Vulnerability Detection Pipeline (Beta)

Upcoming and New High-Severity QIDs

Browse, filter by detection status, or search by CVE to get visibility into upcoming and new detections (QIDs) for severity 4 or 5 vulnerabilities.

This is a public beta. We welcome your feedback.

Detection Status

  • Under investigation: We are researching a detection and will publish one if it is feasible.
  • In development: We are coding a detection and will typically publish it within a few days.
  • Recently published: We have published the detection on the date indicated, and it will typically be available in the KnowledgeBase on shared platforms within a day.

Non-Qualys customers can audit their network for all published vulnerabilities by signing up for a Qualys Free Trial or Qualys Community Edition.

100 results
CVE
Title
Severity
  • In Development

    EOL/Obsolete Operating System: IBM AIX 7.2 TL 0, IBM AIX 7.2 TL 1 Detected

    Severity
    Urgent5
    Qualys ID
    105933
    Vendor Reference
    IBM AIX 7.2.0, 7.2.1 End of Support
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    IBM Ended support for AIX 7.2 TL1 30 November 2019
    IBM Ended support for AIX 7.2 TL0 31 December 2018
    QID Detection Logic (authenticated):
    The QID checks for the version of IBM AIX with the help of the "uname" command.

    Consequence
    The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks.

    Solution
    Update to the latest version of IBM AIX. Refer to AIX 7.2 Overview.

    Patches
    AIX 7.2.4
  • CVE-2020-15675+
    In Development

    Mozilla Firefox Multiple Vulnerabilities(MFSA2020-42)

    Severity
    Critical4
    Qualys ID
    373490
    Vendor Reference
    MFSA2020-42
    CVE Reference
    CVE-2020-15675, CVE-2020-15677, CVE-2020-15676, CVE-2020-15678, CVE-2020-15673, CVE-2020-15674
    CVSS Scores
    Base 7.3 / Temporal 6.4
    Description
    Mozilla Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android.

    Firefox is found to be vulnerable to the following:
    CVE-2020-15675: Use-After-Free in WebGL.
    CVE-2020-15677: Download origin spoofing via redirect.
    CVE-2020-15676: XSS when pasting attacker-controlled data into a contenteditable element.
    CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario.
    CVE-2020-15673: Memory safety bugs fixed in Firefox 81.
    CVE-2020-15674: Memory safety bugs fixed in Firefox 81.

    Affected Versions:
    versions prior to Firefox 81
    QID Detection Logic (Authenticated)
    This QID checks for vulnerable versions of Firefox browser.

    Consequence
    On successful exploitation attacker could compromise confidentiality, integrity and availability of the software.

    Solution
    Vendor has released fix to address these vulnerabilities. Refer to MFSA2020-42
    Patches
    MFSA2020-42
  • CVE-2020-15903
    In Development

    Nagios XI Privilege Escalation Vulnerability

    Severity
    Critical4
    Qualys ID
    373487
    Vendor Reference
    Nagios XI
    CVE Reference
    CVE-2020-15903
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Nagios Core is a free and open source computer-software application that monitors systems, networks and infrastructure. Nagios offers monitoring and alerting services for servers, switches, applications and services.

    An issue was found in Nagios XI ,there is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user.

    Affected versions:
    Versions prior to 5.7.3

    QID Detection Logic:(Authenticated)
    It to check for vulnerable version of Nagios Core from version file.

    Consequence
    Successful exploitation of this vulnerability may allow an authenticated attacker to gain privileges of victim system.
    Solution
    The vendor has released the patch.This issue was fixed in version 5.7.3. Please visit here for more information.
    Patches
    Nagios XI 5.7.3
  • CVE-2019-19920
    Recently Published

    Ubuntu Security Notification for Sa-exim Vulnerability (USN-4520-1)

    Severity
    Critical4
    Qualys ID
    198039
    Date Published
    September 24, 2020
    Vendor Reference
    USN-4520-1
    CVE Reference
    CVE-2019-19920
    CVSS Scores
    Base 8.8 / Temporal 7
    Description

    It was discovered that Exim SpamAssassin does not properly handle configuration strings.

    Consequence

    An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-19920)

    Solution
    Refer to Ubuntu advisory USN-4520-1 for affected packages and patching details, or update with your package manager.
    Patches
    16.04 (Xenial) on src sa-exim USN-4520-1
  • CVE-2019-10164+
    Recently Published

    Oracle Enterprise Linux Security Update for postgresql:10 (ELSA-2020-3669)

    Severity
    Urgent5
    Qualys ID
    158733
    Date Published
    September 24, 2020
    Vendor Reference
    ELSA-2020-3669
    CVE Reference
    CVE-2019-10164, CVE-2019-10208, CVE-2020-14350, CVE-2019-10130, CVE-2020-14349, CVE-2020-1720
    CVSS Scores
    Base 8.8 / Temporal 7
    Description
    Oracle Enterprise Linux has released security update for postgresql:10 to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 8

    Consequence
    This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-3669.
    Patches
    Oracle Linux ELSA-2020-3669
  • CVE-2019-11040+
    Recently Published

    Oracle Enterprise Linux Security Update for php:7.3 (ELSA-2020-3662)

    Severity
    Critical4
    Qualys ID
    158732
    Date Published
    September 24, 2020
    Vendor Reference
    ELSA-2020-3662
    CVE Reference
    CVE-2019-11040, CVE-2019-11041, CVE-2019-11045, CVE-2019-11047, CVE-2019-11048, CVE-2019-19246, CVE-2020-7060, CVE-2019-11042, CVE-2019-19203, CVE-2019-19204, CVE-2019-20454, CVE-2020-7066, CVE-2020-7062, CVE-2019-13225, CVE-2019-16163, CVE-2019-11039, CVE-2020-7065, CVE-2020-7063, CVE-2019-11050, CVE-2019-13224, CVE-2020-7059, CVE-2020-7064
    CVSS Scores
    Base 9.8 / Temporal 7.8
    Description
    Oracle Enterprise Linux has released security update for php:7.3 to fix the vulnerabilities.

    Affected Product:
    Oracle Linux 8

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2020-3662.
    Patches
    Oracle Linux ELSA-2020-3662
  • CVE-2014-9488
    Recently Published

    SUSE Enterprise Linux Security Update for less (SUSE-SU-2020:2687-1)

    Severity
    Urgent5
    Qualys ID
    174060
    Date Published
    September 23, 2020
    Vendor Reference
    SUSE-SU-2020:2687-1
    CVE Reference
    CVE-2014-9488
    CVSS Scores
    Base / Temporal
    Description
    SUSE has released security update for less to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Server 12-SP5

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:2687-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:2687-1
  • CVE-2020-15960+
    Recently Published

    Google Chrome Prior To 85.0.4183.121 Multiple Vulnerabilities

    Severity
    Critical4
    Qualys ID
    373485
    Date Published
    September 23, 2020
    Vendor Reference
    85.0.4183.121
    CVE Reference
    CVE-2020-15960, CVE-2020-15961, CVE-2020-15962, CVE-2020-15963, CVE-2020-15965, CVE-2020-15966, CVE-2020-15964
    CVSS Scores
    Base / Temporal
    Description
    Google Chrome is a web browser for multiple platforms developed by Google.

    Affected Version:
    Prior to Google Chrome 85.0.4183.121

    QID Detection Logic:
    This QID checks for vulnerable version of Google Chrome on Windows , MAC OS and Linux OS.

    Consequence
    Successful exploitation of these vulnerabilities could affect Confidentiality, Integrity and Availability.

    Solution
    Customers are advised to upgrade to latest version 85.0.4183.121
    For further details refer to Google Chrome 85.0.4183.121
    Patches
    Google Chrome 85.0.4183.121
  • CVE-2019-10197+
    Recently Published

    SUSE Enterprise Linux Security Update for samba (SUSE-SU-2020:2673-1)

    Severity
    Critical4
    Qualys ID
    174058
    Date Published
    September 23, 2020
    Vendor Reference
    SUSE-SU-2020:2673-1
    CVE Reference
    CVE-2019-10197, CVE-2019-10218, CVE-2019-14833, CVE-2019-14847, CVE-2019-14861, CVE-2019-14870, CVE-2019-14902, CVE-2019-14907, CVE-2019-19344, CVE-2020-10700, CVE-2020-10704, CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    SUSE has released security update for samba to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Software Development Kit 12-SP5
    SUSE Linux Enterprise Server 12-SP5

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:2673-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:2673-1
  • CVE-2020-13935
    Recently Published

    Amazon Linux Security Advisory for tomcat7: AL2012-2020-317

    Severity
    Critical4
    Qualys ID
    352063
    Date Published
    September 23, 2020
    CVE Reference
    CVE-2020-13935
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Package updates are available for Amazon Linux that fix the following vulnerabilities:

    CVE-2020-13935:The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. 1857024: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

    Consequence
    Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

    Solution
    Administrators are advised to apply the appropriate software updates.
    Patches
    AL2012-2020-317
  • CVE-2018-14647+
    Recently Published

    SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2020:2699-1)

    Severity
    Critical4
    Qualys ID
    174061
    Date Published
    September 23, 2020
    Vendor Reference
    SUSE-SU-2020:2699-1
    CVE Reference
    CVE-2018-14647, CVE-2018-20852, CVE-2019-16056, CVE-2019-16935, CVE-2019-20907, CVE-2019-9947, CVE-2020-14422
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released security update for python3 to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Software Development Kit 12-SP5
    SUSE Linux Enterprise Server for SAP 12-SP4
    SUSE Linux Enterprise Server for SAP 12-SP3
    SUSE Linux Enterprise Server for SAP 12-SP2
    SUSE Linux Enterprise Server 12-SP5

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:2699-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:2699-1
  • CVE-2020-14392+
    Recently Published

    SUSE Enterprise Linux Security Update for perl-DBI (SUSE-SU-2020:2661-1)

    Severity
    Critical4
    Qualys ID
    174057
    Date Published
    September 23, 2020
    Vendor Reference
    SUSE-SU-2020:2661-1
    CVE Reference
    CVE-2020-14392, CVE-2020-14393
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    SUSE has released security update for perl-dbi to fix the vulnerabilities.

    Affected Products:
    SUSE Linux Enterprise Server for SAP 12-SP4
    SUSE Linux Enterprise Server for SAP 12-SP3
    SUSE Linux Enterprise Server for SAP 12-SP2
    SUSE Linux Enterprise Server 12-SP5

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:2661-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:2661-1
  • CVE-2020-14392+
    Recently Published

    SUSE Enterprise Linux Security Update for perl-DBI (SUSE-SU-2020:2645-1)

    Severity
    Critical4
    Qualys ID
    174054
    Date Published
    September 23, 2020
    Vendor Reference
    SUSE-SU-2020:2645-1
    CVE Reference
    CVE-2020-14392, CVE-2020-14393
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    SUSE has released security update for perl-dbi to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Server for SAP 15

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:2645-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:2645-1
  • CVE-2020-9484
    Recently Published

    Amazon Linux Security Advisory for tomcat6: AL2012-2020-313

    Severity
    Critical4
    Qualys ID
    352059
    Date Published
    September 23, 2020
    CVE Reference
    CVE-2020-9484
    CVSS Scores
    Base 7 / Temporal 6.1
    Description
    Package updates are available for Amazon Linux that fix the following vulnerabilities:

    CVE-2020-9484:When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. 1838332: CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE

    Consequence
    Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

    Solution
    Administrators are advised to apply the appropriate software updates.
    Patches
    AL2012-2020-313
  • CVE-2020-9484
    Recently Published

    Amazon Linux Security Advisory for tomcat7: AL2012-2020-312

    Severity
    Critical4
    Qualys ID
    352058
    Date Published
    September 23, 2020
    CVE Reference
    CVE-2020-9484
    CVSS Scores
    Base 7 / Temporal 6.1
    Description
    Package updates are available for Amazon Linux that fix the following vulnerabilities:

    CVE-2020-9484:When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. 1838332: CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE

    Consequence
    Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

    Solution
    Administrators are advised to apply the appropriate software updates.
    Patches
    AL2012-2020-312
  • CVE-2020-10188
    Recently Published

    Amazon Linux Security Advisory for telnet: AL2012-2020-310

    Severity
    Critical4
    Qualys ID
    352056
    Date Published
    September 23, 2020
    CVE Reference
    CVE-2020-10188
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Package updates are available for Amazon Linux that fix the following vulnerabilities:

    CVE-2020-10188:1811673: CVE-2020-10188 telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

    Consequence
    Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

    Solution
    Administrators are advised to apply the appropriate software updates.
    Patches
    AL2012-2020-310
  • CVE-2019-18408
    Recently Published

    Amazon Linux Security Advisory for libarchive: AL2012-2020-308

    Severity
    Critical4
    Qualys ID
    352054
    Date Published
    September 23, 2020
    CVE Reference
    CVE-2019-18408
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Package updates are available for Amazon Linux that fix the following vulnerabilities:

    CVE-2019-18408:1769979: CVE-2019-18408 libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.

    Consequence
    Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

    Solution
    Administrators are advised to apply the appropriate software updates.
    Patches
    AL2012-2020-308
  • CVE-2019-16746+
    Recently Published

    SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2020:2582-1)

    Severity
    Critical4
    Qualys ID
    174024
    Date Published
    September 23, 2020
    Vendor Reference
    SUSE-SU-2020:2582-1
    CVE Reference
    CVE-2019-16746, CVE-2020-14314, CVE-2020-14331, CVE-2020-14386, CVE-2020-16166
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Server for SAP 12-SP3

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:2582-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:2582-1
  • CVE-2020-1472
    Recently Published

    FreeBSD Security Update for samba (24ace516-fad7-11ea-8d8c-005056a311d1)

    Severity
    Urgent5
    Qualys ID
    373486
    Date Published
    September 22, 2020
    Vendor Reference
    24ace516-fad7-11ea-8d8c-005056a311d1
    CVE Reference
    CVE-2020-1472
    CVSS Scores
    Base 10 / Temporal 8.7
    Description
    FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.

    FreeBSD has released a security update.
    Affected version:
    samba410 prior to 4.10.18
    samba411 prior to 4.11.13
    samba412 prior to 4.12.7

    QID Detection Logic:(Authenticated)
    It checks for versions of the packages to check for the vulnerable packages

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    Please refer to FreeBSD security advisory 24ace516-fad7-11ea-8d8c-005056a311d1 to address this issue and obtain further details.
    Patches
    24ace516-fad7-11ea-8d8c-005056a311d1
  • CVE-2020-9484
    In Development

    Atlassian Jira Server and Data Center Supported Platform Apache Tomcat Remote Code Execution Vulnerability(JRASERVER-71221)

    Severity
    Critical4
    Qualys ID
    13992
    Vendor Reference
    JRASERVER-71221
    CVE Reference
    CVE-2020-9484
    CVSS Scores
    Base 7 / Temporal 6.1
    Description
    Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.

    It's Supported platform Apache Tomcat vulnerable to Remote Code Execution vulnerability via session persistence.

    Affected Versions:
    Apache Tomcat 10.0.0-M1 to 10.0.0-M4
    Apache Tomcat 9.0.0.M1 to 9.0.34
    Apache Tomcat 8.5.0 to 8.5.54
    Apache Tomcat 7.0.0 to 7.0.103

    QID Detection Logic (Unauthenticated):
    The QID checks for vulnerable version by sending a GET /QUALYS13785 HTTP/1.0 request which helps in retrieving the installed version of Apache Tomcat in the banner of the response.

    Consequence
    Successful exploitation may result in remote code execution.

    Solution
    Upgrade to the Apache Tomcat 7.0.104,8.5.55, 9.0.0.35,10.0.0-M5 or to the latest version of Apache Tomcat. Please refer to Apache Tomcat Website.

    Patches
    Apache Tomcat
  • CVE-2020-5208
    Recently Published

    Amazon Linux Security Advisory for ipmitool: AL2012-2020-309

    Severity
    Critical4
    Qualys ID
    352055
    Date Published
    September 23, 2020
    CVE Reference
    CVE-2020-5208
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Package updates are available for Amazon Linux that fix the following vulnerabilities:

    CVE-2020-5208:It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. 1798721: CVE-2020-5208 ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c

    Consequence
    Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

    Solution
    Administrators are advised to apply the appropriate software updates.
    Patches
    AL2012-2020-309
  • CVE-2020-8616+
    Recently Published

    Amazon Linux Security Advisory for bind: AL2012-2020-311

    Severity
    Critical4
    Qualys ID
    352057
    Date Published
    September 23, 2020
    CVE Reference
    CVE-2020-8616, CVE-2020-8617
    CVSS Scores
    Base 8.6 / Temporal 7.7
    Description
    Package updates are available for Amazon Linux that fix the following vulnerabilities:

    CVE-2020-8617:1836124: CVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.

    CVE-2020-8616:1836118: CVE-2020-8616 bind: BIND does not sufficiently limit the number of fetches performed when processing referrals A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.

    Consequence
    Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

    Solution
    Administrators are advised to apply the appropriate software updates.
    Patches
    AL2012-2020-311
  • CVE-2020-7040
    Recently Published

    Ubuntu Security Notification for Storebackup Vulnerability (USN-4508-1)

    Severity
    Critical4
    Qualys ID
    198029
    Date Published
    September 23, 2020
    Vendor Reference
    USN-4508-1
    CVE Reference
    CVE-2020-7040
    CVSS Scores
    Base 8.1 / Temporal 6.5
    Description

    It was discovered that StoreBackup did not properly manage lock files.

    Consequence

    A local attacker could use this issue to cause a denial of service or escalate privileges and run arbitrary code. (CVE-2020-7040)

    Solution
    Refer to Ubuntu advisory USN-4508-1 for affected packages and patching details, or update with your package manager.
    Patches
    16.04 (Xenial) on src storebackup USN-4508-1, 18.04 (bionic) on src storebackup USN-4508-1, 20.04 (focal) on src storebackup USN-4508-1
  • CVE-2020-10135+
    Recently Published

    SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2020:2610-1)

    Severity
    Critical4
    Qualys ID
    174026
    Date Published
    September 23, 2020
    Vendor Reference
    SUSE-SU-2020:2610-1
    CVE Reference
    CVE-2020-10135, CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-14386, CVE-2020-16166, CVE-2020-1749, CVE-2020-24394
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Product:
    SUSE Linux Enterprise Server for SAP 15

    Consequence
    This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to Suse security advisory SUSE-SU-2020:2610-1 to address this issue and obtain further details.

    Patches
    SUSE Enterprise Linux SUSE-SU-2020:2610-1
  • CVE-2020-24614
    Recently Published

    OpenSUSE Security Update for fossil (openSUSE-SU-2020:1478-1)

    Severity
    Critical4
    Qualys ID
    174045
    Date Published
    September 22, 2020
    Vendor Reference
    openSUSE-SU-2020:1478-1
    CVE Reference
    CVE-2020-24614
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    SUSE has released security update for fossil to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.2
    openSUSE Leap 15.1
    openSUSE Backports SLE-15-SP2
    openSUSE Backports SLE-15-SP1

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to SUSE security advisory openSUSE-SU-2020:1478-1 to address this issue and obtain further details.

    Patches
    OpenSuse openSUSE-SU-2020:1478-1
  • CVE-2020-14392+
    Recently Published

    OpenSUSE Security Update for perl-DBI (openSUSE-SU-2020:1483-1)

    Severity
    Critical4
    Qualys ID
    174047
    Date Published
    September 22, 2020
    Vendor Reference
    openSUSE-SU-2020:1483-1
    CVE Reference
    CVE-2020-14392, CVE-2020-14393
    CVSS Scores
    Base 7.1 / Temporal 6.1
    Description
    SUSE has released security update for perl-dbi to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.2

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to SUSE security advisory openSUSE-SU-2020:1483-1 to address this issue and obtain further details.

    Patches
    OpenSuse openSUSE-SU-2020:1483-1
  • CVE-2020-3980
    In Development

    VMware Fusion Privilege Escalation Vulnerability (VMSA-2020-0020)

    Severity
    Critical4
    Qualys ID
    373481
    Vendor Reference
    VMSA-2020-0020
    CVE Reference
    CVE-2020-3980
    CVSS Scores
    Base 6.7 / Temporal 6.1
    Description
    VMware Fusion is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems
    VMware Fusion contains a privilege escalation vulnerability due to the way it allows configuring the system wide path.

    Affected Versions:
    VMware Fusion prior to 11.x

    QID Detection Logic (Unauthenticated):
    This QID checks for vulnerable versions of Fusion exe file.

    Consequence
    An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.
    Solution
    Patch for VMware Fusion is not released yet.

    Refer to VMware advisory VMSA-2020-0020 for updates.

  • CVE-2020-24977
    Recently Published

    Fedora Security Update for mingw-libxml2 (FEDORA-2020-b60dbdd538)

    Severity
    Critical4
    Qualys ID
    280426
    Date Published
    September 22, 2020
    Vendor Reference
    FEDORA-2020-b60dbdd538 Fedora 32
    CVE Reference
    CVE-2020-24977
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Fedora has released security update for mingw-libxml2 to fix the vulnerability.

    Affected OS:
    Fedora 32

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    Fedora has issued updated packages to fix this vulnerability.

    For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
    Fedora 32 Update

    Patches
    Fedora 32 FEDORA-2020-b60dbdd538
  • CVE-2020-24977
    Recently Published

    Fedora Security Update for mingw-libxml2 (FEDORA-2020-7dd29dacad)

    Severity
    Critical4
    Qualys ID
    280425
    Date Published
    September 22, 2020
    Vendor Reference
    FEDORA-2020-7dd29dacad Fedora 31
    CVE Reference
    CVE-2020-24977
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Fedora has released security update for mingw-libxml2 to fix the vulnerability.

    Affected OS:
    Fedora 31

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    Fedora has issued updated packages to fix this vulnerability.

    For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
    Fedora 31 Update

    Patches
    Fedora 31 FEDORA-2020-7dd29dacad
  • CVE-2020-14339
    Recently Published

    OpenSUSE Security Update for libvirt (openSUSE-SU-2020:1455-1)

    Severity
    Critical4
    Qualys ID
    174038
    Date Published
    September 22, 2020
    Vendor Reference
    openSUSE-SU-2020:1455-1
    CVE Reference
    CVE-2020-14339
    CVSS Scores
    Base 5 / Temporal 4.4
    Description
    SUSE has released security update for libvirt to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.2

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to SUSE security advisory openSUSE-SU-2020:1455-1 to address this issue and obtain further details.

    Patches
    OpenSuse openSUSE-SU-2020:1455-1
  • CVE-2020-13670+
    Recently Published

    Drupal Core Multiple Vulnerabilities(SA-CORE-2020-011, SA-CORE-2020-010, SA-CORE-2020-009, SA-CORE-2020-008)

    Severity
    Urgent5
    Qualys ID
    13985
    Date Published
    September 21, 2020
    Vendor Reference
    SA-CORE-2020-008, SA-CORE-2020-009, SA-CORE-2020-010, SA-CORE-2020-011
    CVE Reference
    CVE-2020-13670, CVE-2020-13669, CVE-2020-13668, CVE-2020-13667
    CVSS Scores
    Base 7.3 / Temporal 6.4
    Description
    Drupal is a free and open source content management framework written in PHP and distributed under the GNU General Public License.

    Affected Versions:
    Drupal 8.8.x, prior to Drupal 8.8.10.
    Drupal 8.9.x, prior to Drupal 8.9.6.
    Drupal 9.0.x, prior to Drupal 9.0.6.

    QID Detection Logic:(Unauthenticated)
    This QID checks for vulnerable version of Drupal installed on the target.

    Consequence
    Successful exploitation of these vulnerabilities could affect Confidentiality, Integrity and Availability.

    Solution
    Customers are advised to install latest drupal version.
    For more information visit Drupal security advisory SA-CORE-2020-011 Drupal security advisory SA-CORE-2020-010 Drupal security advisory SA-CORE-2020-009 Drupal security advisory SA-CORE-2020-008
    Patches
    sa-core-2020-008, sa-core-2020-009, sa-core-2020-010, sa-core-2020-011
  • CVE-2020-15094
    Recently Published

    Fedora Security Update for php-symfony4 (FEDORA-2020-16eb328853)

    Severity
    Critical4
    Qualys ID
    280406
    Date Published
    September 21, 2020
    Vendor Reference
    FEDORA-2020-16eb328853 Fedora 32
    CVE Reference
    CVE-2020-15094
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Fedora has released security update for php-symfony4 to fix the vulnerability.

    Affected OS:
    Fedora 32

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    Fedora has issued updated packages to fix this vulnerability.

    For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
    Fedora 32 Update

    Patches
    Fedora 32 FEDORA-2020-16eb328853
  • In Development

    WordPress Plugin Advanced Access Manager - Arbitrary File Access/Download vulnerability

    Severity
    Critical4
    Qualys ID
    150318
    CVSS Scores
    Base 7.5 / Temporal 6.7
    Description
    Advanced Access Manager is a WordPress plugin that gives you the ability to manage access to your website content for any role, individual user and visitors or even define the default access to all posts, pages, custom post types, categories etc. The plugin suffers from a Arbitrary File Access/Download vulnerability.

    Affected Version:
    All versions prior to 5.9.9
    QID Detection Logic:
    The QID send a request, along with the payload and looks for a pattern in the response, in order to confirm the vulnerability.

    Consequence
    Successful exploitation of the vulnerability could completely compromise the confidentiality of the application.

    Solution
    Customers are advised to upgrade to the fixed versions of Advanced Access Manager 6.0 to remediate the vulnerability.
    For more Information Please visit WordPress plugin
    Patches
    -
  • CVE-2020-7293+
    Recently Published

    McAfee Web Gateway Improper Authorization Vulnerabilities (SB10323)

    Severity
    Critical4
    Qualys ID
    13982
    Date Published
    September 22, 2020
    Vendor Reference
    SB10323
    CVE Reference
    CVE-2020-7293, CVE-2020-7294, CVE-2020-7295, CVE-2020-7296, CVE-2020-7297
    CVSS Scores
    Base 9 / Temporal 8.1
    Description

    McAfee Web Gateway Anti-Malware Engine, part of McAfee Web Protection, is a powerful in-line technology designed to protect against contemporary threats delivered via HTTP and HTTPS channels, taking web exploit detection, zero-day, and targeted threat prevention to the next level.

    Affected Versions:
    McAfee Web Gateway 9.x earlier than 9.2.3
    McAfee Web Gateway 8.2.x earlier than 8.2.11
    McAfee Web Gateway 7.8.x earlier than 7.8.2.23

    QID Detection Logic :
    This QID retrieves McAfee Web Gateway version and checks to see if it's vulnerable.

    Consequence
    A successful exploit allows a remote attacker to gain improper access control in the user,REST interface.
    Solution
    Update McAfee Gateway to fixed releases 9.2.3,8.2.11, 7.8.2.23 or Refer to McAfee Advisory SB10323 for more details.
    Patches
    SB10323
  • CVE-2020-13666
    Recently Published

    Drupal Core Cross Site Scripting Vulnerability (SA-CORE-2020-007)

    Severity
    Critical4
    Qualys ID
    13986
    Date Published
    September 21, 2020
    Vendor Reference
    SA-CORE-2020-007
    CVE Reference
    CVE-2020-13666
    CVSS Scores
    Base 7.3 / Temporal 6.4
    Description
    Drupal is a free and open source content management framework written in PHP and distributed under the GNU General Public License.

    Affected Versions:
    Drupal 7.x, prior to Drupal 7.73.
    Drupal 8.8.x, prior to Drupal 8.8.10.
    Drupal 8.9.x, prior to Drupal 8.9.6.
    Drupal 9.0.x, prior to Drupal 9.0.6.

    QID Detection Logic:(Unauthenticated)
    This QID checks for vulnerable version of Drupal installed on the target.

    Consequence
    Successful exploitation of these vulnerabilities could affect Confidentiality, Integrity and Availability.

    Solution
    Customers are advised to install latest drupal version.
    For more information visitDrupal security advisory SA-CORE-2020-007
    Patches
    SA-CORE-2020-007
  • CVE-2020-24977
    Recently Published

    Fedora Security Update for libxml2 (FEDORA-2020-35087800be)

    Severity
    Critical4
    Qualys ID
    280391
    Date Published
    September 21, 2020
    Vendor Reference
    FEDORA-2020-35087800be Fedora 32
    CVE Reference
    CVE-2020-24977
    CVSS Scores
    Base 6.5 / Temporal 5.6
    Description
    Fedora has released security update for libxml2 to fix the vulnerability.

    Affected OS:
    Fedora 32

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    Fedora has issued updated packages to fix this vulnerability.

    For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
    Fedora 32 Update

    Patches
    Fedora 32 FEDORA-2020-35087800be
  • CVE-2020-1472
    Recently Published

    Ubuntu Security Notification for Samba Vulnerability (USN-4510-1)

    Severity
    Urgent5
    Qualys ID
    198031
    Date Published
    September 18, 2020
    Vendor Reference
    USN-4510-1
    CVE Reference
    CVE-2020-1472
    CVSS Scores
    Base 10 / Temporal 9.3
    Description
    Netlogon protocol implemented by Samba incorrectly handles the authentication scheme. A remote attacker could use this issue to forge authentication tokens and steal the credentials of the domain admin.

    Affected Versions:
    Ubuntu Linux 16.04
    Ubuntu Linux 18.04

    Consequence
    Successful exploitation of the vulnerability will allow attackers to forge authentication tokens and steal the credentials of the domain admin.
    Solution
    Refer to Ubuntu advisory USN-4510-1 for affected packages and patching details, or update with your package manager.
    Patches
    USN-4510-1
  • CVE-2020-1472
    Recently Published

    Ubuntu Security Notification for Samba Vulnerability (USN-4510-2) (Deprecated)

    Severity
    Urgent5
    Qualys ID
    198030
    Date Published
    September 18, 2020
    Vendor Reference
    USN-4510-2
    CVE Reference
    CVE-2020-1472
    CVSS Scores
    Base 10 / Temporal 9.3
    Description
    Netlogon protocol implemented by Samba incorrectly handles the authentication scheme. A remote attacker could use this issue to forge authentication tokens and steal the credentials of the domain admin.

    Affected Versions:
    Ubuntu Linux 14.04

    Note: QID 198030 is deprecated as ubuntu 14.04 ESM is not supported.

    Consequence
    Successful exploitation of the vulnerability will allow attackers to forge authentication tokens and steal the credentials of the domain admin.
    Solution
    Refer to Ubuntu advisory USN-4510-2 for affected packages and patching details, or update with your package manager.
    Patches
    USN-4510-2
  • CVE-2020-11984+
    Recently Published

    Amazon Linux Security Advisory for httpd: ALAS2-2020-1490

    Severity
    Critical4
    Qualys ID
    352050
    Date Published
    September 18, 2020
    Vendor Reference
    ALAS-2020-1490
    CVE Reference
    CVE-2020-11984, CVE-2020-11993, CVE-2020-9490
    CVSS Scores
    Base 9.8 / Temporal 7.8
    Description

    Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-11984 )

    Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove() that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-9490 )

    Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by mod_http2 at debug/trace log level may lead to potential crashes and denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-11993 )

    Consequence
    Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
    Solution
    Please refer to Amazon advisory ALAS-2020-1490 for affected packages and patching details, or update with your package manager.
    Patches
    Amazon Linux 2 httpd (2.4.46-1.amzn2) on aarch64 ALAS-2020-1490, Amazon Linux 2 httpd (2.4.46-1.amzn2) on i686 ALAS-2020-1490, Amazon Linux 2 httpd (2.4.46-1.amzn2) on noarch ALAS-2020-1490, Amazon Linux 2 httpd (2.4.46-1.amzn2) on src ALAS-2020-1490, Amazon Linux 2 httpd (2.4.46-1.amzn2) on x86_64 ALAS-2020-1490
  • CVE-2020-1224+
    Recently Published

    Microsoft Office and Microsoft Office Services Security Update for MacOS September 2020

    Severity
    Critical4
    Qualys ID
    110362
    Date Published
    September 18, 2020
    Vendor Reference
    Office for Mac 2016, Office for Mac 2019
    CVE Reference
    CVE-2020-1224, CVE-2020-1218, CVE-2020-1338, CVE-2020-1193, CVE-2020-16855
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Microsoft has released September 2020 security updates to fix multiple security vulnerabilities.

    Affected Version:
    Office for Mac 2019 prior to 16.41 (Build 20091302)
    Office for Mac 2016 prior to 16.16.26 (20091400)
    QID Detection Logic:
    This authenticated QID checks the file versions from the Microsoft advisory with the versions on affected office system.

    Consequence
    Successful exploitation allows an attacker to execute code remotely.

    Solution
    Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.

    Patches
    Microsoft Office
  • CVE-2020-14556+
    Recently Published

    Amazon Linux Security Advisory for java-1.8.0-openjdk: ALAS2-2020-1491

    Severity
    Critical4
    Qualys ID
    352053
    Date Published
    September 18, 2020
    Vendor Reference
    ALAS-2020-1491
    CVE Reference
    CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621
    CVSS Scores
    Base 8.3 / Temporal 6.7
    Description

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-14579 )

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). (CVE-2020-14583 )

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14577 )

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access

    Consequence
    Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
    Solution
    Please refer to Amazon advisory ALAS-2020-1491 for affected packages and patching details, or update with your package manager.
    Patches
    Amazon Linux 2 java-1.8.0-openjdk (1.8.0.265.b01-1.amzn2.0.1) on aarch64 ALAS-2020-1491, Amazon Linux 2 java-1.8.0-openjdk (1.8.0.265.b01-1.amzn2.0.1) on i686 ALAS-2020-1491, Amazon Linux 2 java-1.8.0-openjdk (1.8.0.265.b01-1.amzn2.0.1) on noarch ALAS-2020-1491, Amazon Linux 2 java-1.8.0-openjdk (1.8.0.265.b01-1.amzn2.0.1) on src ALAS-2020-1491, Amazon Linux 2 java-1.8.0-openjdk (1.8.0.265.b01-1.amzn2.0.1) on x86_64 ALAS-2020-1491
  • CVE-2020-11993+
    Recently Published

    Amazon Linux Security Advisory for mod_http2: ALAS2-2020-1493

    Severity
    Critical4
    Qualys ID
    352052
    Date Published
    September 18, 2020
    Vendor Reference
    ALAS-2020-1493
    CVE Reference
    CVE-2020-11993, CVE-2020-9490
    CVSS Scores
    Base 7.5 / Temporal 6
    Description

    Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove() that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-9490 )

    Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by mod_http2 at debug/trace log level may lead to potential crashes and denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-11993 )

    Consequence
    Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
    Solution
    Please refer to Amazon advisory ALAS-2020-1493 for affected packages and patching details, or update with your package manager.
    Patches
    Amazon Linux 2 mod_http2 (1.15.14-2.amzn2) on aarch64 ALAS-2020-1493, Amazon Linux 2 mod_http2 (1.15.14-2.amzn2) on i686 ALAS-2020-1493, Amazon Linux 2 mod_http2 (1.15.14-2.amzn2) on src ALAS-2020-1493, Amazon Linux 2 mod_http2 (1.15.14-2.amzn2) on x86_64 ALAS-2020-1493
  • CVE-2020-12100+
    Recently Published

    Amazon Linux Security Advisory for dovecot: ALAS2-2020-1489

    Severity
    Critical4
    Qualys ID
    352049
    Date Published
    September 18, 2020
    Vendor Reference
    ALAS-2020-1489
    CVE Reference
    CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
    CVSS Scores
    Base 7.5 / Temporal 6
    Description

    In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. A flaw was found in dovecot. An attacker can use the way dovecot handles RPA (Remote Passphrase Authentication) to crash the authentication process repeatedly preventing login. The highest threat from this vulnerability is to system availability. (CVE-2020-12674 )

    In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. A flaw was found in dovecot. A remote attacker could cause a denial of service by repeatedly sending emails containing MIME parts containing malicious content of which dovecot will attempt to parse. The highest threat from this vulnerability is to system availability. (CVE-2020-12100 )

    In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. A flaw was found in dovecot. An out-of-bounds read flaw was found in the way dovecot handled NTLM authentication allowing an attacker to crash the dovecot auth process repeatedly preventing login. The highest threat from this vulnerability is to system availability. (CVE-2020-12673 )

    Consequence
    Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
    Solution
    Please refer to Amazon advisory ALAS-2020-1489 for affected packages and patching details, or update with your package manager.
    Patches
    Amazon Linux 2 dovecot (2.2.36-6.amzn2.1) on aarch64 ALAS-2020-1489, Amazon Linux 2 dovecot (2.2.36-6.amzn2.1) on i686 ALAS-2020-1489, Amazon Linux 2 dovecot (2.2.36-6.amzn2.1) on src ALAS-2020-1489, Amazon Linux 2 dovecot (2.2.36-6.amzn2.1) on x86_64 ALAS-2020-1489
  • CVE-2020-1472
    In Development

    Microsoft Windows Netlogon Elevation of Privilege Vulnerability (unauthenticated check)

    Severity
    Critical4
    Qualys ID
    91680
    Vendor Reference
    CVE-2020-1472
    CVE Reference
    CVE-2020-1472
    CVSS Scores
    Base 10 / Temporal 9
    Description
    An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC).

    Affected Versions:
    Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server, version 1903 Windows Server, version 1909 Windows Server, version 2004

    QID Detection Logic (unauthenticated):
    This remote detection sends "NetrServerAuthenticate" payload with client credential all 0 to detect the vulnerability.

    Consequence
    An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.
    Solution
    Please refer to the CVE-2020-1472 Update Guide for more information pertaining to these vulnerabilities.

    Patches
    WIndows CVE-2020-1472
  • In Development

    EOL/Obsolete Software: Cisco Jabber For Windows Prior To 12.0.x Detected

    Severity
    Urgent5
    Qualys ID
    105932
    Vendor Reference
    Cisco Jabber
    CVSS Scores
    Base 8.1 / Temporal 7.2
    Description
    The host is running Cisco Jabber for Windows. Cisco ended support of Cisco Jabber for Windows for version 11.9.x and 12.0.x on September 15, 2019 and provides no further support for the product.

    QID Detection Logic (authenticated):
    The QID checks for the registry key to check if Cisco Jabber for Windows is installed on the system or not and if it is a EOL version.

    Consequence
    The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks.

    Solution
    Update to the latest version of Cisco Jabber for Windows. Refer to Cisco Jabber.

  • CVE-2020-14556+
    Recently Published

    Amazon Linux Security Advisory for java-1.8.0-openjdk: ALAS-2020-1434

    Severity
    Critical4
    Qualys ID
    352048
    Date Published
    September 18, 2020
    Vendor Reference
    ALAS-2020-1434
    CVE Reference
    CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621
    CVSS Scores
    Base 8.3 / Temporal 6.7
    Description

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-14579 )

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). (CVE-2020-14583 )

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14577 )

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unaut

    Consequence
    Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
    Solution
    Please refer to Amazon advisory ALAS-2020-1434 for affected packages and patching details, or update with your package manager.
    Patches
    Amazon Linux java-1.8.0-openjdk (1.8.0.265.b01-0.54.amzn1) on i686 ALAS-2020-1434, Amazon Linux java-1.8.0-openjdk (1.8.0.265.b01-0.54.amzn1) on noarch ALAS-2020-1434, Amazon Linux java-1.8.0-openjdk (1.8.0.265.b01-0.54.amzn1) on src ALAS-2020-1434, Amazon Linux java-1.8.0-openjdk (1.8.0.265.b01-0.54.amzn1) on x86_64 ALAS-2020-1434
  • CVE-2020-6573+
    Recently Published

    Red Hat Update for chromium-browser (RHSA-2020:3740)

    Severity
    Critical4
    Qualys ID
    238610
    Date Published
    September 18, 2020
    Vendor Reference
    RHSA-2020:3740
    CVE Reference
    CVE-2020-6573, CVE-2020-6574, CVE-2020-6575, CVE-2020-6576, CVE-2020-15959
    CVSS Scores
    Base / Temporal
    Description
    Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 85.0.4183.102.

    Security Fix(es): chromium-browser: Use after free in video (CVE-2020-6573)
    chromium-browser: Insufficient policy enforcement in installer (CVE-2020-6574)
    chromium-browser: Race in Mojo (CVE-2020-6575)
    chromium-browser: Use after free in offscreen canvas (CVE-2020-6576)
    chromium-browser: Insufficient policy enforcement in networking (CVE-2020-15959)

    Affected Products:

    Red Hat Enterprise Linux Server 6 x86_64
    Red Hat Enterprise Linux Server 6 i386
    Red Hat Enterprise Linux Workstation 6 x86_64
    Red Hat Enterprise Linux Workstation 6 i386
    Red Hat Enterprise Linux Desktop 6 x86_64
    Red Hat Enterprise Linux Desktop 6 i386
    Red Hat Enterprise Linux for Scientific Computing 6 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3740 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3740
  • CVE-2020-14352
    Recently Published

    Red Hat Update for librepo (RHSA-2020:3749)

    Severity
    Critical4
    Qualys ID
    238609
    Date Published
    September 18, 2020
    Vendor Reference
    RHSA-2020:3749
    CVE Reference
    CVE-2020-14352
    CVSS Scores
    Base 8 / Temporal 7
    Description
    The librepo library provides a C and Python API to download repository metadata.

    Security Fix(es): librepo: missing path validation in repomd.xml may lead to directory traversal (CVE-2020-14352)

    Affected Products:

    Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
    Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
    Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
    Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
    Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
    Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3749 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3749
  • CVE-2020-14345+
    Recently Published

    OpenSUSE Security Update for xorg-x11-server (openSUSE-SU-2020:1302-1)

    Severity
    Critical4
    Qualys ID
    174036
    Date Published
    September 18, 2020
    Vendor Reference
    openSUSE-SU-2020:1302-1
    CVE Reference
    CVE-2020-14345, CVE-2020-14346, CVE-2020-14347
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released security update for xorg-x11-server to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.2

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to SUSE security advisory openSUSE-SU-2020:1302-1 to address this issue and obtain further details.

    Patches
    OpenSuse openSUSE-SU-2020:1302-1
  • CVE-2020-14345+
    Recently Published

    OpenSUSE Security Update for xorg-x11-server (openSUSE-SU-2020:1279-1)

    Severity
    Critical4
    Qualys ID
    174035
    Date Published
    September 18, 2020
    Vendor Reference
    openSUSE-SU-2020:1279-1
    CVE Reference
    CVE-2020-14345, CVE-2020-14346, CVE-2020-14347
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released security update for xorg-x11-server to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.1

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to SUSE security advisory openSUSE-SU-2020:1279-1 to address this issue and obtain further details.

    Patches
    OpenSuse openSUSE-SU-2020:1279-1
  • CVE-2020-3327+
    Recently Published

    Amazon Linux Security Advisory for clamav: ALAS-2020-1433

    Severity
    Critical4
    Qualys ID
    352047
    Date Published
    September 18, 2020
    Vendor Reference
    ALAS-2020-1433
    CVE Reference
    CVE-2020-3327, CVE-2020-3350, CVE-2020-3481
    CVSS Scores
    Base 7.5 / Temporal 6
    Description

    Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.3 that could cause a denial-of-service (DoS) condition. Improper bounds checking resulted in an out-of-bounds read that could cause a crash. The previous fix for this CVE in version 0.102.3 was incomplete. This fix correctly resolves the issue. (CVE-2020-3327 )

    Fixed a vulnerability a malicious user could exploit to replace a scan target directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (such as a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan and clamonacc. (CVE-2020-3350 )

    Fixed a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could cause a denial-of-service (DoS) condition. Improper error handling could cause a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in affected versions. (CVE-2020-3481 )

    Consequence
    Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
    Solution
    Please refer to Amazon advisory ALAS-2020-1433 for affected packages and patching details, or update with your package manager.
    Patches
    Amazon Linux clamav (0.102.4-1.44.amzn1) on i686 ALAS-2020-1433, Amazon Linux clamav (0.102.4-1.44.amzn1) on noarch ALAS-2020-1433, Amazon Linux clamav (0.102.4-1.44.amzn1) on src ALAS-2020-1433, Amazon Linux clamav (0.102.4-1.44.amzn1) on x86_64 ALAS-2020-1433
  • CVE-2020-12100+
    Recently Published

    CentOS Security Update for dovecot (CESA-2020:3617)

    Severity
    Critical4
    Qualys ID
    256952
    Date Published
    September 18, 2020
    Vendor Reference
    CESA-2020:3617 centos 7
    CVE Reference
    CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CentOS has released security update for dovecot to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    N/A
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:3617
  • CVE-2020-9490
    Recently Published

    Red Hat Update for httpd:2.4 (RHSA-2020:3726)

    Severity
    Critical4
    Qualys ID
    238615
    Date Published
    September 18, 2020
    Vendor Reference
    RHSA-2020:3726
    CVE Reference
    CVE-2020-9490
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es): httpd: Push diary crash on specifically crafted HTTP/2 header (CVE-2020-9490)

    Affected Products:

    Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
    Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
    Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
    Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
    Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
    Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3726 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3726
  • CVE-2020-14384
    Recently Published

    Red Hat Update for Red Hat JBoss Enterprise Application Platform 6.4 (RHSA-2020:3730)

    Severity
    Critical4
    Qualys ID
    238614
    Date Published
    September 18, 2020
    Vendor Reference
    RHSA-2020:3730
    CVE Reference
    CVE-2020-14384
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.23 includes bug fixes and enhancements, which are documented in the Release Notes document listed in the References section.

    Security Fix(es): jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS (CVE-2020-14384)

    Affected Products:

    JBoss Enterprise Application Platform 6.4 for RHEL 7 x86_64
    JBoss Enterprise Application Platform 6.4 for RHEL 7 ppc64
    JBoss Enterprise Application Platform 6.4 for RHEL 6 x86_64
    JBoss Enterprise Application Platform 6.4 for RHEL 6 ppc64
    JBoss Enterprise Application Platform 6.4 for RHEL 6 i386
    JBoss Enterprise Application Platform 6.4 for RHEL 5 x86_64
    JBoss Enterprise Application Platform 6.4 for RHEL 5 i386
    JBoss Enterprise Application Platform 6 for RHEL 7 x86_64
    JBoss Enterprise Application Platform 6 for RHEL 7 ppc64
    JBoss Enterprise Application Platform 6 for RHEL 6 x86_64
    JBoss Enterprise Application Platform 6 for RHEL 6 ppc64
    JBoss Enterprise Application Platform 6 for RHEL 6 i386
    JBoss Enterprise Application Platform 6 for RHEL 5 x86_64
    JBoss Enterprise Application Platform 6 for RHEL 5 i386

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3730 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3730
  • CVE-2020-9490
    Recently Published

    Red Hat Update for httpd24-httpd (RHSA-2020:3733)

    Severity
    Critical4
    Qualys ID
    238612
    Date Published
    September 18, 2020
    Vendor Reference
    RHSA-2020:3733
    CVE Reference
    CVE-2020-9490
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es): httpd: Push diary crash on specifically crafted HTTP/2 header (CVE-2020-9490)

    Affected Products:

    Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
    Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7 s390x
    Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7 ppc64le
    Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6 x86_64
    Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.6 s390x
    Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.6 ppc64le
    Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
    Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
    Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
    Red Hat Software Collections (for RHEL Server for ARM) 1 aarch64
    Red Hat Software Collections (for RHEL Server) 1 for RHEL 6 x86_64
    Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
    Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3733 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3733
  • CVE-2020-12100+
    Recently Published

    Red Hat Update for dovecot (RHSA-2020:3736)

    Severity
    Critical4
    Qualys ID
    238611
    Date Published
    September 18, 2020
    Vendor Reference
    RHSA-2020:3736
    CVE Reference
    CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.

    Security Fix(es): dovecot: Resource exhaustion via deeply nested MIME parts (CVE-2020-12100)
    dovecot: Out of bound reads in dovecot NTLM implementation (CVE-2020-12673)
    dovecot: Crash due to assert in RPA implementation (CVE-2020-12674)

    Affected Products:

    Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
    Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
    Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
    Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
    Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
    Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64
    Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.1 x86_64
    Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.1 ppc64le
    Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.1 s390x
    Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.1 aarch64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3736 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3736
  • CVE-2020-10700+
    In Development

    OpenSUSE Security Update for ldb, samba (openSUSE-SU-2020:1313-1)

    Severity
    Critical4
    Qualys ID
    174031
    Vendor Reference
    openSUSE-SU-2020:1313-1
    CVE Reference
    CVE-2020-10700, CVE-2020-10704, CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released security update for ldb, samba to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.2

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to SUSE security advisory openSUSE-SU-2020:1313-1 to address this issue and obtain further details.

    Patches
    OpenSuse openSUSE-SU-2020:1313-1
  • CVE-2019-2911+
    Recently Published

    Red Hat Update for mysql:8.0 (RHSA-2020:3732)

    Severity
    Critical4
    Qualys ID
    238613
    Date Published
    September 18, 2020
    Vendor Reference
    RHSA-2020:3732
    CVE Reference
    CVE-2019-2911, CVE-2019-2914, CVE-2019-2938, CVE-2019-2946, CVE-2019-2957, CVE-2019-2960, CVE-2019-2963, CVE-2019-2966, CVE-2019-2967, CVE-2019-2968, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2993, CVE-2019-2997, CVE-2019-2998, CVE-2019-3004, CVE-2019-3009, CVE-2019-3011, CVE-2019-3018, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574, CVE-2020-2577, CVE-2020-2579, CVE-2020-2580, CVE-2020-2584, CVE-2020-2588, CVE-2020-2589, CVE-2020-2627, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2694, CVE-2020-2752, CVE-2020-2759, CVE-2020-2760, CVE-2020-2761, CVE-2020-2762, CVE-2020-2763, CVE-2020-2765, CVE-2020-2770, CVE-2020-2774, CVE-2020-2779, CVE-2020-2780, CVE-2020-2804, CVE-2020-2812, CVE-2020-2814, CVE-2020-2853, CVE-2020-2892, CVE-2020-2893, CVE-2020-2895, CVE-2020-2896, CVE-2020-2897, CVE-2020-2898, CVE-2020-2901, CVE-2020-2903, CVE-2020-2904, CVE-2020-2921, CVE-2020-2922, CVE-2020-2923, CVE-2020-2924, CVE-2020-2925, CVE-2020-2926, CVE-2020-2928, CVE-2020-2930, CVE-2020-14539, CVE-2020-14540, CVE-2020-14547, CVE-2020-14550, CVE-2020-14553, CVE-2020-14559, CVE-2020-14567, CVE-2020-14568, CVE-2020-14575, CVE-2020-14576, CVE-2020-14586, CVE-2020-14597, CVE-2020-14614, CVE-2020-14619, CVE-2020-14620, CVE-2020-14623, CVE-2020-14624, CVE-2020-14631, CVE-2020-14632, CVE-2020-14633, CVE-2020-14634, CVE-2020-14641, CVE-2020-14643, CVE-2020-14651, CVE-2020-14654, CVE-2020-14656, CVE-2020-14663, CVE-2020-14678, CVE-2020-14680, CVE-2020-14697, CVE-2020-14702, CVE-2020-14725
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.The following packages have been upgraded to a later upstream version: mysql (8.0.21).

    Security Fix(es): mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702)
    mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957)
    mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)
    mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925)
    mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)
    mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)
    mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011)
    mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580)
    mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)
    mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)
    mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632)
    mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)
    mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)
    mysql: Server

    Affected Products:

    Red Hat Enterprise Linux for x86_64 8 x86_64
    Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
    Red Hat Enterprise Linux Server - AUS 8.2 x86_64
    Red Hat Enterprise Linux for IBM z Systems 8 s390x
    Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
    Red Hat Enterprise Linux for Power, little endian 8 ppc64le
    Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
    Red Hat Enterprise Linux Server - TUS 8.2 x86_64
    Red Hat Enterprise Linux for ARM 64 8 aarch64
    Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
    Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
    Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3732 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3732
  • CVE-2019-2911+
    Recently Published

    Red Hat Update for mysql:8.0 (RHSA-2020:3757)

    Severity
    Critical4
    Qualys ID
    238608
    Date Published
    September 18, 2020
    Vendor Reference
    RHSA-2020:3757
    CVE Reference
    CVE-2019-2911, CVE-2019-2914, CVE-2019-2938, CVE-2019-2946, CVE-2019-2957, CVE-2019-2960, CVE-2019-2963, CVE-2019-2966, CVE-2019-2967, CVE-2019-2968, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2993, CVE-2019-2997, CVE-2019-2998, CVE-2019-3004, CVE-2019-3009, CVE-2019-3011, CVE-2019-3018, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574, CVE-2020-2577, CVE-2020-2579, CVE-2020-2580, CVE-2020-2584, CVE-2020-2588, CVE-2020-2589, CVE-2020-2627, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2694, CVE-2020-2752, CVE-2020-2759, CVE-2020-2760, CVE-2020-2761, CVE-2020-2762, CVE-2020-2763, CVE-2020-2765, CVE-2020-2770, CVE-2020-2774, CVE-2020-2779, CVE-2020-2780, CVE-2020-2804, CVE-2020-2812, CVE-2020-2814, CVE-2020-2853, CVE-2020-2892, CVE-2020-2893, CVE-2020-2895, CVE-2020-2896, CVE-2020-2897, CVE-2020-2898, CVE-2020-2901, CVE-2020-2903, CVE-2020-2904, CVE-2020-2921, CVE-2020-2922, CVE-2020-2923, CVE-2020-2924, CVE-2020-2925, CVE-2020-2926, CVE-2020-2928, CVE-2020-2930, CVE-2020-14539, CVE-2020-14540, CVE-2020-14547, CVE-2020-14550, CVE-2020-14553, CVE-2020-14559, CVE-2020-14567, CVE-2020-14568, CVE-2020-14575, CVE-2020-14576, CVE-2020-14586, CVE-2020-14597, CVE-2020-14614, CVE-2020-14619, CVE-2020-14620, CVE-2020-14623, CVE-2020-14624, CVE-2020-14631, CVE-2020-14632, CVE-2020-14633, CVE-2020-14634, CVE-2020-14641, CVE-2020-14643, CVE-2020-14651, CVE-2020-14654, CVE-2020-14656, CVE-2020-14663, CVE-2020-14678, CVE-2020-14680, CVE-2020-14697, CVE-2020-14702, CVE-2020-14725
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql (8.0.21).

    Security Fix(es): mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702)
    mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957)
    mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)
    mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925)
    mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)
    mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)
    mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011)
    mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580)
    mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)
    mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)
    mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632)
    mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)
    mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)
    mysql: Server

    Affected Products:

    Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
    Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
    Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
    Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
    Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
    Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3757 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3757
  • CVE-2020-12066
    Recently Published

    Debian Security Update for teeworlds (DSA 4763-1)

    Severity
    Critical4
    Qualys ID
    178080
    Date Published
    September 18, 2020
    Vendor Reference
    DSA 4763-1
    CVE Reference
    CVE-2020-12066
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Debian has released security update for teeworlds to fix the vulnerabilities.

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    Refer to Debian security advisory DSA 4763-1 to address this issue and obtain further details.
    Patches
    Debian DSA 4763-1
  • CVE-2020-8342
    Recently Published

    Lenovo System Update Privilege escalation Vulnerability(LEN-42150)

    Severity
    Critical4
    Qualys ID
    373453
    Date Published
    September 18, 2020
    Vendor Reference
    LEN-42150
    CVE Reference
    CVE-2020-8342
    CVSS Scores
    Base 7 / Temporal 6
    Description
    Lenovo System Update is a software application which downloads data updates for software, drivers and BIOS from a Lenovo server directly.

    Affected Version:
    Lenovo System Update prior to version 5.07.0106

    QID Detection Logic (authenticated):
    This QID looks for the vulnerable version of Lenovo System Update (SUService.exe).

    Consequence
    Successful exploitation could allow escalation of privilege.

    Solution
    Users are advised to upgrade to Lenovo System Update 5.07.0106 or newer
    Patches
    LEN-42150
  • CVE-2020-17376
    Recently Published

    Red Hat Update for openstack-nova (RHSA-2020:3702)

    Severity
    Critical4
    Qualys ID
    238606
    Date Published
    September 18, 2020
    Vendor Reference
    RHSA-2020:3702
    CVE Reference
    CVE-2020-17376
    CVSS Scores
    Base 8.3 / Temporal 7.2
    Description
    OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform.Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.

    Security Fix(es): Soft reboot after live-migration reverts instance to original source domain XML (CVE-2020-17376)

    Affected Products:

    Red Hat OpenStack 16.1 x86_64
    Red Hat OpenStack for IBM Power 16.1 ppc64le

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3702 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3702
  • CVE-2020-17376
    In Development

    Red Hat Update for openstack-nova (RHSA-2020:3704)

    Severity
    Critical4
    Qualys ID
    238605
    Vendor Reference
    RHSA-2020:3704
    CVE Reference
    CVE-2020-17376
    CVSS Scores
    Base 8.3 / Temporal 7.2
    Description
    OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform.Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.

    Security Fix(es): Soft reboot after live-migration reverts instance to original source domain XML (CVE-2020-17376)

    Affected Products:

    Red Hat OpenStack 16 for RHEL 8 x86_64
    Red Hat OpenStack for IBM Power 16 ppc64le

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3704 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3704
  • CVE-2020-17376
    Recently Published

    Red Hat Update for openstack-nova (RHSA-2020:3706)

    Severity
    Critical4
    Qualys ID
    238604
    Date Published
    September 18, 2020
    Vendor Reference
    RHSA-2020:3706
    CVE Reference
    CVE-2020-17376
    CVSS Scores
    Base 8.3 / Temporal 7.2
    Description
    OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform.Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.

    Security Fix(es): Soft reboot after live-migration reverts instance to original source domain XML (CVE-2020-17376)

    Affected Products:

    Red Hat OpenStack 15 x86_64
    Red Hat OpenStack for IBM Power 15 ppc64le

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3706 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3706
  • CVE-2020-17376
    Recently Published

    Red Hat Update for openstack-nova (RHSA-2020:3708)

    Severity
    Critical4
    Qualys ID
    238603
    Date Published
    September 18, 2020
    Vendor Reference
    RHSA-2020:3708
    CVE Reference
    CVE-2020-17376
    CVSS Scores
    Base 8.3 / Temporal 7.2
    Description
    OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform.Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.

    Security Fix(es): Soft reboot after live-migration reverts instance to original source domain XML (CVE-2020-17376)

    Affected Products:

    Red Hat OpenStack 13 x86_64
    Red Hat OpenStack for IBM Power 13 ppc64le

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3708 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3708
  • CVE-2020-9490
    Recently Published

    Red Hat Update for httpd:2.4 (RHSA-2020:3714)

    Severity
    Critical4
    Qualys ID
    238600
    Date Published
    September 18, 2020
    Vendor Reference
    RHSA-2020:3714
    CVE Reference
    CVE-2020-9490
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es): httpd: Push diary crash on specifically crafted HTTP/2 header (CVE-2020-9490)

    Affected Products:

    Red Hat Enterprise Linux for x86_64 8 x86_64
    Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
    Red Hat Enterprise Linux Server - AUS 8.2 x86_64
    Red Hat Enterprise Linux for IBM z Systems 8 s390x
    Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
    Red Hat Enterprise Linux for Power, little endian 8 ppc64le
    Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
    Red Hat Enterprise Linux Server - TUS 8.2 x86_64
    Red Hat Enterprise Linux for ARM 64 8 aarch64
    Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
    Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
    Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3714 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3714
  • CVE-2020-7311+
    Recently Published

    McAfee Agent Multiple Vulnerabilities (SB10325)

    Severity
    Critical4
    Qualys ID
    373455
    Date Published
    September 17, 2020
    Vendor Reference
    SB10325
    CVE Reference
    CVE-2020-7311, CVE-2020-7312, CVE-2020-7315
    CVSS Scores
    Base 7.8 / Temporal 7
    Description

    The McAfee Agent is the distributed component of McAfee ePolicy Orchestrator (McAfee ePO).
    It downloads and enforces policies, and executes client-side tasks such as deployment and updating. McAfee Agent is affected with following vulnerability: CVE-2020-7311 : Privilege Escalation vulnerability CVE-2020-7312 : DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) CVE-2020-7315 : DLL Injection Vulnerability

    Affected Software:
    McAfee Agent: 5.6.x prior to 5.6.6 5.5.x prior to 5.6.6

    Detection Logic:
    The QID checks for vulnerable version of McAfee Agent by checking the version of masvc.exe file.

    Consequence
    On successful attack an attacker with local privileges would be able to execute arbitrary code and escalate privileges.
    Solution
    Install or update to McAfee Agent 5.6.6. For more details refer SB10325
    Patches
    SB10325
  • CVE-2020-15664+
    Recently Published

    CentOS Security Update for thunderbird (CESA-2020:3631)

    Severity
    Critical4
    Qualys ID
    256951
    Date Published
    September 17, 2020
    Vendor Reference
    CESA-2020:3631 centos 7
    CVE Reference
    CVE-2020-15664, CVE-2020-15669
    CVSS Scores
    Base 5 / Temporal 4.4
    Description
    CentOS has released security update for thunderbird to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    N/A
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:3631
  • CVE-2020-15664+
    Recently Published

    CentOS Security Update for thunderbird (CESA-2020:3643)

    Severity
    Critical4
    Qualys ID
    256950
    Date Published
    September 17, 2020
    Vendor Reference
    CESA-2020:3643 centos 6
    CVE Reference
    CVE-2020-15664, CVE-2020-15669
    CVSS Scores
    Base 5 / Temporal 4.4
    Description
    CentOS has released security update for thunderbird to fix the vulnerabilities.

    Affected Products:

    centos 6

    Consequence
    N/A
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 6 for updates and patch information.
    Patches
    centos 6 CESA-2020:3643
  • CVE-2020-3374
    Recently Published

    Cisco SD-WAN vManage Software Authorization Bypass Vulnerability(cisco-sa-uabvman-SYGzt8Bv)

    Severity
    Urgent5
    Qualys ID
    316709
    Date Published
    September 15, 2020
    Vendor Reference
    cisco-sa-uabvman-SYGzt8Bv
    CVE Reference
    CVE-2020-3374
    CVSS Scores
    Base 9.9 / Temporal 8.6
    Description
    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The vulnerability is due to insufficient authorization checking on the affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system.

    QID detection logic:
    The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command.

    Affected Products
    SD-WAN vManage Software prior to 18.4.5 , 19.2.x prior to 19.2.2, 19.3.x and greater prior to 20.1.1

    Consequence
    A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system.
    Solution

    Customers are advised to refer to cisco-sa-uabvman-SYGzt8Bv for more information.

    Patches
    cisco-sa-uabvman-SYGzt8Bv
  • CVE-2020-3375
    Recently Published

    Cisco SD-WAN Solution Software Buffer Overflow Vulnerability(cisco-sa-sdbufof-h5f5VSeL)

    Severity
    Urgent5
    Qualys ID
    316701
    Date Published
    September 15, 2020
    Vendor Reference
    cisco-sa-sdbufof-h5f5VSeL
    CVE Reference
    CVE-2020-3375
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device.

    QID detection logic:
    The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command.

    Affected Products
    SD-WAN vManage Software prior to 18.3.x prior to 18.4.5,19.2.x prior to 19.2.3,19.3.x prior to 20.1.1
    SD-WAN vEdge 100-M series router prior to 18.3.x prior to 18.4.5,19.2.x prior to 19.2.3,19.3.x prior to 20.1.1

    Consequence
    A successful exploit could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user.
    Solution

    Customers are advised to refer to cisco-sa-sdbufof-h5f5VSeL for more information.

    Patches
    cisco-sa-sdbufof-h5f5VSeL
  • CVE-2018-0432
    Recently Published

    Cisco SD-WAN Solution Privilege Escalation Vulnerability(cisco-sa-20180905-sd-wan-escalation)

    Severity
    Critical4
    Qualys ID
    316705
    Date Published
    September 15, 2020
    Vendor Reference
    cisco-sa-20180905-sd-wan-escalation
    CVE Reference
    CVE-2018-0432
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device.

    The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature.

    QID detection logic:
    The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command.

    Affected Products
    SD-WAN vManage Software prior to 18.3.0
    SD-WAN vEdge 100-M series router prior to 18.3.0

    Consequence
    A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.

    Solution

    Customers are advised to refer to cisco-sa-20180905-sd-wan-escalation for more information.

    Patches
    cisco-sa-20180905-sd-wan-escalation
  • CVE-2020-3351
    Recently Published

    Cisco SD-WAN Solution Software Denial of Service Vulnerability(cisco-sa-sdw-dos-KWOdyHnB)

    Severity
    Critical4
    Qualys ID
    316704
    Date Published
    September 15, 2020
    Vendor Reference
    cisco-sa-sdw-dos-KWOdyHnB
    CVE Reference
    CVE-2020-3351
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit this vulnerability by sending crafted UDP messages to the targeted system.

    QID detection logic:
    The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command.

    Affected Products
    SD-WAN vManage Software prior to 17.2.7,18.x prior to 18.3.0
    SD-WAN vEdge 100-M series router prior to 17.2.7, 18.x prior to 18.3.0

    Consequence
    A successful exploit could allow the attacker to cause services on the device to fail, resulting in a DoS condition that could impact the targeted device and other devices that depend on it.
    Solution

    Customers are advised to refer to cisco-sa-sdw-dos-KWOdyHnB for more information.

    Patches
    cisco-sa-sdw-dos-KWOdyHnB
  • CVE-2018-0433
    Recently Published

    Cisco SD-WAN Solution Command Injection Vulnerability(cisco-sa-20180905-sd-wan-injection)

    Severity
    Critical4
    Qualys ID
    316707
    Date Published
    September 15, 2020
    Vendor Reference
    cisco-sa-20180905-sd-wan-injection
    CVE Reference
    CVE-2018-0433
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

    The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility.The attacker must be authenticated to access the CLI utility.

    QID detection logic:
    The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command.

    Affected Products
    SD-WAN vManage Software prior to Release 18.3.0
    SD-WAN vEdge 100-M series router prior to Release 18.3.0

    Consequence
    A successful exploit could allow the attacker to execute commands with root privileges.

    Solution

    Customers are advised to refer to cisco-sa-20180905-sd-wan-injection for more information.

    Patches
    cisco-sa-20180905-sd-wan-injection
  • CVE-2019-1625
    Recently Published

    Cisco SD-WAN Solution Privilege Escalation Vulnerability(cisco-sa-20190619-sdwan-privesca)

    Severity
    Critical4
    Qualys ID
    316702
    Date Published
    September 15, 2020
    Vendor Reference
    cisco-sa-20190619-sdwan-privesca
    CVE Reference
    CVE-2019-1625
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges.

    QID detection logic:
    The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command.

    Affected Products:
    SD-WAN vManage Software prior to 18.3.6,18.4.x prior to 18.4.1,19.0 prior to 19.1.0
    SD-WAN vEdge 100-M series router prior to 18.3.6,18.4.x prior to 18.4.1,19.0 prior to 19.1.0

    Consequence
    A successful exploit could allow the attacker to make configuration changes to the system as the root user.
    Solution

    Customers are advised to refer to cisco-sa-20190619-sdwan-privesca for more information.

    Patches
    cisco-sa-20190619-sdwan-privesca
  • CVE-2020-5926
    Recently Published

    F5 BIG-IP ASM,LTM,APM BIG-IP SIP ALG profile vulnerability(K42830212)

    Severity
    Critical4
    Qualys ID
    373448
    Date Published
    September 15, 2020
    Vendor Reference
    K42830212
    CVE Reference
    CVE-2020-5926
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    F5 BIG-IP ASM (Application Security Manager) is a flexible web application firewall that secures web applications in traditional, virtual, and private cloud environments.
    F5 BIG-IP (LTM) Local Traffic Manager is the most popular module offered on F5 Networks BiG-IP platform. The real power of the LTM is it is a Full Proxy, allowing you to augment client and server side connections. All while making informed load balancing decisions on availability, performance, and persistence.
    F5 BIG-IP Access Policy Manager (APM) is a secure, flexible, high-performance solution that provides unified global access to your network, cloud, and applications.

    Vulnerable Component: BIG-IP ASM, APM,LTM

    Affected Versions:
    15.1.0
    15.0.0 - 15.0.1
    14.1.0 - 14.1.2

    QID Detection Logic(Authenticated):
    This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

    Consequence
    This vulnerability leads to future memory corruption and may result in the Traffic Management Microkernel (TMM) generating a core file and restarting, causing traffic disruption.

    Solution
    The vendor has released any patch, for more information please visit: K42830212
    Patches
    K42830212
  • CVE-2020-14039+
    Recently Published

    OpenSUSE Security Update for go1.14 (openSUSE-SU-2020:1407-1)

    Severity
    Critical4
    Qualys ID
    174019
    Date Published
    September 15, 2020
    Vendor Reference
    openSUSE-SU-2020:1407-1
    CVE Reference
    CVE-2020-14039, CVE-2020-15586, CVE-2020-16845
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released security update for go1.14 to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.2

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to SUSE security advisory openSUSE-SU-2020:1407-1 to address this issue and obtain further details.

    Patches
    OpenSuse openSUSE-SU-2020:1407-1
  • CVE-2020-2041
    Recently Published

    Palo Alto Networks PAN-OS Denial-Of-Service Vulnerability (PAN-151978)

    Severity
    Critical4
    Qualys ID
    13977
    Date Published
    September 15, 2020
    Vendor Reference
    PAN-151978
    CVE Reference
    CVE-2020-2041
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    PAN OS is the software that runs all Palo Alto Networks next-generation firewalls.
    An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.

    Affected Versions:
    PAN-OS 8.0 all versions
    PAN-OS 8.1 versions earlier than PAN-OS 8.1.16
    QID Detection Logic (Authenticated):
    This QID looks for the vulnerable version of PAN-OS via XML API.

    NOTE: This issue is applicable only where either Captive Portal is enabled or Multi-Factor Authentication (MFA) is configured.

    Consequence
    Successful authentication could allow a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash.

    Solution

    Refer to PAN-151978 for more information about patching this vulnerability.

    Patches
    CVE-2020-2041
  • CVE-2018-0434
    Recently Published

    Cisco SD-WAN Solution Certificate Validation Vulnerability(cisco-sa-20180905-sd-wan-validation)

    Severity
    Critical4
    Qualys ID
    316708
    Date Published
    September 15, 2020
    Vendor Reference
    cisco-sa-20180905-sd-wan-validation
    CVE Reference
    CVE-2018-0434
    CVSS Scores
    Base 7.4 / Temporal 6.4
    Description
    A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate.

    The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device.

    QID detection logic:
    The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command.

    Affected Products
    SD-WAN vManage Software prior to Release 18.3.0
    SD-WAN vEdge 100-M series router prior to Release 18.3.0

    Consequence
    A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.

    Solution

    Customers are advised to refer to cisco-sa-20180905-sd-wan-validation for more information.

    Patches
    cisco-sa-20180905-sd-wan-validation
  • CVE-2020-5929
    Recently Published

    F5 BIG-IP ASM,LTM,APM BIG-IP SSL/TLS ADH/DHE Vulnerability (K91158923)

    Severity
    Critical4
    Qualys ID
    373445
    Date Published
    September 15, 2020
    Vendor Reference
    K91158923
    CVE Reference
    CVE-2020-5929
    CVSS Scores
    Base 7.3 / Temporal 6.4
    Description
    F5 BIG-IP ASM (Application Security Manager) is a flexible web application firewall that secures web applications in traditional, virtual, and private cloud environments.
    F5 BIG-IP (LTM) Local Traffic Manager is the most popular module offered on F5 Networks BiG-IP platform. The real power of the LTM is it is a Full Proxy, allowing you to augment client and server side connections. All while making informed load balancing decisions on availability, performance, and persistence.
    F5 BIG-IP Access Policy Manager (APM) is a secure, flexible, high-performance solution that provides unified global access to your network, cloud, and applications.

    Vulnerable Component: BIG-IP ASM, APM,LTM

    Affected Versions:
    13.0.0
    12.1.0 - 12.1.2 HF1
    11.6.1 - 11.6.2

    QID Detection Logic(Authenticated):
    This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

    Consequence
    Successful exploitation allows recover the shared secret of past sessions and perform plaintext recovery of encrypted messages.

    Solution
    The vendor has released any patch, for more information please visit: K91158923
    Patches
    K91158923
  • CVE-2020-2042
    Recently Published

    Palo Alto Networks PAN-OS Management Web Interface Buffer Overflow Vulnerability (PAN-145797, PAN-150409)

    Severity
    Critical4
    Qualys ID
    13978
    Date Published
    September 15, 2020
    Vendor Reference
    PAN-145797, PAN-150409
    CVE Reference
    CVE-2020-2042
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    PAN OS is the software that runs all Palo Alto Networks next-generation firewalls.
    A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges.

    Affected Versions:
    PAN-OS 10.0 versions earlier than PAN-OS 10.0.1

    Consequence
    Successful exploitation allows attacker to execute arbitrary code with root privileges.
    Solution

    Refer to PAN-145797, PAN-150409 for more information about patching this vulnerability.

    Patches
    PAN-145797, PAN-150409
  • CVE-2020-15049+
    Recently Published

    OpenSUSE Security Update for squid (openSUSE-SU-2020:1369-1)

    Severity
    Urgent5
    Qualys ID
    174007
    Date Published
    September 14, 2020
    Vendor Reference
    openSUSE-SU-2020:1369-1
    CVE Reference
    CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    SUSE has released security update for squid to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.2

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to SUSE security advisory openSUSE-SU-2020:1369-1 to address this issue and obtain further details.

    Patches
    OpenSuse openSUSE-SU-2020:1369-1
  • CVE-2020-15049+
    Recently Published

    OpenSUSE Security Update for squid (openSUSE-SU-2020:1346-1)

    Severity
    Urgent5
    Qualys ID
    174002
    Date Published
    September 14, 2020
    Vendor Reference
    openSUSE-SU-2020:1346-1
    CVE Reference
    CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    SUSE has released security update for squid to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.1

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to SUSE security advisory openSUSE-SU-2020:1346-1 to address this issue and obtain further details.

    Patches
    OpenSuse openSUSE-SU-2020:1346-1
  • CVE-2020-15664+
    Recently Published

    Red Hat Update for thunderbird (RHSA-2020:3632)

    Severity
    Critical4
    Qualys ID
    238607
    Date Published
    September 14, 2020
    Vendor Reference
    RHSA-2020:3632
    CVE Reference
    CVE-2020-15664, CVE-2020-15669
    CVSS Scores
    Base / Temporal
    Description
    Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0.

    Security Fix(es): Mozilla: Attacker-induced prompt for extension installation (CVE-2020-15664)
    Mozilla: Use-After-Free when aborting an operation (CVE-2020-15669)

    Affected Products:

    Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
    Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
    Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
    Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3632 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3632
  • CVE-2020-17376
    Recently Published

    Red Hat Update for openstack-nova (RHSA-2020:3711)

    Severity
    Critical4
    Qualys ID
    238602
    Date Published
    September 14, 2020
    Vendor Reference
    RHSA-2020:3711
    CVE Reference
    CVE-2020-17376
    CVSS Scores
    Base 8.3 / Temporal 7.2
    Description
    OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.

    Security Fix(es): Soft reboot after live-migration reverts instance to original source domain XML (CVE-2020-17376)

    Affected Products:

    Red Hat OpenStack 10 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3711 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3711
  • CVE-2020-14361+
    Recently Published

    OpenSUSE Security Update for xorg-x11-server (openSUSE-SU-2020:1376-1)

    Severity
    Critical4
    Qualys ID
    174004
    Date Published
    September 14, 2020
    Vendor Reference
    openSUSE-SU-2020:1376-1
    CVE Reference
    CVE-2020-14361, CVE-2020-14362
    CVSS Scores
    Base 7.8 / Temporal 6.7
    Description
    SUSE has released security update for xorg-x11-server to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.2

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to SUSE security advisory openSUSE-SU-2020:1376-1 to address this issue and obtain further details.

    Patches
    OpenSuse openSUSE-SU-2020:1376-1
  • CVE-2020-14361+
    Recently Published

    OpenSUSE Security Update for xorg-x11-server (openSUSE-SU-2020:1374-1)

    Severity
    Critical4
    Qualys ID
    174003
    Date Published
    September 14, 2020
    Vendor Reference
    openSUSE-SU-2020:1374-1
    CVE Reference
    CVE-2020-14361, CVE-2020-14362
    CVSS Scores
    Base 7.8 / Temporal 6.7
    Description
    SUSE has released security update for xorg-x11-server to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.1

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to SUSE security advisory openSUSE-SU-2020:1374-1 to address this issue and obtain further details.

    Patches
    OpenSuse openSUSE-SU-2020:1374-1
  • CVE-2020-12100+
    Recently Published

    Red Hat Update for dovecot (RHSA-2020:3713)

    Severity
    Critical4
    Qualys ID
    238601
    Date Published
    September 14, 2020
    Vendor Reference
    RHSA-2020:3713
    CVE Reference
    CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.

    Security Fix(es): dovecot: Resource exhaustion via deeply nested MIME parts (CVE-2020-12100)
    dovecot: Out of bound reads in dovecot NTLM implementation (CVE-2020-12673)
    dovecot: Crash due to assert in RPA implementation (CVE-2020-12674)

    Affected Products:

    Red Hat Enterprise Linux for x86_64 8 x86_64
    Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
    Red Hat Enterprise Linux Server - AUS 8.2 x86_64
    Red Hat Enterprise Linux for IBM z Systems 8 s390x
    Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
    Red Hat Enterprise Linux for Power, little endian 8 ppc64le
    Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
    Red Hat Enterprise Linux Server - TUS 8.2 x86_64
    Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
    Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3713 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3713
  • CVE-2020-14039+
    Recently Published

    OpenSUSE Security Update for go1.14 (openSUSE-SU-2020:1405-1)

    Severity
    Critical4
    Qualys ID
    174018
    Date Published
    September 14, 2020
    Vendor Reference
    openSUSE-SU-2020:1405-1
    CVE Reference
    CVE-2020-14039, CVE-2020-15586, CVE-2020-16845
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released security update for go1.14 to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.1

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to SUSE security advisory openSUSE-SU-2020:1405-1 to address this issue and obtain further details.

    Patches
    OpenSuse openSUSE-SU-2020:1405-1
  • CVE-2020-14314+
    Recently Published

    OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2020:1382-1)

    Severity
    Critical4
    Qualys ID
    174014
    Date Published
    September 14, 2020
    Vendor Reference
    openSUSE-SU-2020:1382-1
    CVE Reference
    CVE-2020-14314, CVE-2020-14386
    CVSS Scores
    Base 6.7 / Temporal 5.8
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.2

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to SUSE security advisory openSUSE-SU-2020:1382-1 to address this issue and obtain further details.

    Patches
    OpenSuse openSUSE-SU-2020:1382-1
  • CVE-2020-14386
    Recently Published

    OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2020:1379-1)

    Severity
    Critical4
    Qualys ID
    174011
    Date Published
    September 14, 2020
    Vendor Reference
    openSUSE-SU-2020:1379-1
    CVE Reference
    CVE-2020-14386
    CVSS Scores
    Base 6.7 / Temporal 5.8
    Description
    SUSE has released security update for the linux kernel to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.1

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to SUSE security advisory openSUSE-SU-2020:1379-1 to address this issue and obtain further details.

    Patches
    OpenSuse openSUSE-SU-2020:1379-1
  • CVE-2020-15664+
    Recently Published

    CentOS Security Update for firefox (CESA-2020:3558)

    Severity
    Critical4
    Qualys ID
    256949
    Date Published
    September 14, 2020
    Vendor Reference
    CESA-2020:3558 centos 6
    CVE Reference
    CVE-2020-15664, CVE-2020-15669
    CVSS Scores
    Base 5 / Temporal 4.4
    Description
    CentOS has released security update for firefox to fix the vulnerabilities.

    Affected Products:

    centos 6

    Consequence
    N/A
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 6 for updates and patch information.
    Patches
    centos 6 CESA-2020:3558
  • CVE-2020-15664+
    Recently Published

    CentOS Security Update for firefox (CESA-2020:3556)

    Severity
    Critical4
    Qualys ID
    256948
    Date Published
    September 14, 2020
    Vendor Reference
    CESA-2020:3556 centos 7
    CVE Reference
    CVE-2020-15664, CVE-2020-15669
    CVSS Scores
    Base 5 / Temporal 4.4
    Description
    CentOS has released security update for firefox to fix the vulnerabilities.

    Affected Products:

    centos 7

    Consequence
    N/A
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
    Patches
    centos 7 CESA-2020:3556
  • CVE-2020-6559+
    Recently Published

    Red Hat Update for chromium-browser (RHSA-2020:3723)

    Severity
    Critical4
    Qualys ID
    238599
    Date Published
    September 14, 2020
    Vendor Reference
    RHSA-2020:3723
    CVE Reference
    CVE-2020-6559, CVE-2020-6560, CVE-2020-6561, CVE-2020-6562, CVE-2020-6563, CVE-2020-6564, CVE-2020-6565, CVE-2020-6566, CVE-2020-6567, CVE-2020-6568, CVE-2020-6569, CVE-2020-6570, CVE-2020-6571
    CVSS Scores
    Base / Temporal
    Description
    Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 85.0.4183.83.

    Security Fix(es): chromium-browser: Use after free in presentation API (CVE-2020-6559)
    chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6571)
    chromium-browser: Insufficient policy enforcement in autofill (CVE-2020-6560)
    chromium-browser: Inappropriate implementation in Content Security Policy (CVE-2020-6561)
    chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6562)
    chromium-browser: Insufficient policy enforcement in intent handling (CVE-2020-6563)
    chromium-browser: Incorrect security UI in permissions (CVE-2020-6564)
    chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6565)
    chromium-browser: Insufficient policy enforcement in media (CVE-2020-6566)
    chromium-browser: Insufficient validation of untrusted input in command line handling (CVE-2020-6567)
    chromium-browser: Insufficient policy enforcement in intent handling (CVE-2020-6568)
    chromium-browser: Integer overflow in WebUSB (CVE-2020-6569)
    chromium-browser: Side-channel information leakage in WebRTC (CVE-2020-6570)

    Affected Products:

    Red Hat Enterprise Linux Server 6 x86_64
    Red Hat Enterprise Linux Server 6 i386
    Red Hat Enterprise Linux Workstation 6 x86_64
    Red Hat Enterprise Linux Workstation 6 i386
    Red Hat Enterprise Linux Desktop 6 x86_64
    Red Hat Enterprise Linux Desktop 6 i386
    Red Hat Enterprise Linux for Scientific Computing 6 x86_64

    Consequence
    On successful exploitation it could allow an attacker to execute code.
    Solution
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

    Refer to Red Hat security advisory RHSA-2020:3723 to address this issue and obtain more information.

    Patches
    Red Hat Enterprise Linux RHSA-2020:3723
  • CVE-2020-15663+
    Recently Published

    OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2020:1392-1)

    Severity
    Critical4
    Qualys ID
    174015
    Date Published
    September 14, 2020
    Vendor Reference
    openSUSE-SU-2020:1392-1
    CVE Reference
    CVE-2020-15663, CVE-2020-15664, CVE-2020-15669
    CVSS Scores
    Base 5 / Temporal 4.4
    Description
    SUSE has released security update for mozillathunderbird to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.2

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to SUSE security advisory openSUSE-SU-2020:1392-1 to address this issue and obtain further details.

    Patches
    OpenSuse openSUSE-SU-2020:1392-1
  • CVE-2020-15663+
    Recently Published

    OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2020:1383-1)

    Severity
    Critical4
    Qualys ID
    174013
    Date Published
    September 14, 2020
    Vendor Reference
    openSUSE-SU-2020:1383-1
    CVE Reference
    CVE-2020-15663, CVE-2020-15664, CVE-2020-15669
    CVSS Scores
    Base 5 / Temporal 4.4
    Description
    SUSE has released security update for mozillathunderbird to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.1

    Consequence
    N/A
    Solution
    Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

    To install packages using the command line interface, use the command "yum update".

    Refer to SUSE security advisory openSUSE-SU-2020:1383-1 to address this issue and obtain further details.

    Patches
    OpenSuse openSUSE-SU-2020:1383-1
  • CVE-2020-2040
    Recently Published

    Palo Alto Networks PAN-OS Buffer Overflow Vulnerability (PAN-145149, PAN-145150, PAN-145151, PAN-145195)

    Severity
    Critical4
    Qualys ID
    13975
    Date Published
    September 11, 2020
    Vendor Reference
    PAN-145149, PAN-145150, PAN-145151, PAN-145195
    CVE Reference
    CVE-2020-2040
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    PAN OS is the software that runs all Palo Alto Networks next-generation firewalls.
    A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface.

    Affected Versions:
    PAN-OS 9.1 versions earlier than PAN-OS 9.1.3
    PAN-OS 9.0 versions earlier than PAN-OS 9.0.9
    PAN-OS 8.1 versions earlier than PAN-OS 8.1.15
    PAN-OS 8.0 all versions
    QID Detection Logic (Authenticated):
    This QID looks for the vulnerable version of PAN-OS via XML API.

    NOTE: This issue is applicable only where either Captive Portal is enabled or Multi-Factor Authentication (MFA) is configured.

    Consequence
    Successful exploitation allows attacker to execute arbitrary code with root privileges.
    Solution

    Refer to PAN-145149, PAN-145150, PAN-145151, PAN-145195 for more information about patching this vulnerability.

    Patches
    PAN-145149, PAN-145150, PAN-145151 and PAN-145195
  • CVE-2020-2036
    Recently Published

    Palo Alto Networks PAN-OS Reflected Cross-Site Scripting (XSS) vulnerability (PAN-116720)

    Severity
    Critical4
    Qualys ID
    13971
    Date Published
    September 10, 2020
    Vendor Reference
    PAN-116720
    CVE Reference
    CVE-2020-2036
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    PAN OS is the software that runs all Palo Alto Networks next-generation firewalls.
    A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface.

    Affected Versions:
    PAN-OS 9.0 versions earlier than PAN-OS 9.0.9
    PAN-OS 8.1 versions earlier than PAN-OS 8.1.16
    QID Detection Logic (Authenticated):
    This QID looks for the vulnerable version of PAN-OS via XML API.

    Consequence
    Successful exploitation allows attacker to potentially execute arbitrary JavaScript code.
    Solution

    Refer to PAN-116720 for more information about patching this vulnerability.

    Patches
    PAN-116720
  • CVE-2020-2038
    Recently Published

    Palo Alto Networks PAN-OS OS Command Injection Vulnerability (PAN-101484)

    Severity
    Critical4
    Qualys ID
    13973
    Date Published
    September 10, 2020
    Vendor Reference
    PAN-101484
    CVE Reference
    CVE-2020-2038
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    PAN OS is the software that runs all Palo Alto Networks next-generation firewalls.
    An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.

    Affected Versions:
    PAN-OS 10.0 versions earlier than PAN-OS 10.0.1
    PAN-OS 9.1 versions earlier than PAN-OS 9.1.4
    PAN-OS 9.0 versions earlier than PAN-OS 9.0.10
    QID Detection Logic (Authenticated):
    This QID looks for the vulnerable version of PAN-OS via XML API.

    Consequence
    Successful exploitation allows attacker to run arbitrary system commands with maximum privileges.
    Solution

    Refer to PAN-101484 for more information about patching this vulnerability.

    Patches
    PAN-101484
  • CVE-2020-2037
    Recently Published

    Palo Alto Networks PAN-OS OS Command Injection Vulnerability (PAN-128761)

    Severity
    Critical4
    Qualys ID
    13972
    Date Published
    September 10, 2020
    Vendor Reference
    PAN-128761
    CVE Reference
    CVE-2020-2037
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    PAN OS is the software that runs all Palo Alto Networks next-generation firewalls.
    An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.

    Affected Versions:
    PAN-OS 9.1 versions earlier than PAN-OS 9.1.3
    PAN-OS 9.0 versions earlier than PAN-OS 9.0.10
    PAN-OS 8.1 versions earlier than PAN-OS 8.1.16
    QID Detection Logic (Authenticated):
    This QID looks for the vulnerable version of PAN-OS via XML API.

    Consequence
    Successful exploitation allows an attacker to execute arbitrary OS commands in the firewall.
    Solution

    Refer to PAN-128761 for more information about patching this vulnerability.

    Patches
    PAN-128761