 15-SP1

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3425-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3425-1
  • CVE-2020-28368
    Recently Published

    SUSE Enterprise Linux Security Update for xen (SUSE-SU-2020:3413-1)

    Severity
    Critical4
    Qualys ID
    174382
    Date Published
    November 26, 2020
    Vendor Reference
    SUSE-SU-2020:3413-1
    CVE Reference
    CVE-2020-28368
    CVSS Scores
    Base / Temporal
    Description
    SUSE has released security update for xen to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Module for Server Applications 15-SP1
    SUSE Linux Enterprise Module for Basesystem 15-SP1

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3413-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3413-1
  • CVE-2020-28368
    Recently Published

    SUSE Enterprise Linux Security Update for xen (SUSE-SU-2020:3412-1)

    Severity
    Critical4
    Qualys ID
    174381
    Date Published
    November 26, 2020
    Vendor Reference
    SUSE-SU-2020:3412-1
    CVE Reference
    CVE-2020-28368
    CVSS Scores
    Base / Temporal
    Description
    SUSE has released security update for xen to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Module for Server Applications 15-SP2
    SUSE Linux Enterprise Module for Basesystem 15-SP2

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3412-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3412-1
  • CVE-2020-28368
    Recently Published

    SUSE Enterprise Linux Security Update for xen (SUSE-SU-2020:3414-1)

    Severity
    Critical4
    Qualys ID
    174380
    Date Published
    November 26, 2020
    Vendor Reference
    SUSE-SU-2020:3414-1
    CVE Reference
    CVE-2020-28368
    CVSS Scores
    Base / Temporal
    Description
    SUSE has released security update for xen to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Software Development Kit 12-SP5
    SUSE Linux Enterprise Server 12-SP5

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3414-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3414-1
  • CVE-2020-28368
    Recently Published

    SUSE Enterprise Linux Security Update for xen (SUSE-SU-2020:3416-1)

    Severity
    Critical4
    Qualys ID
    174379
    Date Published
    November 26, 2020
    Vendor Reference
    SUSE-SU-2020:3416-1
    CVE Reference
    CVE-2020-28368
    CVSS Scores
    Base / Temporal
    Description
    SUSE has released security update for xen to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Server for SAP 15

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3416-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3416-1
  • CVE-2020-28368
    Recently Published

    SUSE Enterprise Linux Security Update for xen (SUSE-SU-2020:3415-1)

    Severity
    Critical4
    Qualys ID
    174378
    Date Published
    November 26, 2020
    Vendor Reference
    SUSE-SU-2020:3415-1
    CVE Reference
    CVE-2020-28368
    CVSS Scores
    Base / Temporal
    Description
    SUSE has released security update for xen to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Server for SAP 12-SP4

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3415-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3415-1
  • CVE-2020-26951+
    Recently Published

    Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2020-51)

    Severity
    Critical4
    Qualys ID
    374165
    Date Published
    November 26, 2020
    Vendor Reference
    MFSA2020-51
    CVE Reference
    CVE-2020-26951, CVE-2020-16012, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-15999, CVE-2020-26961, CVE-2020-26965, CVE-2020-26966, CVE-2020-26968
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android.

    CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
    CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
    CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
    CVE-2020-26956: XSS through paste (manual and clipboard API)
    CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
    CVE-2020-26959: Use-after-free in WebRequestService
    CVE-2020-26960: Potential use-after-free in uses of nsTArray
    CVE-2020-15999: Heap buffer overflow in freetype
    CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
    CVE-2020-26965: Software keyboards may have remembered typed passwords
    CVE-2020-26966: Single-word search queries were also broadcast to local network
    CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5

    Affected Products:
    Prior to Firefox ESR 78.5

    QID Detection Logic (Authenticated) :
    This checks for vulnerable version of Firefox browser.

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Vendor has released fix to address these vulnerabilities. Refer to MFSA2020-51
    Patches
    MAC OS X MFSA2020-51, WIndows MFSA2020-51
  • CVE-2020-26951+
    Recently Published

    Mozilla Thunderbird Multiple Vulnerabilities (MFSA2020-52)

    Severity
    Critical4
    Qualys ID
    374164
    Date Published
    November 26, 2020
    Vendor Reference
    MFSA2020-52
    CVE Reference
    CVE-2020-26951, CVE-2020-16012, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-15999, CVE-2020-26961, CVE-2020-26965, CVE-2020-26966, CVE-2020-26968
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android.

    CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
    CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
    CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
    CVE-2020-26956: XSS through paste (manual and clipboard API)
    CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
    CVE-2020-26959: Use-after-free in WebRequestService
    CVE-2020-26960: Potential use-after-free in uses of nsTArray
    CVE-2020-15999: Heap buffer overflow in freetype
    CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
    CVE-2020-26965: Software keyboards may have remembered typed passwords
    CVE-2020-26966: Single-word search queries were also broadcast to local network
    CVE-2020-26968: Memory safety bugs fixed in Thunderbird 78.5

    Affected Products:
    Prior to Firefox ESR 78.5

    QID Detection Logic (Authenticated) :
    This checks for vulnerable version of Firefox browser.

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Vendor has released fix to address these vulnerabilities. Refer to MFSA2020-52
    Patches
    MFSA2020-52, MFSA2020-52
  • CVE-2020-25668+
    In Development

    SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2020:3507-1)

    Severity
    Critical4
    Qualys ID
    174402
    Date Published
    November 25, 2020
    Vendor Reference
    SUSE-SU-2020:3507-1
    CVE Reference
    CVE-2020-25668, CVE-2020-25704, CVE-2020-25705
    CVSS Scores
    Base / Temporal
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Module for Live Patching 15-SP1

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3507-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3507-1
  • CVE-2017-18204+
    In Development

    SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2020:3503-1)

    Severity
    Critical4
    Qualys ID
    174401
    Date Published
    November 25, 2020
    Vendor Reference
    SUSE-SU-2020:3503-1
    CVE Reference
    CVE-2017-18204, CVE-2019-19063, CVE-2019-6133, CVE-2020-0404, CVE-2020-0427, CVE-2020-0431, CVE-2020-0432, CVE-2020-12352, CVE-2020-14351, CVE-2020-14381, CVE-2020-14390, CVE-2020-25212, CVE-2020-25284, CVE-2020-25641, CVE-2020-25643, CVE-2020-25645, CVE-2020-25656, CVE-2020-25668, CVE-2020-25705, CVE-2020-26088, CVE-2020-8694
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Server for SAP 12-SP3

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3503-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3503-1
  • CVE-2017-18204+
    In Development

    SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2020:3501-1)

    Severity
    Critical4
    Qualys ID
    174400
    Date Published
    November 25, 2020
    Vendor Reference
    SUSE-SU-2020:3501-1
    CVE Reference
    CVE-2017-18204, CVE-2020-0404, CVE-2020-0427, CVE-2020-0431, CVE-2020-0432, CVE-2020-12352, CVE-2020-14351, CVE-2020-14381, CVE-2020-14390, CVE-2020-25212, CVE-2020-25284, CVE-2020-25643, CVE-2020-25645, CVE-2020-25656, CVE-2020-25705, CVE-2020-26088, CVE-2020-8694
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Server for SAP 12-SP2

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3501-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3501-1
  • CVE-2020-0430+
    In Development

    SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 19 for SLE 15) (SUSE-SU-2020:3441-1)

    Severity
    Critical4
    Qualys ID
    174384
    Date Published
    November 25, 2020
    Vendor Reference
    SUSE-SU-2020:3441-1
    CVE Reference
    CVE-2020-0430, CVE-2020-12351, CVE-2020-25645
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Module for Live Patching 15

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3441-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3441-1
  • CVE-2017-1000405+
    In Development

    SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 16 for SLE 15) (SUSE-SU-2020:3449-1)

    Severity
    Critical4
    Qualys ID
    174383
    Date Published
    November 25, 2020
    Vendor Reference
    SUSE-SU-2020:3449-1
    CVE Reference
    CVE-2017-1000405, CVE-2020-0430, CVE-2020-12351, CVE-2020-25645
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Module for Live Patching 15

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3449-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3449-1
  • CVE-2020-25645
    In Development

    SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) (SUSE-SU-2020:3433-1)

    Severity
    Critical4
    Qualys ID
    174387
    Date Published
    November 25, 2020
    Vendor Reference
    SUSE-SU-2020:3433-1
    CVE Reference
    CVE-2020-25645
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Server for SAP 12-SP3
    SUSE Linux Enterprise Server for SAP 12-SP2

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3433-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3433-1
  • CVE-2020-12351+
    In Development

    SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 9 for SLE 15 SP1) (SUSE-SU-2020:3402-1)

    Severity
    Critical4
    Qualys ID
    174373
    Date Published
    November 25, 2020
    Vendor Reference
    SUSE-SU-2020:3402-1
    CVE Reference
    CVE-2020-12351, CVE-2020-25645
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Module for Live Patching 15-SP2
    SUSE Linux Enterprise Module for Live Patching 15-SP1

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3402-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3402-1
  • CVE-2017-1000405+
    In Development

    SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 7 for SLE 15 SP1) (SUSE-SU-2020:3400-1)

    Severity
    Critical4
    Qualys ID
    174372
    Date Published
    November 25, 2020
    Vendor Reference
    SUSE-SU-2020:3400-1
    CVE Reference
    CVE-2017-1000405, CVE-2020-12351, CVE-2020-25645
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Module for Live Patching 15-SP1

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3400-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3400-1
  • CVE-2020-12351+
    In Development

    SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 1 for SLE 15 SP2) (SUSE-SU-2020:3389-1)

    Severity
    Critical4
    Qualys ID
    174368
    Date Published
    November 25, 2020
    Vendor Reference
    SUSE-SU-2020:3389-1
    CVE Reference
    CVE-2020-12351, CVE-2020-24490, CVE-2020-25645
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Module for Live Patching 15-SP2

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3389-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3389-1
  • CVE-2020-14871
    Under Investigation

    Oracle Solaris PAM Remote Code Execution Vulnerability (Unauthenticated check)

    Severity
    Urgent5
    Qualys ID
    296048
    Vendor Reference
    CPUOCT2020
    CVE Reference
    CVE-2020-14871
    CVSS Scores
    Base 10 / Temporal 9.3
    Description
    A remote code execution vulnerability exists in the Oracle Solaris Pluggable Authentication Module (PAM) and allows an unauthenticated attacker with network access via multiple protocols to exploit and compromise the operating system.

    Affected Versions:

    Solaris 9, Solaris 10, Solaris 11.0

    Consequence
    The vulnerability may allow a remote attacker to compromise the operating system.
    Solution
    The vendor has provided fix for Solaris 10 and 11. For more information please visit Oracle Critical Patch Update Advisory - October 2020.
    Patches
    Solaris Oracle Critical Patch Update Advisory - October 2020
  • CVE-2015-9290
    Recently Published

    EulerOS Security Update for freetype (EulerOS-SA-2020-1148)

    Severity
    Critical4
    Qualys ID
    374249
    Date Published
    November 25, 2020
    Vendor Reference
    EulerOS-SA-2020-1148
    CVE Reference
    CVE-2015-9290
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for freetype to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP8

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1148
    Patches
    EulerOS-SA-2020-1148
  • CVE-2019-18679+
    Recently Published

    EulerOS Security Update for squid (EulerOS-SA-2020-1133)

    Severity
    Critical4
    Qualys ID
    374234
    Date Published
    November 25, 2020
    Vendor Reference
    EulerOS-SA-2020-1133
    CVE Reference
    CVE-2019-18679, CVE-2019-18677, CVE-2019-18676, CVE-2019-18678, CVE-2019-12526, CVE-2019-12523
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for squid to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP5

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1133
    Patches
    EulerOS-SA-2020-1133
  • CVE-2019-17626
    Recently Published

    EulerOS Security Update for python-reportlab (EulerOS-SA-2020-1129)

    Severity
    Critical4
    Qualys ID
    374230
    Date Published
    November 25, 2020
    Vendor Reference
    EulerOS-SA-2020-1129
    CVE Reference
    CVE-2019-17626
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for python-reportlab to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP5

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1129
    Patches
    EulerOS-SA-2020-1129
  • CVE-2019-9674+
    Recently Published

    EulerOS Security Update for python (EulerOS-SA-2020-1126)

    Severity
    Critical4
    Qualys ID
    374227
    Date Published
    November 25, 2020
    Vendor Reference
    EulerOS-SA-2020-1126
    CVE Reference
    CVE-2019-9674, CVE-2018-1000802
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for python to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP5

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1126
    Patches
    EulerOS-SA-2020-1126
  • CVE-2016-7412+
    Recently Published

    EulerOS Security Update for php (EulerOS-SA-2020-1124)

    Severity
    Critical4
    Qualys ID
    374225
    Date Published
    November 25, 2020
    Vendor Reference
    EulerOS-SA-2020-1124
    CVE Reference
    CVE-2016-7412, CVE-2016-7411, CVE-2016-10397, CVE-2017-11145, CVE-2017-11145, CVE-2017-16642, CVE-2019-11045, CVE-2019-19246, CVE-2017-7272, CVE-2019-11047
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    Euler has released security update for php to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP5

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1124
    Patches
    EulerOS-SA-2020-1124
  • CVE-2019-5544
    Recently Published

    EulerOS Security Update for openslp (EulerOS-SA-2020-1120)

    Severity
    Critical4
    Qualys ID
    374221
    Date Published
    November 25, 2020
    Vendor Reference
    EulerOS-SA-2020-1120
    CVE Reference
    CVE-2019-5544
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for openslp to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP5

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1120
    Patches
    EulerOS-SA-2020-1120
  • CVE-2019-18609
    Recently Published

    EulerOS Security Update for librabbitmq (EulerOS-SA-2020-1116)

    Severity
    Critical4
    Qualys ID
    374217
    Date Published
    November 25, 2020
    Vendor Reference
    EulerOS-SA-2020-1116
    CVE Reference
    CVE-2019-18609
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for librabbitmq to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP5

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1116
    Patches
    EulerOS-SA-2020-1116
  • CVE-2019-19977
    Recently Published

    EulerOS Security Update for libesmtp (EulerOS-SA-2020-1113)

    Severity
    Critical4
    Qualys ID
    374214
    Date Published
    November 25, 2020
    Vendor Reference
    EulerOS-SA-2020-1113
    CVE Reference
    CVE-2019-19977
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for libesmtp to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP5

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1113
    Patches
    EulerOS-SA-2020-1113
  • CVE-2019-18276
    Recently Published

    EulerOS Security Update for bash (EulerOS-SA-2020-1140)

    Severity
    Critical4
    Qualys ID
    374241
    Date Published
    November 25, 2020
    Vendor Reference
    EulerOS-SA-2020-1140
    CVE Reference
    CVE-2019-18276
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Euler has released security update for bash to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP8

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1140
    Patches
    EulerOS-SA-2020-1140
  • CVE-2014-3180+
    In Development

    EulerOS Security Update for kernel (EulerOS-SA-2020-1112)

    Severity
    Urgent5
    Qualys ID
    374213
    Date Published
    November 24, 2020
    Vendor Reference
    EulerOS-SA-2020-1112
    CVE Reference
    CVE-2014-3180, CVE-2019-14901, CVE-2019-14896, CVE-2019-19078, CVE-2019-19045, CVE-2019-14897, CVE-2019-19332, CVE-2018-12207, CVE-2019-9458, CVE-2019-19227, CVE-2019-19813, CVE-2019-19768, CVE-2019-20054, CVE-2019-19536, CVE-2019-19534, CVE-2019-19525, CVE-2019-0155, CVE-2019-11085, CVE-2019-19922, CVE-2016-2085, CVE-2018-5995, CVE-2019-11135, CVE-2017-18549, CVE-2017-18550, CVE-2018-7273, CVE-2019-14895, CVE-2019-18660, CVE-2019-19447, CVE-2019-19965, CVE-2019-19966, CVE-2019-5108, CVE-2019-20095
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for kernel to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP5

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1112
    Patches
    EulerOS-SA-2020-1112
  • CVE-2019-20907+
    Recently Published

    CentOS Security Update for python3 (CESA-2020:5010)

    Severity
    Critical4
    Qualys ID
    257039
    Date Published
    November 24, 2020
    Vendor Reference
    CESA-2020:5010 centos 7
    CVE Reference
    CVE-2019-20907, CVE-2020-14422
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CentOS has released security update for python3 security update to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to cause denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:5010
  • CVE-2019-20907
    Recently Published

    CentOS Security Update for python (CESA-2020:5009)

    Severity
    Critical4
    Qualys ID
    257038
    Date Published
    November 24, 2020
    Vendor Reference
    CESA-2020:5009 centos 7
    CVE Reference
    CVE-2019-20907
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CentOS has released security update for python security update to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to cause denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:5009
  • CVE-2020-17507
    Recently Published

    CentOS Security Update for qt5-qtbase (CESA-2020:5021)

    Severity
    Critical4
    Qualys ID
    257040
    Date Published
    November 24, 2020
    Vendor Reference
    CESA-2020:5021 centos 7
    CVE Reference
    CVE-2020-17507
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    CentOS has released security update for qt5-qtbase to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to cause denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:5021, centos 7 CESA-2020:5021
  • CVE-2020-25207
    In Development

    JetBrains ToolBox Remote Code Execution Via A Browser Protocol Handler Vulnerability

    Severity
    Critical4
    Qualys ID
    374209
    Vendor Reference
    JETBRAIN
    CVE Reference
    CVE-2020-25207
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    JetBrain Toolbox is a Java IDE for developing advanced JVM projects. It supports Java, Kotlin, Scala, and Android.

    CVE-2020-25207: JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. Affected Versions:
    JetBrains ToolBox before version 1.18

    QID Detection Login
    QID will check the version.

    Consequence
    Successful exploitation of the vulnerability may allow an attacker to execute Remote Codes via browser protocol handler.

    Solution
    Please refer to the release notes For JetBrains 1.18. Please refer click here to download the latest version.

    Patches
    Toolbox App
  • CVE-2020-4004
    In Development

    VMware Workstation and VMware Fusion Use-after-free Vulnerability (VMSA-2020-0026)

    Severity
    Critical4
    Qualys ID
    374208
    Vendor Reference
    VMSA-2020-0026
    CVE Reference
    CVE-2020-4004
    CVSS Scores
    Base 9.3 / Temporal 8.1
    Description
    VMware Workstation, Fusion is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems.

    VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller

    Affected Versions:
    VMware Workstation 15.x prior to 15.5.5
    VMware Fusion prior to 11.x prior to 11.5.7

    QID Detection Logic (Unauthenticated):
    This QID checks for vulnerable versions of Workstation and Fusion .exe file.

    Note: Unable to check the workaround suggested by vendor in VMSA-2020-0026, hence added POTENTIAL CHECK.

    Consequence
    A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
    Solution
    Vmware has released patch VMware ESXi.

    Refer to VMware advisory VMSA-2020-0026 for more information.

    Patches
    VMware Fusion 11.5.7, VMware Workstation Pro/Player 15.5.7
  • CVE-2020-4701
    Recently Published

    IBM DB2 Buffer Overflow Vulnerability

    Severity
    Critical4
    Qualys ID
    20197
    Date Published
    November 24, 2020
    Vendor Reference
    6370025
    CVE Reference
    CVE-2020-4701
    CVSS Scores
    Base / Temporal
    Description
    DB2 is a family of data management products, including database servers, developed by IBM.

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a buffer overflow.

    Affected Versions:
    All fix pack levels of IBM Db2 V10.5, V11.1, and V11.5 editions on all platforms are affected

    QID Detection Logic:Authenticated (DB2):
    This QID queries the DB2 server to get the server version and fix pack level and checks to see if it's vulnerable.

    Consequence
    Successful exploitation could allow a local attacker to execute arbitrary code on the system with root privileges.

    Solution

    Please refer to the following link cve-2020-4701 for more details.

    Patches
    6370025
  • CVE-2020-4004
    Recently Published

    VMware ESXi 6.5 Patch Release ESXi650-202011301-SG Missing (VMSA-2020-0026)

    Severity
    Critical4
    Qualys ID
    216249
    Date Published
    November 23, 2020
    Vendor Reference
    VMSA-2020-0026
    CVE Reference
    CVE-2020-4004
    CVSS Scores
    Base 9.3 / Temporal 8.1
    Description
    VMware ESXi is an enterprise level computer virtualization product.

    VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.

    Affected Versions:
    VMware ESXi 6.5 prior to build 17167537

    QID Detection Logic (Unauthenticated):
    This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.

    Note: Unable to check the workaround suggested by vendor in VMSA-2020-0026, hence added POTENTIAL CHECK.

    Consequence
    A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
    Solution
    Vmware has released patch for VMware ESXi 6.5 , visit VMware ESXi 6.5, Patch Release ESXi650-202011002

    Refer to VMware advisory VMSA-2020-0026 for more information.

    Workaround:
    Remove a USB Controller from a Virtual Machine.

    Please visit here for more information.

    Patches
    VMware ESXi 6.5, Patch Release ESXi650-202011002
  • CVE-2020-4004
    Recently Published

    VMware ESXi 6.7 Patch Release ESXi670-202011101-SG Missing (VMSA-2020-0026)

    Severity
    Critical4
    Qualys ID
    216248
    Date Published
    November 23, 2020
    Vendor Reference
    VMSA-2020-0026
    CVE Reference
    CVE-2020-4004
    CVSS Scores
    Base 9.3 / Temporal 8.1
    Description
    VMware ESXi is an enterprise level computer virtualization product.

    VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.

    Affected Versions:
    VMware ESXi 6.7 prior to build 17167734

    QID Detection Logic (Unauthenticated):
    This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.

    Note: Unable to check the workaround suggested by vendor in VMSA-2020-0026, hence added POTENTIAL CHECK.

    Consequence
    A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
    Solution
    Vmware has released patch for VMware ESXi 6.7 , visit VMware ESXi 6.7, Patch Release ESXi670-202011002

    Refer to VMware advisory VMSA-2020-0026 for more information.

    Workaround:
    Remove a USB Controller from a Virtual Machine.

    Please visit here for more information.

    Patches
    VMware ESXi 6.7, Patch Release
  • CVE-2020-4004
    Recently Published

    VMware ESXi 7.0 Patch Release ESXi70U1b-17168206 Missing (VMSA-2020-0026)

    Severity
    Critical4
    Qualys ID
    216247
    Date Published
    November 23, 2020
    Vendor Reference
    VMSA-2020-0026
    CVE Reference
    CVE-2020-4004
    CVSS Scores
    Base 9.3 / Temporal 8.1
    Description
    VMware ESXi is an enterprise level computer virtualization product.

    VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.

    Affected Versions:
    VMware ESXi 7.0 prior to build 17168206

    QID Detection Logic (Unauthenticated):
    This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.

    Note: Unable to check the workaround suggested by vendor in VMSA-2020-0026, hence added POTENTIAL CHECK.

    Consequence
    A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
    Solution
    Vmware has released patch for VMware ESXi 7.0 , visit VMware ESXi 7.0 Update 1b

    Refer to VMware advisory VMSA-2020-0026 for more information.

    Workaround:
    Remove a USB Controller from a Virtual Machine.

    Please visit here for more information.

    Patches
    VMware ESXi 7.0 Update 1b
  • CVE-2020-4005
    Recently Published

    VMware ESXi 6.5 Patch Release ESXi650-202011301-SG Missing (VMSA-2020-0026)

    Severity
    Critical4
    Qualys ID
    216252
    Date Published
    November 23, 2020
    Vendor Reference
    VMSA-2020-0026
    CVE Reference
    CVE-2020-4005
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    VMware ESXi is an enterprise level computer virtualization product.

    VMware ESXi contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed.

    Affected Versions:
    VMware ESXi 6.5 prior to build 17167537

    QID Detection Logic (Unauthenticated):
    This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.

    Consequence
    A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
    Solution
    Vmware has released patch for VMware ESXi 6.5 , visit VMware ESXi 6.5, Patch Release ESXi650-202011002

    Refer to VMware advisory VMSA-2020-0026 for more information.

    Patches
    VMware ESXi 6.5, Patch Release ESXi650-202011002
  • CVE-2020-4005
    Recently Published

    VMware ESXi 6.7 Patch Release ESXi670-202011101-SG Missing (VMSA-2020-0026)

    Severity
    Critical4
    Qualys ID
    216251
    Date Published
    November 23, 2020
    Vendor Reference
    VMSA-2020-0026
    CVE Reference
    CVE-2020-4005
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    VMware ESXi is an enterprise level computer virtualization product.

    VMware ESXi contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed.

    Affected Versions:
    VMware ESXi 6.7 prior to build 17167734

    QID Detection Logic (Unauthenticated):
    This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.

    Consequence
    A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
    Solution
    Vmware has released patch for VMware ESXi 6.7 , visit VMware ESXi 6.7, Patch Release

    Refer to VMware advisory VMSA-2020-0026 for more information.

    Patches
    VMware ESXi 6.7, Patch Release
  • CVE-2020-4005
    Recently Published

    VMware ESXi 7.0 Patch Release ESXi70U1b-17168206 Missing (VMSA-2020-0026)

    Severity
    Critical4
    Qualys ID
    216250
    Date Published
    November 23, 2020
    Vendor Reference
    VMSA-2020-0026
    CVE Reference
    CVE-2020-4005
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    VMware ESXi is an enterprise level computer virtualization product.

    VMware ESXi contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed.

    Affected Versions:
    VMware ESXi 7.0 prior to build 17168206

    QID Detection Logic (Unauthenticated):
    This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.

    Consequence
    A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004).
    Solution
    Vmware has released patch for VMware ESXi 7.0 , visit VMware ESXi 7.0 Update 1b

    Refer to VMware advisory VMSA-2020-0026 for more information.

    Patches
    VMware ESXi 7.0 Update 1b
  • CVE-2019-12522
    In Development

    Squid Proxy Elevation Of Privilege Vulnerability

    Severity
    Urgent5
    Qualys ID
    62083
    CVE Reference
    CVE-2019-12522
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages.

    Affected Versions:
    Squid from 3.0 to 3.5.28
    Squid from 4.0 to 4.7
    Squid from 5.0 to 5.0.1

    QID Detection Logic:
    This QID checks for vulnerable version of Squid.

    Consequence
    This is trivial vulnerability, successful exploitation results in the child process to escalate their privileges back to root.

    Solution
    Customers are advised to upgrade to a fixed version of later version of Squid to remediate this vulnerability.
    Refer, Advisory.

    Patches
    Squid
  • CVE-2020-3470
    Recently Published

    Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities(cisco-sa-ucs-api-rce-UXwpeDHd)

    Severity
    Urgent5
    Qualys ID
    316823
    Date Published
    November 24, 2020
    Vendor Reference
    cisco-sa-ucs-api-rce-UXwpeDHd
    CVE Reference
    CVE-2020-3470
    CVSS Scores
    Base / Temporal
    Description

    Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges.

    QID Detection Logic (Authenticated):
    The check matches Cisco cimc version retrieved using "show cimc detail " command.

    Consequence
    A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).
    Solution

    Customers are advised to refer to cisco-sa-ucs-api-rce-UXwpeDHd for more information.

    Patches
    cisco-sa-ucs-api-rce-UXwpeDHd
  • CVE-2020-16022+
    Recently Published

    Google Chrome Prior to 87.0.4280.66 / 87.0.4280.67 Multiple Vulnerabilities

    Severity
    Critical4
    Qualys ID
    374167
    Date Published
    November 24, 2020
    Vendor Reference
    Google Chrome
    CVE Reference
    CVE-2020-16022, CVE-2020-16018, CVE-2020-16019, CVE-2020-16020, CVE-2020-16021, CVE-2020-16015, CVE-2020-16014, CVE-2020-16023, CVE-2020-16024, CVE-2020-16025, CVE-2020-16026, CVE-2020-16027, CVE-2020-16028, CVE-2020-16029, CVE-2020-16030, CVE-2019-8075, CVE-2020-16031, CVE-2020-16032, CVE-2020-16033, CVE-2020-16034, CVE-2020-16035, CVE-2020-16012, CVE-2020-16036
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Google Chrome is a web browser for multiple platforms developed by Google.

    Google Chrome is affected by following Vulnerability.
    CVE-2020-16022: Insufficient policy enforcement in networking.
    CVE-2020-16018: Use after free in payments.
    CVE-2020-16019: Inappropriate implementation in filesystem
    CVE-2020-16020: Inappropriate implementation in cryptohome.
    CVE-2020-16021: Race in ImageBurner.
    CVE-2020-16015: Insufficient data validation in WASM.
    CVE-2020-16014: Use after free in PPAPI.
    CVE-2020-16023: Use after free in WebCodecs.
    CVE-2020-16024: Heap buffer overflow in UI.
    CVE-2020-16025: Heap buffer overflow in clipboard.
    CVE-2020-16026: Use after free in WebRTC.
    CVE-2020-16027: Insufficient policy enforcement in developer tools.
    CVE-2020-16028: Heap buffer overflow in WebRTC.
    CVE-2020-16029: Inappropriate implementation in PDFium.
    CVE-2020-16030: Insufficient data validation in Blink.
    CVE-2019-8075: Insufficient data validation in Flash.
    CVE-2020-16031: Incorrect security UI in tab preview.
    CVE-2020-16032: Incorrect security UI in sharing.
    CVE-2020-16033: Incorrect security UI in WebUSB.
    CVE-2020-16034: Inappropriate implementation in WebRTC.
    CVE-2020-16035: Insufficient data validation in cros-disks.
    CVE-2020-16012: Side-channel information leakage in graphics.
    CVE-2020-16036: Inappropriate implementation in cookies.

    Affected Versions:
    Google Chrome Prior to 87.0.4280.66

    For Windows and Linux.
    Google Chrome Prior to 87.0.4280.67

    For MacOs.
    QID Detection logic:
    It checks for vulnerable versions of Google Chrome by checking its file version on Microsoft Windows, Linux and Mac.

    Consequence
    Successful exploitation of these vulnerabilities could affect Confidentiality, Integrity and Availability.

    Solution
    Windows and Linux Customers are advised to upgrade to latest version 87.0.4280.66
    Mac Customers are advised to upgrade to the latest version 87.0.4280.67
    For further details refer to Google Chrome
    Patches
    Google Chrome
  • CVE-2019-1349+
    Recently Published

    EulerOS Security Update for git (EulerOS-SA-2020-1101)

    Severity
    Urgent5
    Qualys ID
    374176
    Date Published
    November 23, 2020
    Vendor Reference
    EulerOS-SA-2020-1101
    CVE Reference
    CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387, CVE-2019-1354, CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387, CVE-2019-1352, CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387, CVE-2019-1349, CVE-2019-1387, CVE-2019-1348, CVE-2019-19604, CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387, CVE-2019-1350, CVE-2019-1351, CVE-2019-1353
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for git to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP5

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1101
    Patches
    EulerOS-SA-2020-1101
  • CVE-2016-7951+
    Recently Published

    EulerOS Security Update for libXtst (EulerOS-SA-2020-1093)

    Severity
    Critical4
    Qualys ID
    374168
    Date Published
    November 23, 2020
    Vendor Reference
    EulerOS-SA-2020-1093
    CVE Reference
    CVE-2016-7951, CVE-2016-7952
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for libXtst to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP2

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1093
    Patches
    EulerOS-SA-2020-1093
  • CVE-2019-19046+
    Recently Published

    EulerOS Security Update for kernel (EulerOS-SA-2020-1012)

    Severity
    Urgent5
    Qualys ID
    374134
    Date Published
    November 23, 2020
    Vendor Reference
    EulerOS-SA-2020-1012
    CVE Reference
    CVE-2019-19046, CVE-2019-19066, CVE-2019-19061, CVE-2019-19524, CVE-2019-11191, CVE-2019-19527, CVE-2019-19532, CVE-2017-13694, CVE-2017-13693, CVE-2019-18660, CVE-2019-18786, CVE-2019-18683, CVE-2019-19054, CVE-2019-19045, CVE-2019-19051, CVE-2019-19058, CVE-2019-19059, CVE-2019-19049, CVE-2019-19070, CVE-2019-19065, CVE-2019-19067, CVE-2019-19068, CVE-2019-19071, CVE-2019-19075, CVE-2019-19077, CVE-2019-19078, CVE-2019-19079, CVE-2019-19080, CVE-2019-19081, CVE-2019-19082, CVE-2019-19083, CVE-2019-19535, CVE-2019-18885, CVE-2019-19536, CVE-2019-19525, CVE-2019-19526, CVE-2019-19529, CVE-2019-19060, CVE-2019-19534, CVE-2019-18808, CVE-2019-16232, CVE-2019-16231, CVE-2019-16229, CVE-2019-10220, CVE-2019-19073, CVE-2019-19057, CVE-2019-19052, CVE-2019-19056, CVE-2019-19074, CVE-2019-19063, CVE-2019-18814, CVE-2019-19072, CVE-2019-19523, CVE-2019-19528, CVE-2019-19530, CVE-2019-19533, CVE-2019-19537, CVE-2019-19531, CVE-2019-18675, CVE-2019-19227, CVE-2019-19252, CVE-2019-19767, CVE-2019-14901, CVE-2019-15291
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for kernel to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP8

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1012
    Patches
    EulerOS-SA-2020-1012
  • CVE-2020-16846+
    Recently Published

    SUSE Enterprise Linux Security Update for salt (SUSE-SU-2020:3243-1)

    Severity
    Urgent5
    Qualys ID
    174329
    Date Published
    November 23, 2020
    Vendor Reference
    SUSE-SU-2020:3243-1
    CVE Reference
    CVE-2020-16846, CVE-2020-17490, CVE-2020-25592
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released security update for salt to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Module for Server Applications 15-SP1
    SUSE Linux Enterprise Module for Python2 15-SP1
    SUSE Linux Enterprise Module for Basesystem 15-SP1

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3243-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3243-1
  • CVE-2019-13638+
    Recently Published

    EulerOS Security Update for patch (EulerOS-SA-2020-1022)

    Severity
    Urgent5
    Qualys ID
    374144
    Date Published
    November 23, 2020
    Vendor Reference
    EulerOS-SA-2020-1022
    CVE Reference
    CVE-2019-13638, CVE-2018-20969, CVE-2018-1000156, CVE-2019-13638
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Euler has released security update for patch to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP8

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1022
    Patches
    EulerOS-SA-2020-1022
  • CVE-2019-5544
    Recently Published

    EulerOS Security Update for openslp (EulerOS-SA-2020-1038)

    Severity
    Critical4
    Qualys ID
    374160
    Date Published
    November 23, 2020
    Vendor Reference
    EulerOS-SA-2020-1038
    CVE Reference
    CVE-2019-5544
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for openslp to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP8

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1038
    Patches
    EulerOS-SA-2020-1038
  • CVE-2019-12523+
    Recently Published

    EulerOS Security Update for squid (EulerOS-SA-2020-1034)

    Severity
    Critical4
    Qualys ID
    374156
    Date Published
    November 23, 2020
    Vendor Reference
    EulerOS-SA-2020-1034
    CVE Reference
    CVE-2019-12523, CVE-2019-12526, CVE-2019-18676, CVE-2019-18677, CVE-2019-18678, CVE-2019-18679
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for squid to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP8

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1034
    Patches
    EulerOS-SA-2020-1034
  • CVE-2019-19646
    Recently Published

    EulerOS Security Update for sqlite (EulerOS-SA-2020-1033)

    Severity
    Critical4
    Qualys ID
    374155
    Date Published
    November 23, 2020
    Vendor Reference
    EulerOS-SA-2020-1033
    CVE Reference
    CVE-2019-19646
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for sqlite to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP8

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1033
    Patches
    EulerOS-SA-2020-1033
  • CVE-2018-20815
    Recently Published

    EulerOS Security Update for qemu (EulerOS-SA-2020-1029)

    Severity
    Critical4
    Qualys ID
    374151
    Date Published
    November 23, 2020
    Vendor Reference
    EulerOS-SA-2020-1029
    CVE Reference
    CVE-2018-20815
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for qemu to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP8

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1029
    Patches
    EulerOS-SA-2020-1029
  • CVE-2019-11470+
    Recently Published

    EulerOS Security Update for ImageMagick (EulerOS-SA-2020-1010)

    Severity
    Critical4
    Qualys ID
    374132
    Date Published
    November 23, 2020
    Vendor Reference
    EulerOS-SA-2020-1010
    CVE Reference
    CVE-2019-11470, CVE-2018-16328, CVE-2018-15607, CVE-2018-14551, CVE-2018-18544
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Euler has released security update for ImageMagick to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP8

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1010
    Patches
    EulerOS-SA-2020-1010
  • CVE-2019-11059+
    Recently Published

    SUSE Enterprise Linux Security Update for u-boot (SUSE-SU-2020:3283-1)

    Severity
    Critical4
    Qualys ID
    174345
    Date Published
    November 23, 2020
    Vendor Reference
    SUSE-SU-2020:3283-1
    CVE Reference
    CVE-2019-11059, CVE-2019-11690, CVE-2019-13103, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2020-8432
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released security update for u-boot to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Server for SAP 15

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3283-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3283-1
  • CVE-2019-11059+
    Recently Published

    SUSE Enterprise Linux Security Update for u-boot (SUSE-SU-2020:3282-1)

    Severity
    Critical4
    Qualys ID
    174344
    Date Published
    November 23, 2020
    Vendor Reference
    SUSE-SU-2020:3282-1
    CVE Reference
    CVE-2019-11059, CVE-2019-11690, CVE-2019-13103, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2020-8432
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released security update for u-boot to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Module for Basesystem 15-SP1

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3282-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3282-1
  • CVE-2019-11059+
    Recently Published

    SUSE Enterprise Linux Security Update for u-boot (SUSE-SU-2020:3255-1)

    Severity
    Critical4
    Qualys ID
    174331
    Date Published
    November 23, 2020
    Vendor Reference
    SUSE-SU-2020:3255-1
    CVE Reference
    CVE-2019-11059, CVE-2019-11690, CVE-2019-13103, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2020-8432
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released security update for u-boot to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Server 12-SP5

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3255-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3255-1
  • CVE-2020-10002+
    Recently Published

    Apple iTunes for Windows Prior to 12.11 Multiple Vulnerabilities (HT211933)

    Severity
    Critical4
    Qualys ID
    374163
    Date Published
    November 23, 2020
    Vendor Reference
    HT211933
    CVE Reference
    CVE-2020-10002, CVE-2020-27912, CVE-2020-27917, CVE-2020-27911, CVE-2020-27918, CVE-2020-27895
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    iTunes is a digital media player application for Mac OS and Windows developed by Apple.

    iTunes is affected with multiple vulnerabilities.

    CVE-2020-10002: A local user may be able to read arbitrary files
    CVE-2020-27912: Processing a maliciously crafted image may lead to arbitrary code execution
    CVE-2020-27917: Processing maliciously crafted web content may lead to code execution
    CVE-2020-27911: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
    CVE-2020-27918: Processing maliciously crafted web content may lead to arbitrary code execution
    CVE-2020-27895: A malicious application may be able to access local users Apple IDs

    Affected Versions:
    Apple iTunes prior to 12.11. for Windows 10 and later

    QID Detection Logic: (Authenticated)
    It checks for vulnerable versions of Apple iTunes.

    Consequence
    Successful exploitation could lead to arbitrary code execution.
    Solution
    Apple iTunes 12.11 has been released to address this issue. The update can be downloaded and installed via Apple Downloads.

    Refer to Apple Security Updates for more information on the vulnerabilities and patching your system: HT211933

    Patches
    HT211933
  • CVE-2020-26950
    Recently Published

    SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2020:3331-1)

    Severity
    Critical4
    Qualys ID
    174352
    Date Published
    November 23, 2020
    Vendor Reference
    SUSE-SU-2020:3331-1
    CVE Reference
    CVE-2020-26950
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    SUSE has released security update for mozillafirefox to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Software Development Kit 12-SP5
    SUSE Linux Enterprise Server for SAP 12-SP4
    SUSE Linux Enterprise Server for SAP 12-SP3
    SUSE Linux Enterprise Server for SAP 12-SP2
    SUSE Linux Enterprise Server 12-SP5

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3331-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3331-1
  • CVE-2020-14352
    Recently Published

    CentOS Security Update for librepo Security Update (CESA-2020:5012)

    Severity
    Critical4
    Qualys ID
    257033
    Date Published
    November 23, 2020
    Vendor Reference
    CESA-2020:5012 centos 7
    CVE Reference
    CVE-2020-14352
    CVSS Scores
    Base 8 / Temporal 7
    Description
    CentOS has released security update for librepo security update to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:5012
  • CVE-2020-0430+
    Recently Published

    SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2020:3281-1)

    Severity
    Critical4
    Qualys ID
    174342
    Date Published
    November 23, 2020
    Vendor Reference
    SUSE-SU-2020:3281-1
    CVE Reference
    CVE-2020-0430, CVE-2020-12351, CVE-2020-12352, CVE-2020-14351, CVE-2020-16120, CVE-2020-25212, CVE-2020-25285, CVE-2020-25645, CVE-2020-25656, CVE-2020-27673, CVE-2020-27675
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Server 12-SP5

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3281-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3281-1
  • CVE-2020-0429+
    Recently Published

    SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (SUSE-SU-2020:3219-1)

    Severity
    Critical4
    Qualys ID
    174330
    Date Published
    November 23, 2020
    Vendor Reference
    SUSE-SU-2020:3219-1
    CVE Reference
    CVE-2020-0429, CVE-2020-0431, CVE-2020-11668, CVE-2020-14381, CVE-2020-1749, CVE-2020-25212
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Server for SAP 12-SP3
    SUSE Linux Enterprise Server for SAP 12-SP2

    Consequence
    Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3219-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3219-1
  • CVE-2020-25692
    Recently Published

    SUSE Enterprise Linux Security Update for openldap2 (SUSE-SU-2020:3313-1)

    Severity
    Critical4
    Qualys ID
    174347
    Date Published
    November 23, 2020
    Vendor Reference
    SUSE-SU-2020:3313-1
    CVE Reference
    CVE-2020-25692
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released security update for openldap2 to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Server for SAP 15
    SUSE Linux Enterprise Module for Legacy Software 15-SP2
    SUSE Linux Enterprise Module for Legacy Software 15-SP1
    SUSE Linux Enterprise Module for Development Tools 15-SP2
    SUSE Linux Enterprise Module for Development Tools 15-SP1
    SUSE Linux Enterprise Module for Basesystem 15-SP2
    SUSE Linux Enterprise Module for Basesystem 15-SP1

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3313-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3313-1
  • CVE-2017-18926
    Recently Published

    SUSE Enterprise Linux Security Update for raptor (SUSE-SU-2020:3351-1)

    Severity
    Critical4
    Qualys ID
    174355
    Date Published
    November 23, 2020
    Vendor Reference
    SUSE-SU-2020:3351-1
    CVE Reference
    CVE-2017-18926
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    SUSE has released security update for raptor to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Software Development Kit 12-SP5
    SUSE Linux Enterprise Server for SAP 12-SP4
    SUSE Linux Enterprise Server for SAP 12-SP3
    SUSE Linux Enterprise Server for SAP 12-SP2
    SUSE Linux Enterprise Server 12-SP5

    Consequence
    Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3351-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3351-1
  • CVE-2020-25637
    Recently Published

    CentOS Security Update for libvirt Security Update (CESA-2020:5040)

    Severity
    Critical4
    Qualys ID
    257031
    Date Published
    November 23, 2020
    Vendor Reference
    CESA-2020:5040 centos 7
    CVE Reference
    CVE-2020-25637
    CVSS Scores
    Base 6.7 / Temporal 5.8
    Description
    CentOS has released security update for libvirt security update to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:5040
  • CVE-2020-14331+
    Recently Published

    CentOS Security Update for kernel Security Update (CESA-2020:5023)

    Severity
    Critical4
    Qualys ID
    257035
    Date Published
    November 23, 2020
    Vendor Reference
    CESA-2020:5023 centos 7
    CVE Reference
    CVE-2020-14331, CVE-2019-20811
    CVSS Scores
    Base 6.6 / Temporal 5.8
    Description
    CentOS has released security update for kernel security update to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:5023
  • CVE-2020-8695+
    Recently Published

    CentOS Security Update for microcode_ctl (CESA-2020:5083)

    Severity
    Critical4
    Qualys ID
    257036
    Date Published
    November 23, 2020
    Vendor Reference
    CESA-2020:5083 centos 7
    CVE Reference
    CVE-2020-8695, CVE-2020-8696, CVE-2020-8698
    CVSS Scores
    Base 5.5 / Temporal 4.7
    Description
    CentOS has released security update for microcode_ctl to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:5083
  • CVE-2020-14779+
    Recently Published

    SUSE Enterprise Linux Security Update for java-1_7_0-openjdk (SUSE-SU-2020:3310-1)

    Severity
    Critical4
    Qualys ID
    174349
    Date Published
    November 23, 2020
    Vendor Reference
    SUSE-SU-2020:3310-1
    CVE Reference
    CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798, CVE-2020-14803
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    SUSE has released security update for java-1_7_0-openjdk to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Server for SAP 12-SP4
    SUSE Linux Enterprise Server for SAP 12-SP3
    SUSE Linux Enterprise Server for SAP 12-SP2
    SUSE Linux Enterprise Server 12-SP5

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3310-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3310-1
  • CVE-2020-26950
    Recently Published

    CentOS Security Update for firefox Security Update (CESA-2020:5099)

    Severity
    Critical4
    Qualys ID
    257037
    Date Published
    November 23, 2020
    Vendor Reference
    CESA-2020:5099 centos 7
    CVE Reference
    CVE-2020-26950
    CVSS Scores
    Base 5 / Temporal 4.4
    Description
    CentOS has released security update for firefox security update to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:5099
  • CVE-2020-8177
    Recently Published

    CentOS Security Update for curl Security Update (CESA-2020:5002)

    Severity
    Critical4
    Qualys ID
    257030
    Date Published
    November 23, 2020
    Vendor Reference
    CESA-2020:5002 centos 7
    CVE Reference
    CVE-2020-8177
    CVSS Scores
    Base 5 / Temporal 4.4
    Description
    CentOS has released security update for curl security update to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:5002
  • CVE-2020-1935
    Recently Published

    CentOS Security Update for tomcat (CESA-2020:5020)

    Severity
    Critical4
    Qualys ID
    257028
    Date Published
    November 23, 2020
    Vendor Reference
    CESA-2020:5020 centos 7
    CVE Reference
    CVE-2020-1935
    CVSS Scores
    Base 4.8 / Temporal 4.2
    Description
    CentOS has released security update for tomcat to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:5020
  • CVE-2017-5226+
    Recently Published

    EulerOS Security Update for flatpak (EulerOS-SA-2020-1004)

    Severity
    Critical4
    Qualys ID
    374126
    Date Published
    November 23, 2020
    Vendor Reference
    EulerOS-SA-2020-1004
    CVE Reference
    CVE-2017-5226, CVE-2019-10063
    CVSS Scores
    Base 10 / Temporal 8.7
    Description
    Euler has released security update for flatpak to fix the vulnerabilities.

    Affected OS: EulerOS V2.0SP8

    Consequence
    An arbitrary attacker may exploit this vulnerability to compromise the system.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit EulerOS-SA-2020-1004
    Patches
    EulerOS-SA-2020-1004
  • CVE-2020-25692
    In Development

    SUSE Enterprise Linux Security Update for openldap2 (SUSE-SU-2020:3315-1)

    Severity
    Critical4
    Qualys ID
    174346
    Date Published
    November 19, 2020
    Vendor Reference
    SUSE-SU-2020:3315-1
    CVE Reference
    CVE-2020-25692
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released security update for openldap2 to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Server for SAP 12-SP5
    SUSE Linux Enterprise Server for SAP 12-SP4
    SUSE Linux Enterprise Server for SAP 12-SP3
    SUSE Linux Enterprise Server for SAP 12-SP2
    SUSE Linux Enterprise Module for Legacy Software 12

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:3315-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:3315-1
  • CVE-2019-19725
    Recently Published

    Gentoo Linux sysstat Arbitrary Code Execution Vulnerability (GLSA 202007-22)

    Severity
    Critical4
    Qualys ID
    374121
    Date Published
    November 25, 2020
    Vendor Reference
    GLSA 202007-22
    CVE Reference
    CVE-2019-19725
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Gentoo Linux is a Linux distribution

    A use-after-free in sysstat was discovered which may allow arbitrary code execution.

    Affected Package: app-admin/sysstat

    Affected version : Prior to 12.2.1

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability.For more information please visit 202007-22
    Patches
    202007-22
  • CVE-2020-10109+
    Recently Published

    Gentoo Linux Twisted Access Restriction Bypasses Vulnerability (GLSA 202007-24)

    Severity
    Critical4
    Qualys ID
    374119
    Date Published
    November 25, 2020
    Vendor Reference
    GLSA 202007-24
    CVE Reference
    CVE-2020-10109, CVE-2020-10108
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Gentoo Linux is a Linux distribution

    Multiple vulnerabilities have been found in Twisted, the worst of which could result in a Denial of Service condition.

    Affected Package:dev-python/twisted

    Affected version : Prior to 20.3.0

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability.For more information please visit 202007-24
    Patches
    202007-24
  • CVE-2020-15358+
    Recently Published

    Gentoo Linux SQLite Multiple Vulnerabilities (GLSA 202007-26)

    Severity
    Critical4
    Qualys ID
    374118
    Date Published
    November 25, 2020
    Vendor Reference
    GLSA 202007-26
    CVE Reference
    CVE-2020-15358, CVE-2019-20218, CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-13871
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Gentoo Linux is a Linux distribution

    Multiple vulnerabilities have been found in SQLite, the worst of which could result in the arbitrary execution of code.

    Affected Package: dev-db/sqlite

    Affected version : Prior to 3.32.3

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability.For more information please visit 202007-26
    Patches
    202007-26
  • CVE-2019-3464+
    Recently Published

    Gentoo Linux rssh Multiple Vulnerabilities (GLSA 202007-29)

    Severity
    Critical4
    Qualys ID
    374115
    Date Published
    November 25, 2020
    Vendor Reference
    GLSA 202007-29
    CVE Reference
    CVE-2019-3464, CVE-2019-1000018, CVE-2019-3463
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Gentoo Linux is a Linux distribution

    Multiple vulnerabilities have been found in rssh, the worst of which could result in the arbitrary execution of code.

    Affected Package: app-shells/rssh

    Affected version : Prior and equal to 2.3.4_p3

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability.For more information please visit 202007-29
    Patches
    202007-29
  • CVE-2020-8442+
    Recently Published

    Gentoo Linux OSSEC Multiple vulnerabilities (GLSA 202007-33)

    Severity
    Urgent5
    Qualys ID
    374111
    Date Published
    November 24, 2020
    Vendor Reference
    GLSA 202007-33
    CVE Reference
    CVE-2020-8442, CVE-2020-8443, CVE-2020-8444, CVE-2020-8445, CVE-2020-8446, CVE-2020-8447, CVE-2020-8448
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Gentoo Linux is a Linux distribution

    Multiple vulnerabilities have been found in OSSEC, the worst of which could result in the arbitrary execution of code.

    Affected Package:- net-analyzer/ossec-hids

    Affected version : Prior to 3.6.0

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability.For more information please visit 202007-33
    Patches
    202007-33
  • CVE-2020-26950
    Recently Published

    Red Hat Update for firefox (RHSA-2020:5099)

    Severity
    Urgent5
    Qualys ID
    238870
    Date Published
    November 19, 2020
    Vendor Reference
    RHSA-2020:5099
    CVE Reference
    CVE-2020-26950
    CVSS Scores
    Base / Temporal
    Description
    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.

    Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)

    Affected Products:

    Red Hat Enterprise Linux Server 7 x86_64
    Red Hat Enterprise Linux Workstation 7 x86_64
    Red Hat Enterprise Linux Desktop 7 x86_64
    Red Hat Enterprise Linux for IBM z Systems 7 s390x
    Red Hat Enterprise Linux for Power, big endian 7 ppc64
    Red Hat Enterprise Linux for Power, little endian 7 ppc64le

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:5099 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:5099
  • CVE-2020-26950
    Recently Published

    Red Hat Update for firefox (RHSA-2020:5100)

    Severity
    Urgent5
    Qualys ID
    238869
    Date Published
    November 19, 2020
    Vendor Reference
    RHSA-2020:5100
    CVE Reference
    CVE-2020-26950
    CVSS Scores
    Base / Temporal
    Description
    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.

    Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)

    Affected Products:

    Red Hat Enterprise Linux for x86_64 8 x86_64
    Red Hat Enterprise Linux for IBM z Systems 8 s390x
    Red Hat Enterprise Linux for Power, little endian 8 ppc64le
    Red Hat Enterprise Linux for ARM 64 8 aarch64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:5100 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:5100
  • CVE-2020-26950
    In Development

    Red Hat Update for firefox (RHSA-2020:5104)

    Severity
    Urgent5
    Qualys ID
    238867
    Vendor Reference
    RHSA-2020:5104
    CVE Reference
    CVE-2020-26950
    CVSS Scores
    Base / Temporal
    Description
    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.

    Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)

    Affected Products:

    Red Hat Enterprise Linux Server 6 x86_64
    Red Hat Enterprise Linux Server 6 i386
    Red Hat Enterprise Linux Workstation 6 x86_64
    Red Hat Enterprise Linux Workstation 6 i386
    Red Hat Enterprise Linux Desktop 6 x86_64
    Red Hat Enterprise Linux Desktop 6 i386
    Red Hat Enterprise Linux for IBM z Systems 6 s390x
    Red Hat Enterprise Linux for Power, big endian 6 ppc64
    Red Hat Enterprise Linux for Scientific Computing 6 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:5104 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:5104
  • CVE-2020-26950
    Recently Published

    Red Hat Update for firefox (RHSA-2020:5135)

    Severity
    Urgent5
    Qualys ID
    238863
    Date Published
    November 19, 2020
    Vendor Reference
    RHSA-2020:5135
    CVE Reference
    CVE-2020-26950
    CVSS Scores
    Base / Temporal
    Description
    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.

    Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)

    Affected Products:

    Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
    Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
    Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
    Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
    Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
    Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:5135 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:5135
  • CVE-2019-8720+
    In Development

    Oracle Enterprise Linux Security Update for GNOME (ELSA-2020-4451)

    Severity
    Urgent5
    Qualys ID
    158842
    Vendor Reference
    ELSA-2020-4451
    CVE Reference
    CVE-2019-8720, CVE-2019-8766, CVE-2019-8625, CVE-2019-8710, CVE-2019-8743, CVE-2019-8764, CVE-2019-8808, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8811, CVE-2019-8812, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3894, CVE-2020-3897, CVE-2020-3899, CVE-2020-3901, CVE-2020-3902, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-3862, CVE-2020-3867, CVE-2020-3868, CVE-2020-3895, CVE-2020-3900, CVE-2020-11793, CVE-2020-10018, CVE-2020-9806, CVE-2020-9807, CVE-2020-9850, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-14391, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9843, CVE-2020-9862, CVE-2020-9893, CVE-2020-9925, CVE-2020-15503
    CVSS Scores
    Base 9.8 / Temporal 7.8
    Description
    Oracle Enterprise Linux has released security update for GNOME to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 8

    Consequence
    This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-4451.
    Patches
    Oracle Linux ELSA-2020-4451
  • CVE-2019-2126+
    In Development

    Oracle Enterprise Linux Security Update for libvpx (ELSA-2020-4629)

    Severity
    Urgent5
    Qualys ID
    158866
    Vendor Reference
    ELSA-2020-4629
    CVE Reference
    CVE-2019-2126, CVE-2019-9371, CVE-2019-9232, CVE-2019-9433
    CVSS Scores
    Base 8.8 / Temporal 7
    Description
    Oracle Enterprise Linux has released security update for libvpx to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 8

    Consequence
    This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-4629.
    Patches
    Oracle Linux ELSA-2020-4629
  • CVE-2019-12420+
    In Development

    Oracle Enterprise Linux Security Update for spamassassin (ELSA-2020-4625)

    Severity
    Urgent5
    Qualys ID
    158863
    Vendor Reference
    ELSA-2020-4625
    CVE Reference
    CVE-2019-12420, CVE-2020-1930, CVE-2018-11805, CVE-2020-1931
    CVSS Scores
    Base 8.1 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released security update for spamassassin to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 8

    Consequence
    This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-4625.
    Patches
    Oracle Linux ELSA-2020-4625
  • CVE-2020-1730+
    In Development

    Oracle Enterprise Linux Security Update for libssh (ELSA-2020-4545)

    Severity
    Urgent5
    Qualys ID
    158858
    Vendor Reference
    ELSA-2020-4545
    CVE Reference
    CVE-2020-1730, CVE-2019-14889
    CVSS Scores
    Base 8 / Temporal 6.4
    Description
    Oracle Enterprise Linux has released security update for libssh to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 8

    Consequence
    This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-4545.
    Patches
    Oracle Linux ELSA-2020-4545
  • CVE-2016-7917+
    In Development

    Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2020-5912)

    Severity
    Urgent5
    Qualys ID
    158907
    Vendor Reference
    ELSA-2020-5912
    CVE Reference
    CVE-2016-7917, CVE-2019-19530, CVE-2020-25643, CVE-2016-7913, CVE-2020-26541, CVE-2020-25211
    CVSS Scores
    Base 7.8 / Temporal 6.3
    Description
    Oracle Enterprise Linux has released security update for Unbreakable Enterprise kernel to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 6
    Oracle Linux 7

    Consequence
    This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-5912.
    Patches
    Oracle Linux ELSA-2020-5912
  • CVE-2020-26950
    Recently Published

    Red Hat Update for firefox (RHSA-2020:5139)

    Severity
    Urgent5
    Qualys ID
    238862
    Date Published
    November 19, 2020
    Vendor Reference
    RHSA-2020:5139
    CVE Reference
    CVE-2020-26950
    CVSS Scores
    Base 0 / Temporal 0
    Description
    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR.

    Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)

    Affected Products:

    Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
    Red Hat Enterprise Linux Server - AUS 8.2 x86_64
    Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
    Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
    Red Hat Enterprise Linux Server - TUS 8.2 x86_64
    Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
    Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
    Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:5139 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:5139
  • CVE-2020-0452+
    Recently Published

    Gentoo Linux libexif Multiple Vulnerabilities (GLSA 202011-19)

    Severity
    Critical4
    Qualys ID
    374106
    Date Published
    November 19, 2020
    Vendor Reference
    GLSA 202011-19
    CVE Reference
    CVE-2020-0452, CVE-2020-0198, CVE-2020-0181
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Gentoo Linux is a Linux distribution

    Multiple vulnerabilities have been found in libexif, the worst of which could result in the arbitrary execution of code.

    Affected Package: media-libs/libexif

    Affected version : Prior to 0.6.22_p20201105

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability.For more information please visit 202011-19
    Patches
    202011-19
  • CVE-2019-11719+
    Recently Published

    CentOS Security Update for nss-util (CESA-2020:4076)

    Severity
    Critical4
    Qualys ID
    257021
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4076 centos 7
    CVE Reference
    CVE-2019-11719, CVE-2019-11756, CVE-2019-17006, CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2019-11727, CVE-2019-17023
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CentOS has released security update for nss-util to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 centos 7 centos 7 centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:4076, centos 7 CESA-2020:4076, centos 7 CESA-2020:4076, centos 7 CESA-2020:4076
  • CVE-2020-15683+
    Recently Published

    CentOS Security Update for thunderbird (CESA-2020:4909)

    Severity
    Critical4
    Qualys ID
    257016
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4909 centos 7
    CVE Reference
    CVE-2020-15683, CVE-2020-15969
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CentOS has released security update for thunderbird to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:4909
  • CVE-2020-15683+
    Recently Published

    CentOS Security Update for firefox (CESA-2020:4310)

    Severity
    Critical4
    Qualys ID
    257015
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4310 centos 7
    CVE Reference
    CVE-2020-15683, CVE-2020-15969
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CentOS has released security update for firefox to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:4310
  • CVE-2020-15683+
    Recently Published

    CentOS Security Update for thunderbird (CESA-2020:4947)

    Severity
    Critical4
    Qualys ID
    257014
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4947 centos 6
    CVE Reference
    CVE-2020-15683, CVE-2020-15969
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CentOS has released security update for thunderbird to fix the vulnerabilities.

    Affected Products:

    centos 6

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 6 for updates and patch information.
    Patches
    centos 6 CESA-2020:4947
  • CVE-2020-15683+
    Recently Published

    CentOS Security Update for firefox (CESA-2020:4330)

    Severity
    Critical4
    Qualys ID
    257013
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4330 centos 6
    CVE Reference
    CVE-2020-15683, CVE-2020-15969
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CentOS has released security update for firefox to fix the vulnerabilities.

    Affected Products:

    centos 6

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 6 for updates and patch information.
    Patches
    centos 6 CESA-2020:4330
  • CVE-2020-0452
    In Development

    Debian Security Update for libexif (DLA 2439-1)

    Severity
    Critical4
    Qualys ID
    178198
    Vendor Reference
    DLA 2439-1
    CVE Reference
    CVE-2020-0452
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Debian has released security update for libexif to fix the vulnerabilities.

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    Refer to Debian LTS Announce DLA 2439-1 to address this issue and obtain further details.
    Patches
    Debian DLA 2439-1
  • CVE-2020-15683+
    In Development

    Oracle Enterprise Linux Security Update for thunderbird (ELSA-2020-4947)

    Severity
    Critical4
    Qualys ID
    158896
    Vendor Reference
    ELSA-2020-4947
    CVE Reference
    CVE-2020-15683, CVE-2020-15969
    CVSS Scores
    Base 9.8 / Temporal 7.8
    Description
    Oracle Enterprise Linux has released security update for thunderbird to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 6

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-4947.
    Patches
    Oracle Linux ELSA-2020-4947
  • CVE-2020-15683+
    In Development

    Oracle Enterprise Linux Security Update for thunderbird (ELSA-2020-4913)

    Severity
    Critical4
    Qualys ID
    158894
    Vendor Reference
    ELSA-2020-4913
    CVE Reference
    CVE-2020-15683, CVE-2020-15969
    CVSS Scores
    Base 9.8 / Temporal 7.8
    Description
    Oracle Enterprise Linux has released security update for thunderbird to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 8

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-4913.
    Patches
    Oracle Linux ELSA-2020-4913
  • CVE-2020-15683+
    In Development

    Oracle Enterprise Linux Security Update for thunderbird (ELSA-2020-4909)

    Severity
    Critical4
    Qualys ID
    158892
    Vendor Reference
    ELSA-2020-4909
    CVE Reference
    CVE-2020-15683, CVE-2020-15969
    CVSS Scores
    Base 9.8 / Temporal 7.8
    Description
    Oracle Enterprise Linux has released security update for thunderbird to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 7

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-4909.
    Patches
    Oracle Linux ELSA-2020-4909
  • CVE-2018-14468+
    In Development

    Oracle Enterprise Linux Security Update for tcpdump (ELSA-2020-4760)

    Severity
    Critical4
    Qualys ID
    158882
    Vendor Reference
    ELSA-2020-4760
    CVE Reference
    CVE-2018-14468, CVE-2018-10105, CVE-2018-14461, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-10103, CVE-2018-14462, CVE-2018-14466, CVE-2018-14879, CVE-2018-16227, CVE-2018-14467, CVE-2018-14469, CVE-2018-14470, CVE-2018-14880, CVE-2018-14881, CVE-2018-14882, CVE-2018-16228, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452, CVE-2019-15166
    CVSS Scores
    Base 9.8 / Temporal 7.8
    Description
    Oracle Enterprise Linux has released security update for tcpdump to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 8

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-4760.
    Patches
    Oracle Linux ELSA-2020-4760
  • CVE-2019-6978+
    In Development

    Oracle Enterprise Linux Security Update for gd (ELSA-2020-4659)

    Severity
    Critical4
    Qualys ID
    158874
    Vendor Reference
    ELSA-2020-4659
    CVE Reference
    CVE-2019-6978, CVE-2018-14553, CVE-2019-6977
    CVSS Scores
    Base 9.8 / Temporal 7.8
    Description
    Oracle Enterprise Linux has released security update for gd to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 8

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-4659.
    Patches
    Oracle Linux ELSA-2020-4659
  • CVE-2019-19783+
    In Development

    Oracle Enterprise Linux Security Update for cyrus-imapd (ELSA-2020-4655)

    Severity
    Critical4
    Qualys ID
    158873
    Vendor Reference
    ELSA-2020-4655
    CVE Reference
    CVE-2019-19783, CVE-2019-18928
    CVSS Scores
    Base 9.8 / Temporal 7.8
    Description
    Oracle Enterprise Linux has released security update for cyrus-imapd to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 8

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-4655.
    Patches
    Oracle Linux ELSA-2020-4655
  • CVE-2019-11068+
    In Development

    Oracle Enterprise Linux Security Update for libxslt (ELSA-2020-4464)

    Severity
    Critical4
    Qualys ID
    158844
    Vendor Reference
    ELSA-2020-4464
    CVE Reference
    CVE-2019-11068, CVE-2019-18197
    CVSS Scores
    Base 9.8 / Temporal 7.8
    Description
    Oracle Enterprise Linux has released security update for libxslt to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 8

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-4464.
    Patches
    Oracle Linux ELSA-2020-4464
  • CVE-2019-18609
    In Development

    Oracle Enterprise Linux Security Update for librabbitmq (ELSA-2020-4445)

    Severity
    Critical4
    Qualys ID
    158841
    Vendor Reference
    ELSA-2020-4445
    CVE Reference
    CVE-2019-18609
    CVSS Scores
    Base 9.8 / Temporal 7.8
    Description
    Oracle Enterprise Linux has released security update for librabbitmq to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 8

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-4445.
    Patches
    Oracle Linux ELSA-2020-4445
  • CVE-2020-14352
    In Development

    Oracle Enterprise Linux Security Update for librepo (ELSA-2020-5012)

    Severity
    Critical4
    Qualys ID
    158902
    Vendor Reference
    ELSA-2020-5012
    CVE Reference
    CVE-2020-14352
    CVSS Scores
    Base 8 / Temporal 6.4
    Description
    Oracle Enterprise Linux has released security update for librepo to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 7

    Consequence
    This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-5012.
    Patches
    Oracle Linux ELSA-2020-5012
  • CVE-2020-25643+
    In Development

    Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2020-5913)

    Severity
    Critical4
    Qualys ID
    158908
    Vendor Reference
    ELSA-2020-5913
    CVE Reference
    CVE-2020-25643, CVE-2019-16089, CVE-2019-19377, CVE-2019-19448, CVE-2020-14390, CVE-2020-8694, CVE-2020-8695, CVE-2020-25211, CVE-2020-26541, CVE-2020-25645, CVE-2020-14356, CVE-2020-14385, CVE-2020-25641, CVE-2019-12380
    CVSS Scores
    Base 7.8 / Temporal 6.3
    Description
    Oracle Enterprise Linux has released security update for Unbreakable Enterprise kernel to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 7

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-5913.
    Patches
    Oracle Linux ELSA-2020-5913
  • CVE-2019-20637+
    In Development

    Oracle Enterprise Linux Security Update for varnish:6 (ELSA-2020-4756)

    Severity
    Critical4
    Qualys ID
    158915
    Vendor Reference
    ELSA-2020-4756
    CVE Reference
    CVE-2019-20637, CVE-2019-15892, CVE-2020-11653
    CVSS Scores
    Base 7.5 / Temporal 6
    Description
    Oracle Enterprise Linux has released security update for varnish:6 to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 8

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-4756.
    Patches
    Oracle Linux ELSA-2020-4756
  • CVE-2018-20843+
    In Development

    Oracle Enterprise Linux Security Update for expat (ELSA-2020-4484)

    Severity
    Critical4
    Qualys ID
    158851
    Vendor Reference
    ELSA-2020-4484
    CVE Reference
    CVE-2018-20843, CVE-2019-15903
    CVSS Scores
    Base 7.5 / Temporal 6
    Description
    Oracle Enterprise Linux has released security update for expat to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 8

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-4484.
    Patches
    Oracle Linux ELSA-2020-4484
  • CVE-2020-16017+
    Recently Published

    Gentoo Linux Chromium, Google Chrome Multiple vulnerabilities (GLSA 202011-16)

    Severity
    Critical4
    Qualys ID
    374103
    Date Published
    November 26, 2020
    Vendor Reference
    GLSA 202011-16
    CVE Reference
    CVE-2020-16017, CVE-2020-16013
    CVSS Scores
    Base 7.3 / Temporal 6.4
    Description
    Gentoo Linux is a Linux distribution

    Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.

    Affected Package:www-client/chromium

    Affected version : Prior to 86.0.4240.198 Affected Package:www-client/google-chrome

    Affected version : Prior to 86.0.4240.198

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability.For more information please visit 202011-16
    Patches
    202011-16
  • CVE-2020-0764+
    Recently Published

    Microsoft Azure Stack Hub Multiple Security Vulnerabilities - October 2020

    Severity
    Critical4
    Qualys ID
    91699
    Date Published
    November 26, 2020
    CVE Reference
    CVE-2020-0764, CVE-2020-1047, CVE-2020-1080, CVE-2020-1167, CVE-2020-1243, CVE-2020-16876, CVE-2020-16885, CVE-2020-16887, CVE-2020-16889, CVE-2020-16890, CVE-2020-16891, CVE-2020-16892, CVE-2020-16895, CVE-2020-16896, CVE-2020-16897, CVE-2020-16898, CVE-2020-16899, CVE-2020-16900, CVE-2020-16902, CVE-2020-16905, CVE-2020-16907, CVE-2020-16909, CVE-2020-16910, CVE-2020-16911, CVE-2020-16912, CVE-2020-16913, CVE-2020-16914, CVE-2020-16915, CVE-2020-16916, CVE-2020-16919, CVE-2020-16920, CVE-2020-16921, CVE-2020-16922, CVE-2020-16923, CVE-2020-16924, CVE-2020-16927, CVE-2020-16935, CVE-2020-16936, CVE-2020-16939, CVE-2020-16940, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976, CVE-2020-16980
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Microsoft releases the security update for Azure Stack Hub.
    Consequence
    Successful exploitation of these vulnerabilities might allow an attacker to execute arbitrary code.
    Solution
    Customers are encouraged to connect with Microsoft for obtaining more information about patches and upcoming releases.
    Patches
    Azure Stack Hub
  • CVE-2020-9983+
    Recently Published

    Apple iTunes for Windows Prior to 12.10.9 Multiple Vulnerabilities (HT211952)

    Severity
    Critical4
    Qualys ID
    374108
    Date Published
    November 23, 2020
    Vendor Reference
    HT211952
    CVE Reference
    CVE-2020-9983, CVE-2020-9951, CVE-2020-9947, CVE-2020-9849, CVE-2020-13631, CVE-2020-13630, CVE-2020-13434, CVE-2020-13435, CVE-2020-9981, CVE-2020-9876, CVE-2020-9961, CVE-2020-9999
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    iTunes is a digital media player application for Mac OS and Windows developed by Apple.

    iTunes is affected with multiple vulnerabilities.

    CVE-2020-9983: Processing maliciously crafted web content may lead to code execution CVE-2020-9951: Processing maliciously crafted web content may lead to arbitrary code execution CVE-2020-9947: Processing maliciously crafted web content may lead to arbitrary code execution CVE-2020-9849: A remote attacker may be able to leak memory CVE-2020-13631: A maliciously crafted SQL query may lead to data corruption CVE-2020-13630: A remote attacker may be able to cause arbitrary code execution CVE-2020-13434: A remote attacker may be able to cause a denial of service CVE-2020-13435: A remote attacker may be able to cause a denial of service CVE-2020-9981: Processing a maliciously crafted file may lead to arbitrary code execution CVE-2020-9876: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution CVE-2020-9961: Processing a maliciously crafted image may lead to arbitrary code execution CVE-2020-9999: Processing a maliciously crafted text file may lead to arbitrary code execution Affected Version:
    Apple iTunes prior to 12.10.9 for Windows 7 and later

    QID Detection Logic: (Authenticated)
    It checks for vulnerable versions of Apple iTunes.

    Consequence
    Successful exploitation could lead to arbitrary code execution.
    Solution
    Apple iTunes 12.10.9 has been released to address this issue. The update can be downloaded and installed via Apple Downloads.

    Refer to Apple Security Updates for more information on the vulnerabilities and patching your system: HT211952

    Patches
    HT211952
  • CVE-2020-27130+
    Recently Published

    Cisco Security Manager Path Traversal Vulnerability(cisco-sa-csm-path-trav-NgeRnqgR),( cisco-sa-csm-rce-8gjUz9fW)

    Severity
    Critical4
    Qualys ID
    316820
    Date Published
    November 23, 2020
    Vendor Reference
    cisco-sa-csm-path-trav-NgeRnqgR, cisco-sa-csm-rce-8gjUz9fW
    CVE Reference
    CVE-2020-27130, CVE-2020-27125
    CVSS Scores
    Base / Temporal
    Description

    A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information.

    Affected Products:

    Cisco Security Manager releases prior to 4.22.

    Consequence
    A successful exploit could allow the attacker to download arbitrary files from the affected device.
    Solution

    Customers are advised to refer to cisco-sa-csm-path-trav-NgeRnqgR for more information.

    Patches
    cisco-sa-csm-path-trav-NgeRnqgR, cisco-sa-csm-rce-8gjUz9fW
  • CVE-2020-15180
    Recently Published

    Gentoo Linux MariaDB Remote Code Execution Vulnerability (GLSA 202011-14)

    Severity
    Critical4
    Qualys ID
    374092
    Date Published
    November 23, 2020
    Vendor Reference
    GLSA 202011-14
    CVE Reference
    CVE-2020-15180
    CVSS Scores
    Base 7.3 / Temporal 6.4
    Description
    Gentoo Linux is a Linux distribution

    A vulnerability has been discovered in MariaDB which could result in the arbitrary execution of code.

    Affected Package:dev-db/mariadb

    Affected version : Prior to 10.5.6

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability.For more information please visit 202011-14
    Patches
    202011-14
  • CVE-2019-12528+
    Recently Published

    Amazon Linux Security Advisory for squid: ALAS-2020-1453

    Severity
    Critical4
    Qualys ID
    352157
    Date Published
    November 19, 2020
    Vendor Reference
    ALAS-2020-1453
    CVE Reference
    CVE-2019-12528, CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606, CVE-2020-8449, CVE-2020-8450
    CVSS Scores
    Base 8.8 / Temporal 7
    Description
    <DIV> Issue Overview:

    An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes. (CVE-2019-12528 )

    An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value. (CVE-2020-15049 )

    A flaw was found in squid. Due to incorrect data validation, a HTTP Request Smuggling attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity. (CVE-2020-15810 )

    A flaw was found in squid. Due to incorrect data validation, an HTTP Request Splitting attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity. (CVE-2020-15811 )

    Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. (CVE-2020-24606 )

    An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. (CVE-2020-8449 )

    An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. (CVE-2020-8450 )

    </DIV>
    Consequence
    Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
    Solution
    Please refer to Amazon advisory ALAS-2020-1453 for affected packages and patching details, or update with your package manager.
    Patches
    Amazon Linux squid (3.5.20-17.41.amzn1) on i686 ALAS-2020-1453, Amazon Linux squid (3.5.20-17.41.amzn1) on src ALAS-2020-1453, Amazon Linux squid (3.5.20-17.41.amzn1) on x86_64 ALAS-2020-1453
  • CVE-2018-15746+
    Recently Published

    Amazon Linux Security Advisory for qemu-kvm: ALAS-2020-1449

    Severity
    Critical4
    Qualys ID
    352155
    Date Published
    November 19, 2020
    Vendor Reference
    ALAS-2020-1449
    CVE Reference
    CVE-2018-15746, CVE-2019-14378, CVE-2020-14364, CVE-2020-1983
    CVSS Scores
    Base 8.8 / Temporal 7.3
    Description
    <DIV> Issue Overview:

    qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. (CVE-2018-15746 )

    A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the ip_reass() routine while reassembling incoming packets if the first fragment is bigger than the m->m_dat[] buffer. An attacker could use this flaw to crash the QEMU process on the host, resulting in a Denial of Service or potentially executing arbitrary code with privileges of the QEMU process. (CVE-2019-14378 )

    An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. (CVE-2020-14364 )

    A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ip_reass() routine while reassembling incoming IP fragments whose combined size is bigger than 65k. This flaw allows an attacker to crash the QEMU process on the host, resulting in a denial of service. (CVE-2020-1983 )

    </DIV>
    Consequence
    Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
    Solution
    Please refer to Amazon advisory ALAS-2020-1449 for affected packages and patching details, or update with your package manager.
    Patches
    Amazon Linux qemu-kvm (1.5.3-156.24.amzn1) on src ALAS-2020-1449, Amazon Linux qemu-kvm (1.5.3-156.24.amzn1) on x86_64 ALAS-2020-1449
  • CVE-2020-15810+
    Recently Published

    CentOS Security Update for squid (CESA-2020:4082)

    Severity
    Critical4
    Qualys ID
    257024
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4082 centos 7
    CVE Reference
    CVE-2020-15810, CVE-2020-15811, CVE-2019-12528, CVE-2020-8449, CVE-2020-8450, CVE-2020-15049, CVE-2020-24606
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CentOS has released security update for squid to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:4082
  • CVE-2020-0423+
    Recently Published

    Amazon Linux Security Advisory for kernel: ALAS-2020-1446

    Severity
    Critical4
    Qualys ID
    352162
    Date Published
    November 19, 2020
    Vendor Reference
    ALAS-2020-1446
    CVE Reference
    CVE-2020-0423, CVE-2020-12351, CVE-2020-12352, CVE-2020-14386, CVE-2020-24490, CVE-2020-25211
    CVSS Scores
    Base 7.8 / Temporal 6.3
    Description
    <DIV> Issue Overview:

    In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2020-0423 )

    A flaw was found in the way the Linux kernel's Bluetooth implementation handled L2CAP (Logical Link Control and Adaptation Protocol) packets with A2MP (Alternate MAC-PHY Manager Protocol) CID (Channel Identifier). This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-12351 )

    An information leak flaw was found in the way Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP (Alternate MAC-PHY Manager Protocol) packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-12352 )

    A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14386 )

    A heap buffer overflow flaw was found in the way the Linux kernel's Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-24490 )

    A flaw was found in the Linux kernel. A local attacker, able to inject conntrack netlink configuration, could overflow a local buffer causing crashes or triggering the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25211 )

    </DIV>
    Consequence
    Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
    Solution
    Please refer to Amazon advisory ALAS-2020-1446 for affected packages and patching details, or update with your package manager.
    Patches
    Amazon Linux kernel (4.14.203-116.332.amzn1) on i686 ALAS-2020-1446, Amazon Linux kernel (4.14.203-116.332.amzn1) on src ALAS-2020-1446, Amazon Linux kernel (4.14.203-116.332.amzn1) on x86_64 ALAS-2020-1446
  • CVE-2020-14345+
    Recently Published

    CentOS Security Update for xorg-x11-server (CESA-2020:4910)

    Severity
    Critical4
    Qualys ID
    257025
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4910 centos 7
    CVE Reference
    CVE-2020-14345, CVE-2020-14346, CVE-2020-14361, CVE-2020-14362
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CentOS has released security update for xorg-x11-server to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:4910
  • CVE-2020-14363
    Recently Published

    CentOS Security Update for libX11 (CESA-2020:4908)

    Severity
    Critical4
    Qualys ID
    257020
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4908 centos 7
    CVE Reference
    CVE-2020-14363
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CentOS has released security update for libx11 to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:4908
  • CVE-2020-14363
    Recently Published

    CentOS Security Update for libX11 (CESA-2020:4946)

    Severity
    Critical4
    Qualys ID
    257012
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4946 centos 6
    CVE Reference
    CVE-2020-14363
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CentOS has released security update for libx11 security update to fix the vulnerabilities.

    Affected Products:

    centos 6

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 6 for updates and patch information.
    Patches
    centos 6 CESA-2020:4946
  • CVE-2020-14345+
    Recently Published

    CentOS Security Update for xorg-x11-server (CESA-2020:4953)

    Severity
    Critical4
    Qualys ID
    257010
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4953 centos 6
    CVE Reference
    CVE-2020-14345, CVE-2020-14346, CVE-2020-14361, CVE-2020-14362
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CentOS has released security update for xorg-x11-server to fix the vulnerabilities.

    Affected Products:

    centos 6

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 6 for updates and patch information.
    Patches
    centos 6 CESA-2020:4953
  • CVE-2019-11487
    Recently Published

    CentOS Security Update for kernel (CESA-2020:4182)

    Severity
    Critical4
    Qualys ID
    257009
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4182 centos 6
    CVE Reference
    CVE-2019-11487
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CentOS has released security update for kernel security update to fix the vulnerabilities.

    Affected Products:

    centos 6

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 6 for updates and patch information.
    Patches
    centos 6 CESA-2020:4182
  • CVE-2020-15862
    Recently Published

    Red Hat Update for net-snmp (RHSA-2020:5129)

    Severity
    Critical4
    Qualys ID
    238864
    Date Published
    November 19, 2020
    Vendor Reference
    RHSA-2020:5129
    CVE Reference
    CVE-2020-15862
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.

    Security Fix(es): net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution (CVE-2020-15862)

    Affected Products:

    Red Hat Enterprise Linux Server 6 x86_64
    Red Hat Enterprise Linux Server 6 i386
    Red Hat Enterprise Linux Workstation 6 x86_64
    Red Hat Enterprise Linux Workstation 6 i386
    Red Hat Enterprise Linux Desktop 6 x86_64
    Red Hat Enterprise Linux Desktop 6 i386
    Red Hat Enterprise Linux for IBM z Systems 6 s390x
    Red Hat Enterprise Linux for Power, big endian 6 ppc64
    Red Hat Enterprise Linux for Scientific Computing 6 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:5129 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:5129
  • CVE-2020-12825
    Recently Published

    CentOS Security Update for libcroco (CESA-2020:4072)

    Severity
    Critical4
    Qualys ID
    257019
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4072 centos 7
    CVE Reference
    CVE-2020-12825
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    CentOS has released security update for libcroco to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:4072
  • CVE-2020-14355
    Recently Published

    CentOS Security Update for spice-gtk (CESA-2020:4187)

    Severity
    Critical4
    Qualys ID
    257023
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4187 centos 7
    CVE Reference
    CVE-2020-14355
    CVSS Scores
    Base 6.6 / Temporal 5.8
    Description
    CentOS has released security update for spice-gtk to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:4187, centos 7 CESA-2020:4187
  • CVE-2020-15999
    Recently Published

    CentOS Security Update for freetype (CESA-2020:4907)

    Severity
    Critical4
    Qualys ID
    257027
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4907 centos 7
    CVE Reference
    CVE-2020-15999
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    CentOS has released security update for freetype to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to cause denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:4907
  • CVE-2020-8622
    Recently Published

    CentOS Security Update for bind (CESA-2020:4183)

    Severity
    Critical4
    Qualys ID
    257026
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4183 centos 6
    CVE Reference
    CVE-2020-8622
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    CentOS has released security update for bind security update to fix the vulnerabilities.

    Affected Products:

    centos 6

    Consequence
    This vulnerability could be exploited to cause denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 6 for updates and patch information.
    Patches
    centos 6 CESA-2020:4183
  • CVE-2020-14364+
    Recently Published

    CentOS Security Update for qemu-kvm (CESA-2020:4079)

    Severity
    Critical4
    Qualys ID
    257022
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4079 centos 7
    CVE Reference
    CVE-2020-14364, CVE-2020-1983
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    CentOS has released security update for qemu-kvm to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:4079
  • CVE-2020-14781+
    Recently Published

    CentOS Security Update for java-1.8.0-openjdk (CESA-2020:4350)

    Severity
    Critical4
    Qualys ID
    257018
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4350 centos 7
    CVE Reference
    CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14797, CVE-2020-14803, CVE-2020-14779, CVE-2020-14796
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    CentOS has released security update for java-1.8.0-openjdk to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:4350
  • CVE-2020-14781+
    Recently Published

    CentOS Security Update for java-11-openjdk (CESA-2020:4307)

    Severity
    Critical4
    Qualys ID
    257017
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4307 centos 7
    CVE Reference
    CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14797, CVE-2020-14803, CVE-2020-14779, CVE-2020-14796
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    CentOS has released security update for java-11-openjdk to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:4307
  • CVE-2020-14781+
    Recently Published

    CentOS Security Update for java-1.8.0-openjdk (CESA-2020:4348)

    Severity
    Critical4
    Qualys ID
    257008
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4348 centos 6
    CVE Reference
    CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14797, CVE-2020-14803, CVE-2020-14779, CVE-2020-14796
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    CentOS has released security update for java-1.8.0-openjdk to fix the vulnerabilities.

    Affected Products:

    centos 6

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 6 for updates and patch information.
    Patches
    centos 6 CESA-2020:4348
  • CVE-2020-14364
    Recently Published

    CentOS Security Update for qemu-kvm (CESA-2020:4056)

    Severity
    Critical4
    Qualys ID
    257011
    Date Published
    November 19, 2020
    Vendor Reference
    CESA-2020:4056 centos 6
    CVE Reference
    CVE-2020-14364
    CVSS Scores
    Base 5 / Temporal 4.4
    Description
    CentOS has released security update for qemu-kvm to fix the vulnerabilities.

    Affected Products:

    centos 6

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 6 for updates and patch information.
    Patches
    centos 6 CESA-2020:4056
  • CVE-2020-16016
    Recently Published

    Microsoft Edge Based On Chromium Prior to 86.0.622.68 Multiple Vulnerabilities (ADV200002)

    Severity
    Critical4
    Qualys ID
    374096
    Date Published
    November 19, 2020
    Vendor Reference
    ADV200002
    CVE Reference
    CVE-2020-16016
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Microsoft Edge based on Chromium is affected by the following vulnerabilities:

    Affected Version:
    Microsoft Edge based on Chromium Prior to version 86.0.622.68

    QID Detection Logic: (authenticated)
    Operating System: Windows
    The install path is checked via registry "HKLM\SOFTWARE\Clients\StartMenuInternet\Microsoft Edge\shell\open\command". The version is checked via file msedge.exe.

    QID Detection Logic: (authenticated)
    Operating System: MacOS
    The QID checks for vulnerable version of Microsoft Edge from installed application list.

    Consequence
    Successful exploitation of this vulnerability affects confidentiality, integrity and availability.

    Solution
    Customers are advised to upgrade to version 86.0.622.68 or later
    For further details refer to ADV200002
    Patches
    ADV200002
  • CVE-2020-16013+
    Recently Published

    Microsoft Edge Based On Chromium Prior to 86.0.622.69 Multiple Vulnerabilities (ADV200002)

    Severity
    Critical4
    Qualys ID
    374095
    Date Published
    November 19, 2020
    Vendor Reference
    ADV200002
    CVE Reference
    CVE-2020-16013, CVE-2020-16017
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Microsoft Edge based on Chromium is affected by the following vulnerabilities:

    Affected Version:
    Microsoft Edge based on Chromium Prior to version 86.0.622.69

    QID Detection Logic: (authenticated)
    Operating System: Windows
    The install path is checked via registry "HKLM\SOFTWARE\Clients\StartMenuInternet\Microsoft Edge\shell\open\command". The version is checked via file msedge.exe.

    QID Detection Logic: (authenticated)
    Operating System: MacOS
    The QID checks for vulnerable version of Microsoft Edge from installed application list.

    Consequence
    Successful exploitation of this vulnerability affects confidentiality, integrity and availability.

    Solution
    Customers are advised to upgrade to version 86.0.622.69 or later
    For further details refer to ADV200002
    Patches
    ADV200002
  • CVE-2020-25592+
    Recently Published

    Gentoo Linux Salt Multiple vulnerabilities (GLSA 202011-13)

    Severity
    Critical4
    Qualys ID
    374091
    Date Published
    November 19, 2020
    Vendor Reference
    GLSA 202011-13
    CVE Reference
    CVE-2020-25592, CVE-2020-17490, CVE-2020-16846
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Gentoo Linux is a Linux distribution

    Multiple vulnerabilities have been found in Salt, the worst of which could result in the arbitrary execution of code.

    Affected Package: app-admin/salt

    Affected version : Prior to 3000.5

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability.For more information please visit 202011-13
    Patches
    202011-13
  • CVE-2020-12460
    Recently Published

    Gentoo Linux OpenDMARC Heap-based Buffer Overflow Vulnerability (GLSA 202011-02)

    Severity
    Critical4
    Qualys ID
    374080
    Date Published
    November 19, 2020
    Vendor Reference
    GLSA 202011-02
    CVE Reference
    CVE-2020-12460
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Gentoo Linux is a Linux distribution

    A heap-based buffer overflow in OpenDMARC might allow remote attackers to execute arbitrary code.

    Affected Package:mail-filter/opendm

    Affected version : Prior to 1.3.3

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability.For more information please visit 202011-02
    Patches
    202011-02
  • CVE-2020-15969+
    Recently Published

    Gentoo Linux Mozilla Firefox, Mozilla Thunderbird Multiple vulnerabilities (GLSA 202010-08)

    Severity
    Critical4
    Qualys ID
    374078
    Date Published
    November 19, 2020
    Vendor Reference
    GLSA 202010-08
    CVE Reference
    CVE-2020-15969, CVE-2020-15683
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Gentoo Linux is a Linux distribution

    Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

    Affected Package: www-client/firefox

    Affected version : Prior to 82.0 Affected Package: www-client/firefox-bin

    Affected version : Prior to 82.0 Affected Package: mail-client/thunderbird

    Affected version : Prior to 78.4.0 Affected Package: mail-client/thunderbird-bin

    Affected version : Prior to 78.4.0

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability.For more information please visit 202010-08
    Patches
    202010-08
  • CVE-2020-15999+
    Recently Published

    Gentoo Linux Chromium, Google Chrome Multiple vulnerabilities (GLSA 202011-12)

    Severity
    Critical4
    Qualys ID
    374090
    Date Published
    November 19, 2020
    Vendor Reference
    GLSA 202011-12
    CVE Reference
    CVE-2020-15999, CVE-2020-16004, CVE-2020-16005, CVE-2020-16006, CVE-2020-16008, CVE-2020-16009, CVE-2020-16016
    CVSS Scores
    Base 8.8 / Temporal 7.6
    Description
    Gentoo Linux is a Linux distribution

    Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.

    Affected Package:www-client/chromium

    Affected version : Prior to 86.0.4240.193

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability.For more information please visit 202011-12
    Patches
    202011-12
  • CVE-2020-27153
    Recently Published

    Gentoo Linux BlueZ Arbitrary code execution (GLSA 202011-01)

    Severity
    Critical4
    Qualys ID
    374079
    Date Published
    November 19, 2020
    Vendor Reference
    GLSA 202011-01
    CVE Reference
    CVE-2020-27153
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Gentoo Linux is a Linux distribution

    A vulnerability in BlueZ might allow remote attackers to execute arbitrary code.

    Affected Package:-wireless/bluez

    Affected version : Prior to 5.55

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability.For more information please visit 202011-01
    Patches
    202011-01
  • CVE-2020-27187
    Recently Published

    Gentoo Linux KPMCore Root Privilege Escalation Vulnerability (GLSA 202011-03)

    Severity
    Critical4
    Qualys ID
    374081
    Date Published
    November 19, 2020
    Vendor Reference
    GLSA 202011-03
    CVE Reference
    CVE-2020-27187
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Gentoo Linux is a Linux distribution

    A vulnerability in kpmcore could result in privilege escalation.

    Affected Package:ys-libs/kpm

    Affected version : Prior to 4.2.0

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability.For more information please visit 202011-03
    Patches
    202011-03
  • CVE-2020-8227+
    Recently Published

    Gentoo Linux Nextcloud Desktop Sync client Multiple Vulnerabilities (GLSA 202009-09)

    Severity
    Critical4
    Qualys ID
    374062
    Date Published
    November 19, 2020
    Vendor Reference
    GLSA 202009-09
    CVE Reference
    CVE-2020-8227, CVE-2020-8224, CVE-2020-8189
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Gentoo Linux is a Linux distribution

    Multiple vulnerabilities have been found in Nextcloud Desktop Sync client, the worst of which may allow execution of arbitrary code.

    Affected Package:-net-misc/nextcloud-client-

    Affected version : Prior to 2.6.5

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability.For more information please visit 202009-09
    Patches
    202009-09
  • CVE-2020-26950
    Recently Published

    Gentoo Linux Mozilla Firefox Remote Code Execution Vulnerability (GLSA 202011-07)

    Severity
    Critical4
    Qualys ID
    374085
    Date Published
    November 19, 2020
    Vendor Reference
    GLSA 202011-07
    CVE Reference
    CVE-2020-26950
    CVSS Scores
    Base 7.3 / Temporal 6.4
    Description
    Gentoo Linux is a Linux distribution

    A use-after-free in Mozilla Firefox might allow remote attacker(s) to execute arbitrary code.

    Affected Package: www-client/firefox

    Affected version : Prior to 82.0.3 Affected Package: www-client/firefox-bin

    Affected version : Prior to 78.4.1

    Consequence
    This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability.For more information please visit 202011-07
    Patches
    202011-07