Vulnerability Detection Pipeline (Beta)

Upcoming and New High-Severity QIDs

Browse, filter by detection status, or search by CVE to get visibility into upcoming and new detections (QIDs) for severity 4 or 5 vulnerabilities.

This is a public beta. We welcome your feedback.

Detection Status

Under investigation: We are researching a detection and will publish one if it is feasible.
In development: We are coding a detection and will typically publish it within a few days.
Recently published: We have published the detection on the date indicated, and it will typically be available in the KnowledgeBase on shared platforms within a day.

Non-Qualys customers can audit their network for all published vulnerabilities by signing up for a Qualys Free Trial or Qualys Community Edition.

100 results

—
EOL/Obsolete Operating System: IBM AIX 7.2 TL 0, IBM AIX 7.2 TL 1 Detected
Severity
Urgent5
In Development
Qualys ID
105933
Vendor Reference
IBM AIX 7.2.0, 7.2.1 End of Support
CVSS Scores
Base 8.8 / Temporal 7.7
Description
IBM Ended support for AIX 7.2 TL1 30 November 2019
IBM Ended support for AIX 7.2 TL0 31 December 2018
QID Detection Logic (authenticated):
The QID checks for the version of IBM AIX with the help of the "uname" command.

Consequence
The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks.
Solution
Update to the latest version of IBM AIX. Refer to AIX 7.2 Overview.
Patches
AIX 7.2.4
CVE-2020-15675+
Mozilla Firefox Multiple Vulnerabilities(MFSA2020-42)
Severity
Critical4
In Development
Qualys ID
373490
Vendor Reference
MFSA2020-42
CVE Reference
CVE-2020-15675, CVE-2020-15677, CVE-2020-15676, CVE-2020-15678, CVE-2020-15673, CVE-2020-15674
CVSS Scores
Base 7.3 / Temporal 6.4
Description
Mozilla Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android.
Firefox is found to be vulnerable to the following:
CVE-2020-15675: Use-After-Free in WebGL.
CVE-2020-15677: Download origin spoofing via redirect.
CVE-2020-15676: XSS when pasting attacker-controlled data into a contenteditable element.
CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario.
CVE-2020-15673: Memory safety bugs fixed in Firefox 81.
CVE-2020-15674: Memory safety bugs fixed in Firefox 81.
Affected Versions:
versions prior to Firefox 81
QID Detection Logic (Authenticated)
This QID checks for vulnerable versions of Firefox browser.

Consequence
On successful exploitation attacker could compromise confidentiality, integrity and availability of the software.
Solution
Vendor has released fix to address these vulnerabilities. Refer to MFSA2020-42
Patches
MFSA2020-42
CVE-2020-15903
Nagios XI Privilege Escalation Vulnerability
Severity
Critical4
In Development
Qualys ID
373487
Vendor Reference
Nagios XI
CVE Reference
CVE-2020-15903
CVSS Scores
Base 9.8 / Temporal 8.5
Description
Nagios Core is a free and open source computer-software application that monitors systems, networks and infrastructure. Nagios offers monitoring and alerting services for servers, switches, applications and services.
An issue was found in Nagios XI ,there is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user.
Affected versions:
Versions prior to 5.7.3
QID Detection Logic:(Authenticated)
It to check for vulnerable version of Nagios Core from version file.
Consequence
Successful exploitation of this vulnerability may allow an authenticated attacker to gain privileges of victim system.
Solution
The vendor has released the patch.This issue was fixed in version 5.7.3. Please visit here for more information.
Patches
Nagios XI 5.7.3
CVE-2019-19920
Ubuntu Security Notification for Sa-exim Vulnerability (USN-4520-1)
Severity
Critical4
Recently Published
Qualys ID
198039
Date Published
September 24, 2020
Vendor Reference
USN-4520-1
CVE Reference
CVE-2019-19920
CVSS Scores
Base 8.8 / Temporal 7
Description
It was discovered that Exim SpamAssassin does not properly handle configuration strings.
Consequence
An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-19920)
Solution
Refer to Ubuntu advisory USN-4520-1 for affected packages and patching details, or update with your package manager.
Patches
16.04 (Xenial) on src sa-exim USN-4520-1
CVE-2019-10164+
Oracle Enterprise Linux Security Update for postgresql:10 (ELSA-2020-3669)
Severity
Urgent5
Recently Published
Qualys ID
158733
Date Published
September 24, 2020
Vendor Reference
ELSA-2020-3669
CVE Reference
CVE-2019-10164, CVE-2019-10208, CVE-2020-14350, CVE-2019-10130, CVE-2020-14349, CVE-2020-1720
CVSS Scores
Base 8.8 / Temporal 7
Description
Oracle Enterprise Linux has released security update for postgresql:10 to fix the vulnerabilities.
Affected Product:
Oracle Linux 8
Consequence
This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

ELSA-2020-3669.
Patches
Oracle Linux ELSA-2020-3669
CVE-2019-11040+
Oracle Enterprise Linux Security Update for php:7.3 (ELSA-2020-3662)
Severity
Critical4
Recently Published
Qualys ID
158732
Date Published
September 24, 2020
Vendor Reference
ELSA-2020-3662
CVE Reference
CVE-2019-11040, CVE-2019-11041, CVE-2019-11045, CVE-2019-11047, CVE-2019-11048, CVE-2019-19246, CVE-2020-7060, CVE-2019-11042, CVE-2019-19203, CVE-2019-19204, CVE-2019-20454, CVE-2020-7066, CVE-2020-7062, CVE-2019-13225, CVE-2019-16163, CVE-2019-11039, CVE-2020-7065, CVE-2020-7063, CVE-2019-11050, CVE-2019-13224, CVE-2020-7059, CVE-2020-7064
CVSS Scores
Base 9.8 / Temporal 7.8
Description
Oracle Enterprise Linux has released security update for php:7.3 to fix the vulnerabilities.
Affected Product:
Oracle Linux 8
Consequence
This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

ELSA-2020-3662.
Patches
Oracle Linux ELSA-2020-3662
CVE-2014-9488
SUSE Enterprise Linux Security Update for less (SUSE-SU-2020:2687-1)
Severity
Urgent5
Recently Published
Qualys ID
174060
Date Published
September 23, 2020
Vendor Reference
SUSE-SU-2020:2687-1
CVE Reference
CVE-2014-9488
CVSS Scores
Base / Temporal
Description
SUSE has released security update for less to fix the vulnerabilities.
Affected Product:
SUSE Linux Enterprise Server 12-SP5
Consequence
This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:2687-1 to address this issue and obtain further details.
Patches
SUSE Enterprise Linux SUSE-SU-2020:2687-1
CVE-2020-15960+
Google Chrome Prior To 85.0.4183.121 Multiple Vulnerabilities
Severity
Critical4
Recently Published
Qualys ID
373485
Date Published
September 23, 2020
Vendor Reference
85.0.4183.121
CVE Reference
CVE-2020-15960, CVE-2020-15961, CVE-2020-15962, CVE-2020-15963, CVE-2020-15965, CVE-2020-15966, CVE-2020-15964
CVSS Scores
Base / Temporal
Description
Google Chrome is a web browser for multiple platforms developed by Google.
Affected Version:
Prior to Google Chrome 85.0.4183.121
QID Detection Logic:
This QID checks for vulnerable version of Google Chrome on Windows , MAC OS and Linux OS.
Consequence
Successful exploitation of these vulnerabilities could affect Confidentiality, Integrity and Availability.
Solution
Customers are advised to upgrade to latest version 85.0.4183.121
For further details refer to Google Chrome 85.0.4183.121
Patches
Google Chrome 85.0.4183.121
CVE-2019-10197+
SUSE Enterprise Linux Security Update for samba (SUSE-SU-2020:2673-1)
Severity
Critical4
Recently Published
Qualys ID
174058
Date Published
September 23, 2020
Vendor Reference
SUSE-SU-2020:2673-1
CVE Reference
CVE-2019-10197, CVE-2019-10218, CVE-2019-14833, CVE-2019-14847, CVE-2019-14861, CVE-2019-14870, CVE-2019-14902, CVE-2019-14907, CVE-2019-19344, CVE-2020-10700, CVE-2020-10704, CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303
CVSS Scores
Base 9.1 / Temporal 7.9
Description
SUSE has released security update for samba to fix the vulnerabilities.
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server 12-SP5
Consequence
This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system.
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:2673-1 to address this issue and obtain further details.
Patches
SUSE Enterprise Linux SUSE-SU-2020:2673-1
CVE-2020-13935
Amazon Linux Security Advisory for tomcat7: AL2012-2020-317
Severity
Critical4
Recently Published
Qualys ID
352063
Date Published
September 23, 2020
CVE Reference
CVE-2020-13935
CVSS Scores
Base 7.5 / Temporal 6.5
Description
Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2020-13935:The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. 1857024: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS
Consequence
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Solution
Administrators are advised to apply the appropriate software updates.
Patches
AL2012-2020-317
CVE-2018-14647+
SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2020:2699-1)
Severity
Critical4
Recently Published
Qualys ID
174061
Date Published
September 23, 2020
Vendor Reference
SUSE-SU-2020:2699-1
CVE Reference
CVE-2018-14647, CVE-2018-20852, CVE-2019-16056, CVE-2019-16935, CVE-2019-20907, CVE-2019-9947, CVE-2020-14422
CVSS Scores
Base 7.5 / Temporal 6.5
Description
SUSE has released security update for python3 to fix the vulnerabilities.
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP5
Consequence
This vulnerability could be exploited to gain partial access to sensitive information.
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:2699-1 to address this issue and obtain further details.
Patches
SUSE Enterprise Linux SUSE-SU-2020:2699-1
CVE-2020-14392+
SUSE Enterprise Linux Security Update for perl-DBI (SUSE-SU-2020:2661-1)
Severity
Critical4
Recently Published
Qualys ID
174057
Date Published
September 23, 2020
Vendor Reference
SUSE-SU-2020:2661-1
CVE Reference
CVE-2020-14392, CVE-2020-14393
CVSS Scores
Base 7.1 / Temporal 6.2
Description
SUSE has released security update for perl-dbi to fix the vulnerabilities.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP5
Consequence
This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system.
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:2661-1 to address this issue and obtain further details.
Patches
SUSE Enterprise Linux SUSE-SU-2020:2661-1
CVE-2020-14392+
SUSE Enterprise Linux Security Update for perl-DBI (SUSE-SU-2020:2645-1)
Severity
Critical4
Recently Published
Qualys ID
174054
Date Published
September 23, 2020
Vendor Reference
SUSE-SU-2020:2645-1
CVE Reference
CVE-2020-14392, CVE-2020-14393
CVSS Scores
Base 7.1 / Temporal 6.2
Description
SUSE has released security update for perl-dbi to fix the vulnerabilities.
Affected Product:
SUSE Linux Enterprise Server for SAP 15
Consequence
This vulnerability could be exploited to gain partial access to sensitive information.
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:2645-1 to address this issue and obtain further details.
Patches
SUSE Enterprise Linux SUSE-SU-2020:2645-1
CVE-2020-9484
Amazon Linux Security Advisory for tomcat6: AL2012-2020-313
Severity
Critical4
Recently Published
Qualys ID
352059
Date Published
September 23, 2020
CVE Reference
CVE-2020-9484
CVSS Scores
Base 7 / Temporal 6.1
Description
Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2020-9484:When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. 1838332: CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE
Consequence
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Solution
Administrators are advised to apply the appropriate software updates.
Patches
AL2012-2020-313
CVE-2020-9484
Amazon Linux Security Advisory for tomcat7: AL2012-2020-312
Severity
Critical4
Recently Published
Qualys ID
352058
Date Published
September 23, 2020
CVE Reference
CVE-2020-9484
CVSS Scores
Base 7 / Temporal 6.1
Description
Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2020-9484:When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. 1838332: CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE
Consequence
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Solution
Administrators are advised to apply the appropriate software updates.
Patches
AL2012-2020-312
CVE-2020-10188
Amazon Linux Security Advisory for telnet: AL2012-2020-310
Severity
Critical4
Recently Published
Qualys ID
352056
Date Published
September 23, 2020
CVE Reference
CVE-2020-10188
CVSS Scores
Base 9.8 / Temporal 8.5
Description
Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2020-10188:1811673: CVE-2020-10188 telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
Consequence
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Solution
Administrators are advised to apply the appropriate software updates.
Patches
AL2012-2020-310
CVE-2019-18408
Amazon Linux Security Advisory for libarchive: AL2012-2020-308
Severity
Critical4
Recently Published
Qualys ID
352054
Date Published
September 23, 2020
CVE Reference
CVE-2019-18408
CVSS Scores
Base 7.5 / Temporal 6.5
Description
Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2019-18408:1769979: CVE-2019-18408 libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
Consequence
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Solution
Administrators are advised to apply the appropriate software updates.
Patches
AL2012-2020-308
CVE-2019-16746+
SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2020:2582-1)
Severity
Critical4
Recently Published
Qualys ID
174024
Date Published
September 23, 2020
Vendor Reference
SUSE-SU-2020:2582-1
CVE Reference
CVE-2019-16746, CVE-2020-14314, CVE-2020-14331, CVE-2020-14386, CVE-2020-16166
CVSS Scores
Base 9.8 / Temporal 8.5
Description
SUSE has released security update for the linux kernel to fix the vulnerabilities.
Affected Product:
SUSE Linux Enterprise Server for SAP 12-SP3
Consequence
This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:2582-1 to address this issue and obtain further details.
Patches
SUSE Enterprise Linux SUSE-SU-2020:2582-1
CVE-2020-1472
FreeBSD Security Update for samba (24ace516-fad7-11ea-8d8c-005056a311d1)
Severity
Urgent5
Recently Published
Qualys ID
373486
Date Published
September 22, 2020
Vendor Reference
24ace516-fad7-11ea-8d8c-005056a311d1
CVE Reference
CVE-2020-1472
CVSS Scores
Base 10 / Temporal 8.7
Description
FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.
FreeBSD has released a security update.
Affected version:
samba410 prior to 4.10.18
samba411 prior to 4.11.13
samba412 prior to 4.12.7
QID Detection Logic:(Authenticated)
It checks for versions of the packages to check for the vulnerable packages
Consequence
Successful exploitation allows attacker to compromise the system.
Solution
Please refer to FreeBSD security advisory 24ace516-fad7-11ea-8d8c-005056a311d1 to address this issue and obtain further details.
Patches
24ace516-fad7-11ea-8d8c-005056a311d1
CVE-2020-9484
Atlassian Jira Server and Data Center Supported Platform Apache Tomcat Remote Code Execution Vulnerability(JRASERVER-71221)
Severity
Critical4
In Development
Qualys ID
13992
Vendor Reference
JRASERVER-71221
CVE Reference
CVE-2020-9484
CVSS Scores
Base 7 / Temporal 6.1
Description
Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.
It's Supported platform Apache Tomcat vulnerable to Remote Code Execution vulnerability via session persistence.
Affected Versions:
Apache Tomcat 10.0.0-M1 to 10.0.0-M4
Apache Tomcat 9.0.0.M1 to 9.0.34
Apache Tomcat 8.5.0 to 8.5.54
Apache Tomcat 7.0.0 to 7.0.103
QID Detection Logic (Unauthenticated):
The QID checks for vulnerable version by sending a GET /QUALYS13785 HTTP/1.0 request which helps in retrieving the installed version of Apache Tomcat in the banner of the response.

Consequence
Successful exploitation may result in remote code execution.
Solution
Upgrade to the Apache Tomcat 7.0.104,8.5.55, 9.0.0.35,10.0.0-M5 or to the latest version of Apache Tomcat. Please refer to Apache Tomcat Website.
Patches
Apache Tomcat
CVE-2020-5208
Amazon Linux Security Advisory for ipmitool: AL2012-2020-309
Severity
Critical4
Recently Published
Qualys ID
352055
Date Published
September 23, 2020
CVE Reference
CVE-2020-5208
CVSS Scores
Base 8.8 / Temporal 7.7
Description
Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2020-5208:It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. 1798721: CVE-2020-5208 ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c
Consequence
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Solution
Administrators are advised to apply the appropriate software updates.
Patches
AL2012-2020-309
CVE-2020-8616+
Amazon Linux Security Advisory for bind: AL2012-2020-311
Severity
Critical4
Recently Published
Qualys ID
352057
Date Published
September 23, 2020
CVE Reference
CVE-2020-8616, CVE-2020-8617
CVSS Scores
Base 8.6 / Temporal 7.7
Description
Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2020-8617:1836124: CVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.
CVE-2020-8616:1836118: CVE-2020-8616 bind: BIND does not sufficiently limit the number of fetches performed when processing referrals A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.
Consequence
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Solution
Administrators are advised to apply the appropriate software updates.
Patches
AL2012-2020-311
CVE-2020-7040
Ubuntu Security Notification for Storebackup Vulnerability (USN-4508-1)
Severity
Critical4
Recently Published
Qualys ID
198029
Date Published
September 23, 2020
Vendor Reference
USN-4508-1
CVE Reference
CVE-2020-7040
CVSS Scores
Base 8.1 / Temporal 6.5
Description
It was discovered that StoreBackup did not properly manage lock files.
Consequence
A local attacker could use this issue to cause a denial of service or escalate privileges and run arbitrary code. (CVE-2020-7040)
Solution
Refer to Ubuntu advisory USN-4508-1 for affected packages and patching details, or update with your package manager.
Patches
16.04 (Xenial) on src storebackup USN-4508-1, 18.04 (bionic) on src storebackup USN-4508-1, 20.04 (focal) on src storebackup USN-4508-1
CVE-2020-10135+
SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2020:2610-1)
Severity
Critical4
Recently Published
Qualys ID
174026
Date Published
September 23, 2020
Vendor Reference
SUSE-SU-2020:2610-1
CVE Reference
CVE-2020-10135, CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-14386, CVE-2020-16166, CVE-2020-1749, CVE-2020-24394
CVSS Scores
Base 7.8 / Temporal 6.8
Description
SUSE has released security update for the linux kernel to fix the vulnerabilities.
Affected Product:
SUSE Linux Enterprise Server for SAP 15
Consequence
This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:2610-1 to address this issue and obtain further details.
Patches
SUSE Enterprise Linux SUSE-SU-2020:2610-1
CVE-2020-24614
OpenSUSE Security Update for fossil (openSUSE-SU-2020:1478-1)
Severity
Critical4
Recently Published
Qualys ID
174045
Date Published
September 22, 2020
Vendor Reference
openSUSE-SU-2020:1478-1
CVE Reference
CVE-2020-24614
CVSS Scores
Base 8.8 / Temporal 7.7
Description
SUSE has released security update for fossil to fix the vulnerabilities.
Affected Products:
openSUSE Leap 15.2
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP2
openSUSE Backports SLE-15-SP1

Consequence
N/A
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2020:1478-1 to address this issue and obtain further details.
Patches
OpenSuse openSUSE-SU-2020:1478-1
CVE-2020-14392+
OpenSUSE Security Update for perl-DBI (openSUSE-SU-2020:1483-1)
Severity
Critical4
Recently Published
Qualys ID
174047
Date Published
September 22, 2020
Vendor Reference
openSUSE-SU-2020:1483-1
CVE Reference
CVE-2020-14392, CVE-2020-14393
CVSS Scores
Base 7.1 / Temporal 6.1
Description
SUSE has released security update for perl-dbi to fix the vulnerabilities.
Affected Products:
openSUSE Leap 15.2

Consequence
N/A
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2020:1483-1 to address this issue and obtain further details.
Patches
OpenSuse openSUSE-SU-2020:1483-1
CVE-2020-3980
VMware Fusion Privilege Escalation Vulnerability (VMSA-2020-0020)
Severity
Critical4
In Development
Qualys ID
373481
Vendor Reference
VMSA-2020-0020
CVE Reference
CVE-2020-3980
CVSS Scores
Base 6.7 / Temporal 6.1
Description
VMware Fusion is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems
VMware Fusion contains a privilege escalation vulnerability due to the way it allows configuring the system wide path.
Affected Versions:
VMware Fusion prior to 11.x
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of Fusion exe file.
Consequence
An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.
Solution
Patch for VMware Fusion is not released yet.

Refer to VMware advisory VMSA-2020-0020 for updates.
CVE-2020-24977
Fedora Security Update for mingw-libxml2 (FEDORA-2020-b60dbdd538)
Severity
Critical4
Recently Published
Qualys ID
280426
Date Published
September 22, 2020
Vendor Reference
FEDORA-2020-b60dbdd538 Fedora 32
CVE Reference
CVE-2020-24977
CVSS Scores
Base 6.5 / Temporal 5.7
Description
Fedora has released security update for mingw-libxml2 to fix the vulnerability.
Affected OS:
Fedora 32
Consequence
Successful exploitation allows attacker to compromise the system.
Solution
Fedora has issued updated packages to fix this vulnerability.
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 32 Update
Patches
Fedora 32 FEDORA-2020-b60dbdd538
CVE-2020-24977
Fedora Security Update for mingw-libxml2 (FEDORA-2020-7dd29dacad)
Severity
Critical4
Recently Published
Qualys ID
280425
Date Published
September 22, 2020
Vendor Reference
FEDORA-2020-7dd29dacad Fedora 31
CVE Reference
CVE-2020-24977
CVSS Scores
Base 6.5 / Temporal 5.7
Description
Fedora has released security update for mingw-libxml2 to fix the vulnerability.
Affected OS:
Fedora 31
Consequence
Successful exploitation allows attacker to compromise the system.
Solution
Fedora has issued updated packages to fix this vulnerability.
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 31 Update
Patches
Fedora 31 FEDORA-2020-7dd29dacad
CVE-2020-14339
OpenSUSE Security Update for libvirt (openSUSE-SU-2020:1455-1)
Severity
Critical4
Recently Published
Qualys ID
174038
Date Published
September 22, 2020
Vendor Reference
openSUSE-SU-2020:1455-1
CVE Reference
CVE-2020-14339
CVSS Scores
Base 5 / Temporal 4.4
Description
SUSE has released security update for libvirt to fix the vulnerabilities.
Affected Products:
openSUSE Leap 15.2

Consequence
N/A
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2020:1455-1 to address this issue and obtain further details.
Patches
OpenSuse openSUSE-SU-2020:1455-1
CVE-2020-13670+
Drupal Core Multiple Vulnerabilities(SA-CORE-2020-011, SA-CORE-2020-010, SA-CORE-2020-009, SA-CORE-2020-008)
Severity
Urgent5
Recently Published
Qualys ID
13985
Date Published
September 21, 2020
Vendor Reference
SA-CORE-2020-008, SA-CORE-2020-009, SA-CORE-2020-010, SA-CORE-2020-011
CVE Reference
CVE-2020-13670, CVE-2020-13669, CVE-2020-13668, CVE-2020-13667
CVSS Scores
Base 7.3 / Temporal 6.4
Description
Drupal is a free and open source content management framework written in PHP and distributed under the GNU General Public License.
Affected Versions:
Drupal 8.8.x, prior to Drupal 8.8.10.
Drupal 8.9.x, prior to Drupal 8.9.6.
Drupal 9.0.x, prior to Drupal 9.0.6.
QID Detection Logic:(Unauthenticated)
This QID checks for vulnerable version of Drupal installed on the target.
Consequence
Successful exploitation of these vulnerabilities could affect Confidentiality, Integrity and Availability.
Solution
Customers are advised to install latest drupal version.
For more information visit Drupal security advisory SA-CORE-2020-011 Drupal security advisory SA-CORE-2020-010 Drupal security advisory SA-CORE-2020-009 Drupal security advisory SA-CORE-2020-008
Patches
sa-core-2020-008, sa-core-2020-009, sa-core-2020-010, sa-core-2020-011
CVE-2020-15094
Fedora Security Update for php-symfony4 (FEDORA-2020-16eb328853)
Severity
Critical4
Recently Published
Qualys ID
280406
Date Published
September 21, 2020
Vendor Reference
FEDORA-2020-16eb328853 Fedora 32
CVE Reference
CVE-2020-15094
CVSS Scores
Base 8.8 / Temporal 7.7
Description
Fedora has released security update for php-symfony4 to fix the vulnerability.
Affected OS:
Fedora 32
Consequence
Successful exploitation allows attacker to compromise the system.
Solution
Fedora has issued updated packages to fix this vulnerability.
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 32 Update
Patches
Fedora 32 FEDORA-2020-16eb328853
—
WordPress Plugin Advanced Access Manager - Arbitrary File Access/Download vulnerability
Severity
Critical4
In Development
Qualys ID
150318
CVSS Scores
Base 7.5 / Temporal 6.7
Description
Advanced Access Manager is a WordPress plugin that gives you the ability to manage access to your website content for any role, individual user and visitors or even define the default access to all posts, pages, custom post types, categories etc. The plugin suffers from a Arbitrary File Access/Download vulnerability.
Affected Version:
All versions prior to 5.9.9
QID Detection Logic:
The QID send a request, along with the payload and looks for a pattern in the response, in order to confirm the vulnerability.
Consequence
Successful exploitation of the vulnerability could completely compromise the confidentiality of the application.
Solution
Customers are advised to upgrade to the fixed versions of Advanced Access Manager 6.0 to remediate the vulnerability.
For more Information Please visit WordPress plugin
Patches
-
CVE-2020-7293+
McAfee Web Gateway Improper Authorization Vulnerabilities (SB10323)
Severity
Critical4
Recently Published
Qualys ID
13982
Date Published
September 22, 2020
Vendor Reference
SB10323
CVE Reference
CVE-2020-7293, CVE-2020-7294, CVE-2020-7295, CVE-2020-7296, CVE-2020-7297
CVSS Scores
Base 9 / Temporal 8.1
Description
McAfee Web Gateway Anti-Malware Engine, part of McAfee Web Protection, is a powerful in-line technology designed to protect against contemporary threats delivered via HTTP and HTTPS channels, taking web exploit detection, zero-day, and targeted threat prevention to the next level.
Affected Versions:
McAfee Web Gateway 9.x earlier than 9.2.3
McAfee Web Gateway 8.2.x earlier than 8.2.11
McAfee Web Gateway 7.8.x earlier than 7.8.2.23

QID Detection Logic :
This QID retrieves McAfee Web Gateway version and checks to see if it's vulnerable.
Consequence
A successful exploit allows a remote attacker to gain improper access control in the user,REST interface.
Solution
Update McAfee Gateway to fixed releases 9.2.3,8.2.11, 7.8.2.23 or Refer to McAfee Advisory SB10323 for more details.
Patches
SB10323
CVE-2020-13666
Drupal Core Cross Site Scripting Vulnerability (SA-CORE-2020-007)
Severity
Critical4
Recently Published
Qualys ID
13986
Date Published
September 21, 2020
Vendor Reference
SA-CORE-2020-007
CVE Reference
CVE-2020-13666
CVSS Scores
Base 7.3 / Temporal 6.4
Description
Drupal is a free and open source content management framework written in PHP and distributed under the GNU General Public License.
Affected Versions:
Drupal 7.x, prior to Drupal 7.73.
Drupal 8.8.x, prior to Drupal 8.8.10.
Drupal 8.9.x, prior to Drupal 8.9.6.
Drupal 9.0.x, prior to Drupal 9.0.6.
QID Detection Logic:(Unauthenticated)
This QID checks for vulnerable version of Drupal installed on the target.
Consequence
Successful exploitation of these vulnerabilities could affect Confidentiality, Integrity and Availability.
Solution
Customers are advised to install latest drupal version.
For more information visitDrupal security advisory SA-CORE-2020-007
Patches
SA-CORE-2020-007
CVE-2020-24977
Fedora Security Update for libxml2 (FEDORA-2020-35087800be)
Severity
Critical4
Recently Published
Qualys ID
280391
Date Published
September 21, 2020
Vendor Reference
FEDORA-2020-35087800be Fedora 32
CVE Reference
CVE-2020-24977
CVSS Scores
Base 6.5 / Temporal 5.6
Description
Fedora has released security update for libxml2 to fix the vulnerability.
Affected OS:
Fedora 32
Consequence
Successful exploitation allows attacker to compromise the system.
Solution
Fedora has issued updated packages to fix this vulnerability.
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 32 Update
Patches
Fedora 32 FEDORA-2020-35087800be
CVE-2020-1472
Ubuntu Security Notification for Samba Vulnerability (USN-4510-1)
Severity
Urgent5
Recently Published
Qualys ID
198031
Date Published
September 18, 2020
Vendor Reference
USN-4510-1
CVE Reference
CVE-2020-1472
CVSS Scores
Base 10 / Temporal 9.3
Description
Netlogon protocol implemented by Samba incorrectly handles the authentication scheme. A remote attacker could use this issue to forge authentication tokens and steal the credentials of the domain admin.
Affected Versions:
Ubuntu Linux 16.04
Ubuntu Linux 18.04
Consequence
Successful exploitation of the vulnerability will allow attackers to forge authentication tokens and steal the credentials of the domain admin.
Solution
Refer to Ubuntu advisory USN-4510-1 for affected packages and patching details, or update with your package manager.
Patches
USN-4510-1
CVE-2020-1472
Ubuntu Security Notification for Samba Vulnerability (USN-4510-2) (Deprecated)
Severity
Urgent5
Recently Published
Qualys ID
198030
Date Published
September 18, 2020
Vendor Reference
USN-4510-2
CVE Reference
CVE-2020-1472
CVSS Scores
Base 10 / Temporal 9.3
Description
Netlogon protocol implemented by Samba incorrectly handles the authentication scheme. A remote attacker could use this issue to forge authentication tokens and steal the credentials of the domain admin.
Affected Versions:
Ubuntu Linux 14.04
Note: QID 198030 is deprecated as ubuntu 14.04 ESM is not supported.
Consequence
Successful exploitation of the vulnerability will allow attackers to forge authentication tokens and steal the credentials of the domain admin.
Solution
Refer to Ubuntu advisory USN-4510-2 for affected packages and patching details, or update with your package manager.
Patches
USN-4510-2
CVE-2020-11984+
Amazon Linux Security Advisory for httpd: ALAS2-2020-1490
Severity
Critical4
Recently Published
Qualys ID
352050
Date Published
September 18, 2020
Vendor Reference
ALAS-2020-1490
CVE Reference
CVE-2020-11984, CVE-2020-11993, CVE-2020-9490
CVSS Scores
Base 9.8 / Temporal 7.8
Description
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-11984 )
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove() that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-9490 )
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by mod_http2 at debug/trace log level may lead to potential crashes and denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-11993 )

Consequence
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Solution
Please refer to Amazon advisory ALAS-2020-1490 for affected packages and patching details, or update with your package manager.
Patches
Amazon Linux 2 httpd (2.4.46-1.amzn2) on aarch64 ALAS-2020-1490, Amazon Linux 2 httpd (2.4.46-1.amzn2) on i686 ALAS-2020-1490, Amazon Linux 2 httpd (2.4.46-1.amzn2) on noarch ALAS-2020-1490, Amazon Linux 2 httpd (2.4.46-1.amzn2) on src ALAS-2020-1490, Amazon Linux 2 httpd (2.4.46-1.amzn2) on x86_64 ALAS-2020-1490
CVE-2020-1224+
Microsoft Office and Microsoft Office Services Security Update for MacOS September 2020
Severity
Critical4
Recently Published
Qualys ID
110362
Date Published
September 18, 2020
Vendor Reference
Office for Mac 2016, Office for Mac 2019
CVE Reference
CVE-2020-1224, CVE-2020-1218, CVE-2020-1338, CVE-2020-1193, CVE-2020-16855
CVSS Scores
Base 8.8 / Temporal 7.7
Description
Microsoft has released September 2020 security updates to fix multiple security vulnerabilities.
Affected Version:
Office for Mac 2019 prior to 16.41 (Build 20091302)
Office for Mac 2016 prior to 16.16.26 (20091400)
QID Detection Logic:
This authenticated QID checks the file versions from the Microsoft advisory with the versions on affected office system.
Consequence
Successful exploitation allows an attacker to execute code remotely.
Solution
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches
Microsoft Office
CVE-2020-14556+
Amazon Linux Security Advisory for java-1.8.0-openjdk: ALAS2-2020-1491
Severity
Critical4
Recently Published
Qualys ID
352053
Date Published
September 18, 2020
Vendor Reference
ALAS-2020-1491
CVE Reference
CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621
CVSS Scores
Base 8.3 / Temporal 6.7
Description
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-14579 )
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). (CVE-2020-14583 )
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14577 )
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access
Consequence
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Solution
Please refer to Amazon advisory ALAS-2020-1491 for affected packages and patching details, or update with your package manager.
Patches
Amazon Linux 2 java-1.8.0-openjdk (1.8.0.265.b01-1.amzn2.0.1) on aarch64 ALAS-2020-1491, Amazon Linux 2 java-1.8.0-openjdk (1.8.0.265.b01-1.amzn2.0.1) on i686 ALAS-2020-1491, Amazon Linux 2 java-1.8.0-openjdk (1.8.0.265.b01-1.amzn2.0.1) on noarch ALAS-2020-1491, Amazon Linux 2 java-1.8.0-openjdk (1.8.0.265.b01-1.amzn2.0.1) on src ALAS-2020-1491, Amazon Linux 2 java-1.8.0-openjdk (1.8.0.265.b01-1.amzn2.0.1) on x86_64 ALAS-2020-1491
CVE-2020-11993+
Amazon Linux Security Advisory for mod_http2: ALAS2-2020-1493
Severity
Critical4
Recently Published
Qualys ID
352052
Date Published
September 18, 2020
Vendor Reference
ALAS-2020-1493
CVE Reference
CVE-2020-11993, CVE-2020-9490
CVSS Scores
Base 7.5 / Temporal 6
Description
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove() that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-9490 )
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by mod_http2 at debug/trace log level may lead to potential crashes and denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-11993 )

Consequence
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Solution
Please refer to Amazon advisory ALAS-2020-1493 for affected packages and patching details, or update with your package manager.
Patches
Amazon Linux 2 mod_http2 (1.15.14-2.amzn2) on aarch64 ALAS-2020-1493, Amazon Linux 2 mod_http2 (1.15.14-2.amzn2) on i686 ALAS-2020-1493, Amazon Linux 2 mod_http2 (1.15.14-2.amzn2) on src ALAS-2020-1493, Amazon Linux 2 mod_http2 (1.15.14-2.amzn2) on x86_64 ALAS-2020-1493
CVE-2020-12100+
Amazon Linux Security Advisory for dovecot: ALAS2-2020-1489
Severity
Critical4
Recently Published
Qualys ID
352049
Date Published
September 18, 2020
Vendor Reference
ALAS-2020-1489
CVE Reference
CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
CVSS Scores
Base 7.5 / Temporal 6
Description
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. A flaw was found in dovecot. An attacker can use the way dovecot handles RPA (Remote Passphrase Authentication) to crash the authentication process repeatedly preventing login. The highest threat from this vulnerability is to system availability. (CVE-2020-12674 )
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. A flaw was found in dovecot. A remote attacker could cause a denial of service by repeatedly sending emails containing MIME parts containing malicious content of which dovecot will attempt to parse. The highest threat from this vulnerability is to system availability. (CVE-2020-12100 )
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. A flaw was found in dovecot. An out-of-bounds read flaw was found in the way dovecot handled NTLM authentication allowing an attacker to crash the dovecot auth process repeatedly preventing login. The highest threat from this vulnerability is to system availability. (CVE-2020-12673 )

Consequence
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Solution
Please refer to Amazon advisory ALAS-2020-1489 for affected packages and patching details, or update with your package manager.
Patches
Amazon Linux 2 dovecot (2.2.36-6.amzn2.1) on aarch64 ALAS-2020-1489, Amazon Linux 2 dovecot (2.2.36-6.amzn2.1) on i686 ALAS-2020-1489, Amazon Linux 2 dovecot (2.2.36-6.amzn2.1) on src ALAS-2020-1489, Amazon Linux 2 dovecot (2.2.36-6.amzn2.1) on x86_64 ALAS-2020-1489
CVE-2020-1472
Microsoft Windows Netlogon Elevation of Privilege Vulnerability (unauthenticated check)
Severity
Critical4
In Development
Qualys ID
91680
Vendor Reference
CVE-2020-1472
CVE Reference
CVE-2020-1472
CVSS Scores
Base 10 / Temporal 9
Description
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC).
Affected Versions:
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server, version 1903 Windows Server, version 1909 Windows Server, version 2004
QID Detection Logic (unauthenticated):
This remote detection sends "NetrServerAuthenticate" payload with client credential all 0 to detect the vulnerability.
Consequence
An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.
Solution
Please refer to the CVE-2020-1472 Update Guide for more information pertaining to these vulnerabilities.
Patches
WIndows CVE-2020-1472
—
EOL/Obsolete Software: Cisco Jabber For Windows Prior To 12.0.x Detected
Severity
Urgent5
In Development
Qualys ID
105932
Vendor Reference
Cisco Jabber
CVSS Scores
Base 8.1 / Temporal 7.2
Description
The host is running Cisco Jabber for Windows. Cisco ended support of Cisco Jabber for Windows for version 11.9.x and 12.0.x on September 15, 2019 and provides no further support for the product.
QID Detection Logic (authenticated):
The QID checks for the registry key to check if Cisco Jabber for Windows is installed on the system or not and if it is a EOL version.
Consequence
The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks.
Solution
Update to the latest version of Cisco Jabber for Windows. Refer to Cisco Jabber.
CVE-2020-14556+
Amazon Linux Security Advisory for java-1.8.0-openjdk: ALAS-2020-1434
Severity
Critical4
Recently Published
Qualys ID
352048
Date Published
September 18, 2020
Vendor Reference
ALAS-2020-1434
CVE Reference
CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621
CVSS Scores
Base 8.3 / Temporal 6.7
Description
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-14579 )
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). (CVE-2020-14583 )
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14577 )
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unaut
Consequence
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Solution
Please refer to Amazon advisory ALAS-2020-1434 for affected packages and patching details, or update with your package manager.
Patches
Amazon Linux java-1.8.0-openjdk (1.8.0.265.b01-0.54.amzn1) on i686 ALAS-2020-1434, Amazon Linux java-1.8.0-openjdk (1.8.0.265.b01-0.54.amzn1) on noarch ALAS-2020-1434, Amazon Linux java-1.8.0-openjdk (1.8.0.265.b01-0.54.amzn1) on src ALAS-2020-1434, Amazon Linux java-1.8.0-openjdk (1.8.0.265.b01-0.54.amzn1) on x86_64 ALAS-2020-1434
CVE-2020-6573+
Red Hat Update for chromium-browser (RHSA-2020:3740)
Severity
Critical4
Recently Published
Qualys ID
238610
Date Published
September 18, 2020
Vendor Reference
RHSA-2020:3740
CVE Reference
CVE-2020-6573, CVE-2020-6574, CVE-2020-6575, CVE-2020-6576, CVE-2020-15959
CVSS Scores
Base / Temporal
Description
Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 85.0.4183.102.
Security Fix(es): chromium-browser: Use after free in video (CVE-2020-6573)
chromium-browser: Insufficient policy enforcement in installer (CVE-2020-6574)
chromium-browser: Race in Mojo (CVE-2020-6575)
chromium-browser: Use after free in offscreen canvas (CVE-2020-6576)
chromium-browser: Insufficient policy enforcement in networking (CVE-2020-15959)
Affected Products:

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3740 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3740
CVE-2020-14352
Red Hat Update for librepo (RHSA-2020:3749)
Severity
Critical4
Recently Published
Qualys ID
238609
Date Published
September 18, 2020
Vendor Reference
RHSA-2020:3749
CVE Reference
CVE-2020-14352
CVSS Scores
Base 8 / Temporal 7
Description
The librepo library provides a C and Python API to download repository metadata.
Security Fix(es): librepo: missing path validation in repomd.xml may lead to directory traversal (CVE-2020-14352)
Affected Products:

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3749 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3749
CVE-2020-14345+
OpenSUSE Security Update for xorg-x11-server (openSUSE-SU-2020:1302-1)
Severity
Critical4
Recently Published
Qualys ID
174036
Date Published
September 18, 2020
Vendor Reference
openSUSE-SU-2020:1302-1
CVE Reference
CVE-2020-14345, CVE-2020-14346, CVE-2020-14347
CVSS Scores
Base 7.8 / Temporal 6.8
Description
SUSE has released security update for xorg-x11-server to fix the vulnerabilities.
Affected Products:
openSUSE Leap 15.2

Consequence
N/A
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2020:1302-1 to address this issue and obtain further details.
Patches
OpenSuse openSUSE-SU-2020:1302-1
CVE-2020-14345+
OpenSUSE Security Update for xorg-x11-server (openSUSE-SU-2020:1279-1)
Severity
Critical4
Recently Published
Qualys ID
174035
Date Published
September 18, 2020
Vendor Reference
openSUSE-SU-2020:1279-1
CVE Reference
CVE-2020-14345, CVE-2020-14346, CVE-2020-14347
CVSS Scores
Base 7.8 / Temporal 6.8
Description
SUSE has released security update for xorg-x11-server to fix the vulnerabilities.
Affected Products:
openSUSE Leap 15.1

Consequence
N/A
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2020:1279-1 to address this issue and obtain further details.
Patches
OpenSuse openSUSE-SU-2020:1279-1
CVE-2020-3327+
Amazon Linux Security Advisory for clamav: ALAS-2020-1433
Severity
Critical4
Recently Published
Qualys ID
352047
Date Published
September 18, 2020
Vendor Reference
ALAS-2020-1433
CVE Reference
CVE-2020-3327, CVE-2020-3350, CVE-2020-3481
CVSS Scores
Base 7.5 / Temporal 6
Description
Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.3 that could cause a denial-of-service (DoS) condition. Improper bounds checking resulted in an out-of-bounds read that could cause a crash. The previous fix for this CVE in version 0.102.3 was incomplete. This fix correctly resolves the issue. (CVE-2020-3327 )
Fixed a vulnerability a malicious user could exploit to replace a scan target directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (such as a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan and clamonacc. (CVE-2020-3350 )
Fixed a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could cause a denial-of-service (DoS) condition. Improper error handling could cause a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in affected versions. (CVE-2020-3481 )
Consequence
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Solution
Please refer to Amazon advisory ALAS-2020-1433 for affected packages and patching details, or update with your package manager.
Patches
Amazon Linux clamav (0.102.4-1.44.amzn1) on i686 ALAS-2020-1433, Amazon Linux clamav (0.102.4-1.44.amzn1) on noarch ALAS-2020-1433, Amazon Linux clamav (0.102.4-1.44.amzn1) on src ALAS-2020-1433, Amazon Linux clamav (0.102.4-1.44.amzn1) on x86_64 ALAS-2020-1433
CVE-2020-12100+
CentOS Security Update for dovecot (CESA-2020:3617)
Severity
Critical4
Recently Published
Qualys ID
256952
Date Published
September 18, 2020
Vendor Reference
CESA-2020:3617 centos 7
CVE Reference
CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
CVSS Scores
Base 7.5 / Temporal 6.5
Description
CentOS has released security update for dovecot to fix the vulnerabilities.
Affected Products:

centos 7
Consequence
N/A
Solution
To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
Patches
centos 7 CESA-2020:3617
CVE-2020-9490
Red Hat Update for httpd:2.4 (RHSA-2020:3726)
Severity
Critical4
Recently Published
Qualys ID
238615
Date Published
September 18, 2020
Vendor Reference
RHSA-2020:3726
CVE Reference
CVE-2020-9490
CVSS Scores
Base 7.5 / Temporal 6.5
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es): httpd: Push diary crash on specifically crafted HTTP/2 header (CVE-2020-9490)
Affected Products:

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3726 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3726
CVE-2020-14384
Red Hat Update for Red Hat JBoss Enterprise Application Platform 6.4 (RHSA-2020:3730)
Severity
Critical4
Recently Published
Qualys ID
238614
Date Published
September 18, 2020
Vendor Reference
RHSA-2020:3730
CVE Reference
CVE-2020-14384
CVSS Scores
Base 7.5 / Temporal 6.5
Description
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.23 includes bug fixes and enhancements, which are documented in the Release Notes document listed in the References section.
Security Fix(es): jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS (CVE-2020-14384)
Affected Products:

JBoss Enterprise Application Platform 6.4 for RHEL 7 x86_64
JBoss Enterprise Application Platform 6.4 for RHEL 7 ppc64
JBoss Enterprise Application Platform 6.4 for RHEL 6 x86_64
JBoss Enterprise Application Platform 6.4 for RHEL 6 ppc64
JBoss Enterprise Application Platform 6.4 for RHEL 6 i386
JBoss Enterprise Application Platform 6.4 for RHEL 5 x86_64
JBoss Enterprise Application Platform 6.4 for RHEL 5 i386
JBoss Enterprise Application Platform 6 for RHEL 7 x86_64
JBoss Enterprise Application Platform 6 for RHEL 7 ppc64
JBoss Enterprise Application Platform 6 for RHEL 6 x86_64
JBoss Enterprise Application Platform 6 for RHEL 6 ppc64
JBoss Enterprise Application Platform 6 for RHEL 6 i386
JBoss Enterprise Application Platform 6 for RHEL 5 x86_64
JBoss Enterprise Application Platform 6 for RHEL 5 i386

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3730 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3730
CVE-2020-9490
Red Hat Update for httpd24-httpd (RHSA-2020:3733)
Severity
Critical4
Recently Published
Qualys ID
238612
Date Published
September 18, 2020
Vendor Reference
RHSA-2020:3733
CVE Reference
CVE-2020-9490
CVSS Scores
Base 7.5 / Temporal 6.5
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es): httpd: Push diary crash on specifically crafted HTTP/2 header (CVE-2020-9490)
Affected Products:

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7 s390x
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7 ppc64le
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6 x86_64
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.6 s390x
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.6 ppc64le
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
Red Hat Software Collections (for RHEL Server for ARM) 1 aarch64
Red Hat Software Collections (for RHEL Server) 1 for RHEL 6 x86_64
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6 x86_64

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3733 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3733
CVE-2020-12100+
Red Hat Update for dovecot (RHSA-2020:3736)
Severity
Critical4
Recently Published
Qualys ID
238611
Date Published
September 18, 2020
Vendor Reference
RHSA-2020:3736
CVE Reference
CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
CVSS Scores
Base 7.5 / Temporal 6.5
Description
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.
Security Fix(es): dovecot: Resource exhaustion via deeply nested MIME parts (CVE-2020-12100)
dovecot: Out of bound reads in dovecot NTLM implementation (CVE-2020-12673)
dovecot: Crash due to assert in RPA implementation (CVE-2020-12674)
Affected Products:

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.1 x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.1 s390x
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.1 aarch64

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3736 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3736
CVE-2020-10700+
OpenSUSE Security Update for ldb, samba (openSUSE-SU-2020:1313-1)
Severity
Critical4
In Development
Qualys ID
174031
Vendor Reference
openSUSE-SU-2020:1313-1
CVE Reference
CVE-2020-10700, CVE-2020-10704, CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303
CVSS Scores
Base 7.5 / Temporal 6.5
Description
SUSE has released security update for ldb, samba to fix the vulnerabilities.
Affected Products:
openSUSE Leap 15.2

Consequence
N/A
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2020:1313-1 to address this issue and obtain further details.
Patches
OpenSuse openSUSE-SU-2020:1313-1
CVE-2019-2911+
Red Hat Update for mysql:8.0 (RHSA-2020:3732)
Severity
Critical4
Recently Published
Qualys ID
238613
Date Published
September 18, 2020
Vendor Reference
RHSA-2020:3732
CVE Reference
CVE-2019-2911, CVE-2019-2914, CVE-2019-2938, CVE-2019-2946, CVE-2019-2957, CVE-2019-2960, CVE-2019-2963, CVE-2019-2966, CVE-2019-2967, CVE-2019-2968, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2993, CVE-2019-2997, CVE-2019-2998, CVE-2019-3004, CVE-2019-3009, CVE-2019-3011, CVE-2019-3018, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574, CVE-2020-2577, CVE-2020-2579, CVE-2020-2580, CVE-2020-2584, CVE-2020-2588, CVE-2020-2589, CVE-2020-2627, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2694, CVE-2020-2752, CVE-2020-2759, CVE-2020-2760, CVE-2020-2761, CVE-2020-2762, CVE-2020-2763, CVE-2020-2765, CVE-2020-2770, CVE-2020-2774, CVE-2020-2779, CVE-2020-2780, CVE-2020-2804, CVE-2020-2812, CVE-2020-2814, CVE-2020-2853, CVE-2020-2892, CVE-2020-2893, CVE-2020-2895, CVE-2020-2896, CVE-2020-2897, CVE-2020-2898, CVE-2020-2901, CVE-2020-2903, CVE-2020-2904, CVE-2020-2921, CVE-2020-2922, CVE-2020-2923, CVE-2020-2924, CVE-2020-2925, CVE-2020-2926, CVE-2020-2928, CVE-2020-2930, CVE-2020-14539, CVE-2020-14540, CVE-2020-14547, CVE-2020-14550, CVE-2020-14553, CVE-2020-14559, CVE-2020-14567, CVE-2020-14568, CVE-2020-14575, CVE-2020-14576, CVE-2020-14586, CVE-2020-14597, CVE-2020-14614, CVE-2020-14619, CVE-2020-14620, CVE-2020-14623, CVE-2020-14624, CVE-2020-14631, CVE-2020-14632, CVE-2020-14633, CVE-2020-14634, CVE-2020-14641, CVE-2020-14643, CVE-2020-14651, CVE-2020-14654, CVE-2020-14656, CVE-2020-14663, CVE-2020-14678, CVE-2020-14680, CVE-2020-14697, CVE-2020-14702, CVE-2020-14725
CVSS Scores
Base 7.2 / Temporal 6.3
Description
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.The following packages have been upgraded to a later upstream version: mysql (8.0.21).
Security Fix(es): mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702)
mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957)
mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)
mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925)
mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)
mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)
mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011)
mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580)
mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)
mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)
mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632)
mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)
mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)
mysql: Server
Affected Products:

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3732 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3732
CVE-2019-2911+
Red Hat Update for mysql:8.0 (RHSA-2020:3757)
Severity
Critical4
Recently Published
Qualys ID
238608
Date Published
September 18, 2020
Vendor Reference
RHSA-2020:3757
CVE Reference
CVE-2019-2911, CVE-2019-2914, CVE-2019-2938, CVE-2019-2946, CVE-2019-2957, CVE-2019-2960, CVE-2019-2963, CVE-2019-2966, CVE-2019-2967, CVE-2019-2968, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2993, CVE-2019-2997, CVE-2019-2998, CVE-2019-3004, CVE-2019-3009, CVE-2019-3011, CVE-2019-3018, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574, CVE-2020-2577, CVE-2020-2579, CVE-2020-2580, CVE-2020-2584, CVE-2020-2588, CVE-2020-2589, CVE-2020-2627, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2694, CVE-2020-2752, CVE-2020-2759, CVE-2020-2760, CVE-2020-2761, CVE-2020-2762, CVE-2020-2763, CVE-2020-2765, CVE-2020-2770, CVE-2020-2774, CVE-2020-2779, CVE-2020-2780, CVE-2020-2804, CVE-2020-2812, CVE-2020-2814, CVE-2020-2853, CVE-2020-2892, CVE-2020-2893, CVE-2020-2895, CVE-2020-2896, CVE-2020-2897, CVE-2020-2898, CVE-2020-2901, CVE-2020-2903, CVE-2020-2904, CVE-2020-2921, CVE-2020-2922, CVE-2020-2923, CVE-2020-2924, CVE-2020-2925, CVE-2020-2926, CVE-2020-2928, CVE-2020-2930, CVE-2020-14539, CVE-2020-14540, CVE-2020-14547, CVE-2020-14550, CVE-2020-14553, CVE-2020-14559, CVE-2020-14567, CVE-2020-14568, CVE-2020-14575, CVE-2020-14576, CVE-2020-14586, CVE-2020-14597, CVE-2020-14614, CVE-2020-14619, CVE-2020-14620, CVE-2020-14623, CVE-2020-14624, CVE-2020-14631, CVE-2020-14632, CVE-2020-14633, CVE-2020-14634, CVE-2020-14641, CVE-2020-14643, CVE-2020-14651, CVE-2020-14654, CVE-2020-14656, CVE-2020-14663, CVE-2020-14678, CVE-2020-14680, CVE-2020-14697, CVE-2020-14702, CVE-2020-14725
CVSS Scores
Base 7.2 / Temporal 6.3
Description
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql (8.0.21).
Security Fix(es): mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702)
mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957)
mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)
mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925)
mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)
mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)
mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011)
mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580)
mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)
mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)
mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632)
mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)
mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)
mysql: Server
Affected Products:

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3757 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3757
CVE-2020-12066
Debian Security Update for teeworlds (DSA 4763-1)
Severity
Critical4
Recently Published
Qualys ID
178080
Date Published
September 18, 2020
Vendor Reference
DSA 4763-1
CVE Reference
CVE-2020-12066
CVSS Scores
Base 7.5 / Temporal 6.5
Description
Debian has released security update for teeworlds to fix the vulnerabilities.
Consequence
Successful exploitation allows attacker to compromise the system.
Solution
Refer to Debian security advisory DSA 4763-1 to address this issue and obtain further details.
Patches
Debian DSA 4763-1
CVE-2020-8342
Lenovo System Update Privilege escalation Vulnerability(LEN-42150)
Severity
Critical4
Recently Published
Qualys ID
373453
Date Published
September 18, 2020
Vendor Reference
LEN-42150
CVE Reference
CVE-2020-8342
CVSS Scores
Base 7 / Temporal 6
Description
Lenovo System Update is a software application which downloads data updates for software, drivers and BIOS from a Lenovo server directly.
Affected Version:
Lenovo System Update prior to version 5.07.0106
QID Detection Logic (authenticated):
This QID looks for the vulnerable version of Lenovo System Update (SUService.exe).
Consequence
Successful exploitation could allow escalation of privilege.
Solution
Users are advised to upgrade to Lenovo System Update 5.07.0106 or newer
Patches
LEN-42150
CVE-2020-17376
Red Hat Update for openstack-nova (RHSA-2020:3702)
Severity
Critical4
Recently Published
Qualys ID
238606
Date Published
September 18, 2020
Vendor Reference
RHSA-2020:3702
CVE Reference
CVE-2020-17376
CVSS Scores
Base 8.3 / Temporal 7.2
Description
OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform.Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.
Security Fix(es): Soft reboot after live-migration reverts instance to original source domain XML (CVE-2020-17376)
Affected Products:

Red Hat OpenStack 16.1 x86_64
Red Hat OpenStack for IBM Power 16.1 ppc64le

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3702 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3702
CVE-2020-17376
Red Hat Update for openstack-nova (RHSA-2020:3704)
Severity
Critical4
In Development
Qualys ID
238605
Vendor Reference
RHSA-2020:3704
CVE Reference
CVE-2020-17376
CVSS Scores
Base 8.3 / Temporal 7.2
Description
OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform.Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.
Security Fix(es): Soft reboot after live-migration reverts instance to original source domain XML (CVE-2020-17376)
Affected Products:

Red Hat OpenStack 16 for RHEL 8 x86_64
Red Hat OpenStack for IBM Power 16 ppc64le

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3704 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3704
CVE-2020-17376
Red Hat Update for openstack-nova (RHSA-2020:3706)
Severity
Critical4
Recently Published
Qualys ID
238604
Date Published
September 18, 2020
Vendor Reference
RHSA-2020:3706
CVE Reference
CVE-2020-17376
CVSS Scores
Base 8.3 / Temporal 7.2
Description
OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform.Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.
Security Fix(es): Soft reboot after live-migration reverts instance to original source domain XML (CVE-2020-17376)
Affected Products:

Red Hat OpenStack 15 x86_64
Red Hat OpenStack for IBM Power 15 ppc64le

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3706 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3706
CVE-2020-17376
Red Hat Update for openstack-nova (RHSA-2020:3708)
Severity
Critical4
Recently Published
Qualys ID
238603
Date Published
September 18, 2020
Vendor Reference
RHSA-2020:3708
CVE Reference
CVE-2020-17376
CVSS Scores
Base 8.3 / Temporal 7.2
Description
OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform.Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.
Security Fix(es): Soft reboot after live-migration reverts instance to original source domain XML (CVE-2020-17376)
Affected Products:

Red Hat OpenStack 13 x86_64
Red Hat OpenStack for IBM Power 13 ppc64le

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3708 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3708
CVE-2020-9490
Red Hat Update for httpd:2.4 (RHSA-2020:3714)
Severity
Critical4
Recently Published
Qualys ID
238600
Date Published
September 18, 2020
Vendor Reference
RHSA-2020:3714
CVE Reference
CVE-2020-9490
CVSS Scores
Base 7.5 / Temporal 6.5
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es): httpd: Push diary crash on specifically crafted HTTP/2 header (CVE-2020-9490)
Affected Products:

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3714 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3714
CVE-2020-7311+
McAfee Agent Multiple Vulnerabilities (SB10325)
Severity
Critical4
Recently Published
Qualys ID
373455
Date Published
September 17, 2020
Vendor Reference
SB10325
CVE Reference
CVE-2020-7311, CVE-2020-7312, CVE-2020-7315
CVSS Scores
Base 7.8 / Temporal 7
Description
The McAfee Agent is the distributed component of McAfee ePolicy Orchestrator (McAfee ePO).
It downloads and enforces policies, and executes client-side tasks such as deployment and updating. McAfee Agent is affected with following vulnerability: CVE-2020-7311 : Privilege Escalation vulnerability CVE-2020-7312 : DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) CVE-2020-7315 : DLL Injection Vulnerability
Affected Software:
McAfee Agent: 5.6.x prior to 5.6.6 5.5.x prior to 5.6.6
Detection Logic:
The QID checks for vulnerable version of McAfee Agent by checking the version of masvc.exe file.
Consequence
On successful attack an attacker with local privileges would be able to execute arbitrary code and escalate privileges.
Solution
Install or update to McAfee Agent 5.6.6. For more details refer SB10325
Patches
SB10325
CVE-2020-15664+
CentOS Security Update for thunderbird (CESA-2020:3631)
Severity
Critical4
Recently Published
Qualys ID
256951
Date Published
September 17, 2020
Vendor Reference
CESA-2020:3631 centos 7
CVE Reference
CVE-2020-15664, CVE-2020-15669
CVSS Scores
Base 5 / Temporal 4.4
Description
CentOS has released security update for thunderbird to fix the vulnerabilities.
Affected Products:

centos 7
Consequence
N/A
Solution
To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
Patches
centos 7 CESA-2020:3631
CVE-2020-15664+
CentOS Security Update for thunderbird (CESA-2020:3643)
Severity
Critical4
Recently Published
Qualys ID
256950
Date Published
September 17, 2020
Vendor Reference
CESA-2020:3643 centos 6
CVE Reference
CVE-2020-15664, CVE-2020-15669
CVSS Scores
Base 5 / Temporal 4.4
Description
CentOS has released security update for thunderbird to fix the vulnerabilities.
Affected Products:

centos 6
Consequence
N/A
Solution
To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 6 for updates and patch information.
Patches
centos 6 CESA-2020:3643
CVE-2020-3374
Cisco SD-WAN vManage Software Authorization Bypass Vulnerability(cisco-sa-uabvman-SYGzt8Bv)
Severity
Urgent5
Recently Published
Qualys ID
316709
Date Published
September 15, 2020
Vendor Reference
cisco-sa-uabvman-SYGzt8Bv
CVE Reference
CVE-2020-3374
CVSS Scores
Base 9.9 / Temporal 8.6
Description
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The vulnerability is due to insufficient authorization checking on the affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system.
QID detection logic:
The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command.
Affected Products
SD-WAN vManage Software prior to 18.4.5 , 19.2.x prior to 19.2.2, 19.3.x and greater prior to 20.1.1
Consequence
A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system.
Solution
Customers are advised to refer to cisco-sa-uabvman-SYGzt8Bv for more information.
Patches
cisco-sa-uabvman-SYGzt8Bv
CVE-2020-3375
Cisco SD-WAN Solution Software Buffer Overflow Vulnerability(cisco-sa-sdbufof-h5f5VSeL)
Severity
Urgent5
Recently Published
Qualys ID
316701
Date Published
September 15, 2020
Vendor Reference
cisco-sa-sdbufof-h5f5VSeL
CVE Reference
CVE-2020-3375
CVSS Scores
Base 9.8 / Temporal 8.5
Description
A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device.
QID detection logic:
The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command.
Affected Products
SD-WAN vManage Software prior to 18.3.x prior to 18.4.5,19.2.x prior to 19.2.3,19.3.x prior to 20.1.1
SD-WAN vEdge 100-M series router prior to 18.3.x prior to 18.4.5,19.2.x prior to 19.2.3,19.3.x prior to 20.1.1

Consequence
A successful exploit could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user.
Solution
Customers are advised to refer to cisco-sa-sdbufof-h5f5VSeL for more information.
Patches
cisco-sa-sdbufof-h5f5VSeL
CVE-2018-0432
Cisco SD-WAN Solution Privilege Escalation Vulnerability(cisco-sa-20180905-sd-wan-escalation)
Severity
Critical4
Recently Published
Qualys ID
316705
Date Published
September 15, 2020
Vendor Reference
cisco-sa-20180905-sd-wan-escalation
CVE Reference
CVE-2018-0432
CVSS Scores
Base 8.8 / Temporal 7.7
Description
A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device.
The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature.
QID detection logic:
The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command.
Affected Products
SD-WAN vManage Software prior to 18.3.0
SD-WAN vEdge 100-M series router prior to 18.3.0
Consequence
A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.

Solution
Customers are advised to refer to cisco-sa-20180905-sd-wan-escalation for more information.
Patches
cisco-sa-20180905-sd-wan-escalation
CVE-2020-3351
Cisco SD-WAN Solution Software Denial of Service Vulnerability(cisco-sa-sdw-dos-KWOdyHnB)
Severity
Critical4
Recently Published
Qualys ID
316704
Date Published
September 15, 2020
Vendor Reference
cisco-sa-sdw-dos-KWOdyHnB
CVE Reference
CVE-2020-3351
CVSS Scores
Base 8.6 / Temporal 7.5
Description
A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit this vulnerability by sending crafted UDP messages to the targeted system.
QID detection logic:
The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command.
Affected Products
SD-WAN vManage Software prior to 17.2.7,18.x prior to 18.3.0
SD-WAN vEdge 100-M series router prior to 17.2.7, 18.x prior to 18.3.0
Consequence
A successful exploit could allow the attacker to cause services on the device to fail, resulting in a DoS condition that could impact the targeted device and other devices that depend on it.
Solution
Customers are advised to refer to cisco-sa-sdw-dos-KWOdyHnB for more information.
Patches
cisco-sa-sdw-dos-KWOdyHnB
CVE-2018-0433
Cisco SD-WAN Solution Command Injection Vulnerability(cisco-sa-20180905-sd-wan-injection)
Severity
Critical4
Recently Published
Qualys ID
316707
Date Published
September 15, 2020
Vendor Reference
cisco-sa-20180905-sd-wan-injection
CVE Reference
CVE-2018-0433
CVSS Scores
Base 7.8 / Temporal 6.8
Description
A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility.The attacker must be authenticated to access the CLI utility.
QID detection logic:
The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command.
Affected Products
SD-WAN vManage Software prior to Release 18.3.0
SD-WAN vEdge 100-M series router prior to Release 18.3.0
Consequence
A successful exploit could allow the attacker to execute commands with root privileges.

Solution
Customers are advised to refer to cisco-sa-20180905-sd-wan-injection for more information.
Patches
cisco-sa-20180905-sd-wan-injection
CVE-2019-1625
Cisco SD-WAN Solution Privilege Escalation Vulnerability(cisco-sa-20190619-sdwan-privesca)
Severity
Critical4
Recently Published
Qualys ID
316702
Date Published
September 15, 2020
Vendor Reference
cisco-sa-20190619-sdwan-privesca
CVE Reference
CVE-2019-1625
CVSS Scores
Base 7.8 / Temporal 6.8
Description
A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges.
QID detection logic:
The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command.
Affected Products:
SD-WAN vManage Software prior to 18.3.6,18.4.x prior to 18.4.1,19.0 prior to 19.1.0
SD-WAN vEdge 100-M series router prior to 18.3.6,18.4.x prior to 18.4.1,19.0 prior to 19.1.0
Consequence
A successful exploit could allow the attacker to make configuration changes to the system as the root user.
Solution
Customers are advised to refer to cisco-sa-20190619-sdwan-privesca for more information.
Patches
cisco-sa-20190619-sdwan-privesca
CVE-2020-5926
F5 BIG-IP ASM,LTM,APM BIG-IP SIP ALG profile vulnerability(K42830212)
Severity
Critical4
Recently Published
Qualys ID
373448
Date Published
September 15, 2020
Vendor Reference
K42830212
CVE Reference
CVE-2020-5926
CVSS Scores
Base 7.5 / Temporal 6.5
Description
F5 BIG-IP ASM (Application Security Manager) is a flexible web application firewall that secures web applications in traditional, virtual, and private cloud environments.
F5 BIG-IP (LTM) Local Traffic Manager is the most popular module offered on F5 Networks BiG-IP platform. The real power of the LTM is it is a Full Proxy, allowing you to augment client and server side connections. All while making informed load balancing decisions on availability, performance, and persistence.
F5 BIG-IP Access Policy Manager (APM) is a secure, flexible, high-performance solution that provides unified global access to your network, cloud, and applications.
Vulnerable Component: BIG-IP ASM, APM,LTM
Affected Versions:
15.1.0
15.0.0 - 15.0.1
14.1.0 - 14.1.2
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
Consequence
This vulnerability leads to future memory corruption and may result in the Traffic Management Microkernel (TMM) generating a core file and restarting, causing traffic disruption.

Solution
The vendor has released any patch, for more information please visit: K42830212
Patches
K42830212
CVE-2020-14039+
OpenSUSE Security Update for go1.14 (openSUSE-SU-2020:1407-1)
Severity
Critical4
Recently Published
Qualys ID
174019
Date Published
September 15, 2020
Vendor Reference
openSUSE-SU-2020:1407-1
CVE Reference
CVE-2020-14039, CVE-2020-15586, CVE-2020-16845
CVSS Scores
Base 7.5 / Temporal 6.5
Description
SUSE has released security update for go1.14 to fix the vulnerabilities.
Affected Products:
openSUSE Leap 15.2

Consequence
N/A
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2020:1407-1 to address this issue and obtain further details.
Patches
OpenSuse openSUSE-SU-2020:1407-1
CVE-2020-2041
Palo Alto Networks PAN-OS Denial-Of-Service Vulnerability (PAN-151978)
Severity
Critical4
Recently Published
Qualys ID
13977
Date Published
September 15, 2020
Vendor Reference
PAN-151978
CVE Reference
CVE-2020-2041
CVSS Scores
Base 7.5 / Temporal 6.5
Description
PAN OS is the software that runs all Palo Alto Networks next-generation firewalls.
An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.
Affected Versions:
PAN-OS 8.0 all versions
PAN-OS 8.1 versions earlier than PAN-OS 8.1.16
QID Detection Logic (Authenticated):
This QID looks for the vulnerable version of PAN-OS via XML API.
NOTE: This issue is applicable only where either Captive Portal is enabled or Multi-Factor Authentication (MFA) is configured.
Consequence
Successful authentication could allow a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash.
Solution
Refer to PAN-151978 for more information about patching this vulnerability.
Patches
CVE-2020-2041
CVE-2018-0434
Cisco SD-WAN Solution Certificate Validation Vulnerability(cisco-sa-20180905-sd-wan-validation)
Severity
Critical4
Recently Published
Qualys ID
316708
Date Published
September 15, 2020
Vendor Reference
cisco-sa-20180905-sd-wan-validation
CVE Reference
CVE-2018-0434
CVSS Scores
Base 7.4 / Temporal 6.4
Description
A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate.
The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device.
QID detection logic:
The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command.
Affected Products
SD-WAN vManage Software prior to Release 18.3.0
SD-WAN vEdge 100-M series router prior to Release 18.3.0
Consequence
A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.

Solution
Customers are advised to refer to cisco-sa-20180905-sd-wan-validation for more information.
Patches
cisco-sa-20180905-sd-wan-validation
CVE-2020-5929
F5 BIG-IP ASM,LTM,APM BIG-IP SSL/TLS ADH/DHE Vulnerability (K91158923)
Severity
Critical4
Recently Published
Qualys ID
373445
Date Published
September 15, 2020
Vendor Reference
K91158923
CVE Reference
CVE-2020-5929
CVSS Scores
Base 7.3 / Temporal 6.4
Description
F5 BIG-IP ASM (Application Security Manager) is a flexible web application firewall that secures web applications in traditional, virtual, and private cloud environments.
F5 BIG-IP (LTM) Local Traffic Manager is the most popular module offered on F5 Networks BiG-IP platform. The real power of the LTM is it is a Full Proxy, allowing you to augment client and server side connections. All while making informed load balancing decisions on availability, performance, and persistence.
F5 BIG-IP Access Policy Manager (APM) is a secure, flexible, high-performance solution that provides unified global access to your network, cloud, and applications.
Vulnerable Component: BIG-IP ASM, APM,LTM
Affected Versions:
13.0.0
12.1.0 - 12.1.2 HF1
11.6.1 - 11.6.2
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

Consequence
Successful exploitation allows recover the shared secret of past sessions and perform plaintext recovery of encrypted messages.
Solution
The vendor has released any patch, for more information please visit: K91158923
Patches
K91158923
CVE-2020-2042
Palo Alto Networks PAN-OS Management Web Interface Buffer Overflow Vulnerability (PAN-145797, PAN-150409)
Severity
Critical4
Recently Published
Qualys ID
13978
Date Published
September 15, 2020
Vendor Reference
PAN-145797, PAN-150409
CVE Reference
CVE-2020-2042
CVSS Scores
Base 7.2 / Temporal 6.3
Description
PAN OS is the software that runs all Palo Alto Networks next-generation firewalls.
A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges.
Affected Versions:
PAN-OS 10.0 versions earlier than PAN-OS 10.0.1
Consequence
Successful exploitation allows attacker to execute arbitrary code with root privileges.
Solution
Refer to PAN-145797, PAN-150409 for more information about patching this vulnerability.
Patches
PAN-145797, PAN-150409
CVE-2020-15049+
OpenSUSE Security Update for squid (openSUSE-SU-2020:1369-1)
Severity
Urgent5
Recently Published
Qualys ID
174007
Date Published
September 14, 2020
Vendor Reference
openSUSE-SU-2020:1369-1
CVE Reference
CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606
CVSS Scores
Base 8.8 / Temporal 7.7
Description
SUSE has released security update for squid to fix the vulnerabilities.
Affected Products:
openSUSE Leap 15.2

Consequence
N/A
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2020:1369-1 to address this issue and obtain further details.
Patches
OpenSuse openSUSE-SU-2020:1369-1
CVE-2020-15049+
OpenSUSE Security Update for squid (openSUSE-SU-2020:1346-1)
Severity
Urgent5
Recently Published
Qualys ID
174002
Date Published
September 14, 2020
Vendor Reference
openSUSE-SU-2020:1346-1
CVE Reference
CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606
CVSS Scores
Base 8.8 / Temporal 7.7
Description
SUSE has released security update for squid to fix the vulnerabilities.
Affected Products:
openSUSE Leap 15.1

Consequence
N/A
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2020:1346-1 to address this issue and obtain further details.
Patches
OpenSuse openSUSE-SU-2020:1346-1
CVE-2020-15664+
Red Hat Update for thunderbird (RHSA-2020:3632)
Severity
Critical4
Recently Published
Qualys ID
238607
Date Published
September 14, 2020
Vendor Reference
RHSA-2020:3632
CVE Reference
CVE-2020-15664, CVE-2020-15669
CVSS Scores
Base / Temporal
Description
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0.
Security Fix(es): Mozilla: Attacker-induced prompt for extension installation (CVE-2020-15664)
Mozilla: Use-After-Free when aborting an operation (CVE-2020-15669)
Affected Products:

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3632 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3632
CVE-2020-17376
Red Hat Update for openstack-nova (RHSA-2020:3711)
Severity
Critical4
Recently Published
Qualys ID
238602
Date Published
September 14, 2020
Vendor Reference
RHSA-2020:3711
CVE Reference
CVE-2020-17376
CVSS Scores
Base 8.3 / Temporal 7.2
Description
OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.
Security Fix(es): Soft reboot after live-migration reverts instance to original source domain XML (CVE-2020-17376)
Affected Products:

Red Hat OpenStack 10 x86_64

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3711 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3711
CVE-2020-14361+
OpenSUSE Security Update for xorg-x11-server (openSUSE-SU-2020:1376-1)
Severity
Critical4
Recently Published
Qualys ID
174004
Date Published
September 14, 2020
Vendor Reference
openSUSE-SU-2020:1376-1
CVE Reference
CVE-2020-14361, CVE-2020-14362
CVSS Scores
Base 7.8 / Temporal 6.7
Description
SUSE has released security update for xorg-x11-server to fix the vulnerabilities.
Affected Products:
openSUSE Leap 15.2

Consequence
N/A
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2020:1376-1 to address this issue and obtain further details.
Patches
OpenSuse openSUSE-SU-2020:1376-1
CVE-2020-14361+
OpenSUSE Security Update for xorg-x11-server (openSUSE-SU-2020:1374-1)
Severity
Critical4
Recently Published
Qualys ID
174003
Date Published
September 14, 2020
Vendor Reference
openSUSE-SU-2020:1374-1
CVE Reference
CVE-2020-14361, CVE-2020-14362
CVSS Scores
Base 7.8 / Temporal 6.7
Description
SUSE has released security update for xorg-x11-server to fix the vulnerabilities.
Affected Products:
openSUSE Leap 15.1

Consequence
N/A
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2020:1374-1 to address this issue and obtain further details.
Patches
OpenSuse openSUSE-SU-2020:1374-1
CVE-2020-12100+
Red Hat Update for dovecot (RHSA-2020:3713)
Severity
Critical4
Recently Published
Qualys ID
238601
Date Published
September 14, 2020
Vendor Reference
RHSA-2020:3713
CVE Reference
CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
CVSS Scores
Base 7.5 / Temporal 6.5
Description
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.
Security Fix(es): dovecot: Resource exhaustion via deeply nested MIME parts (CVE-2020-12100)
dovecot: Out of bound reads in dovecot NTLM implementation (CVE-2020-12673)
dovecot: Crash due to assert in RPA implementation (CVE-2020-12674)
Affected Products:

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3713 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3713
CVE-2020-14039+
OpenSUSE Security Update for go1.14 (openSUSE-SU-2020:1405-1)
Severity
Critical4
Recently Published
Qualys ID
174018
Date Published
September 14, 2020
Vendor Reference
openSUSE-SU-2020:1405-1
CVE Reference
CVE-2020-14039, CVE-2020-15586, CVE-2020-16845
CVSS Scores
Base 7.5 / Temporal 6.5
Description
SUSE has released security update for go1.14 to fix the vulnerabilities.
Affected Products:
openSUSE Leap 15.1

Consequence
N/A
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2020:1405-1 to address this issue and obtain further details.
Patches
OpenSuse openSUSE-SU-2020:1405-1
CVE-2020-14314+
OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2020:1382-1)
Severity
Critical4
Recently Published
Qualys ID
174014
Date Published
September 14, 2020
Vendor Reference
openSUSE-SU-2020:1382-1
CVE Reference
CVE-2020-14314, CVE-2020-14386
CVSS Scores
Base 6.7 / Temporal 5.8
Description
SUSE has released security update for the linux kernel to fix the vulnerabilities.
Affected Products:
openSUSE Leap 15.2

Consequence
N/A
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2020:1382-1 to address this issue and obtain further details.
Patches
OpenSuse openSUSE-SU-2020:1382-1
CVE-2020-14386
OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2020:1379-1)
Severity
Critical4
Recently Published
Qualys ID
174011
Date Published
September 14, 2020
Vendor Reference
openSUSE-SU-2020:1379-1
CVE Reference
CVE-2020-14386
CVSS Scores
Base 6.7 / Temporal 5.8
Description
SUSE has released security update for the linux kernel to fix the vulnerabilities.
Affected Products:
openSUSE Leap 15.1

Consequence
N/A
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2020:1379-1 to address this issue and obtain further details.
Patches
OpenSuse openSUSE-SU-2020:1379-1
CVE-2020-15664+
CentOS Security Update for firefox (CESA-2020:3558)
Severity
Critical4
Recently Published
Qualys ID
256949
Date Published
September 14, 2020
Vendor Reference
CESA-2020:3558 centos 6
CVE Reference
CVE-2020-15664, CVE-2020-15669
CVSS Scores
Base 5 / Temporal 4.4
Description
CentOS has released security update for firefox to fix the vulnerabilities.
Affected Products:

centos 6
Consequence
N/A
Solution
To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 6 for updates and patch information.
Patches
centos 6 CESA-2020:3558
CVE-2020-15664+
CentOS Security Update for firefox (CESA-2020:3556)
Severity
Critical4
Recently Published
Qualys ID
256948
Date Published
September 14, 2020
Vendor Reference
CESA-2020:3556 centos 7
CVE Reference
CVE-2020-15664, CVE-2020-15669
CVSS Scores
Base 5 / Temporal 4.4
Description
CentOS has released security update for firefox to fix the vulnerabilities.
Affected Products:

centos 7
Consequence
N/A
Solution
To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.
Patches
centos 7 CESA-2020:3556
CVE-2020-6559+
Red Hat Update for chromium-browser (RHSA-2020:3723)
Severity
Critical4
Recently Published
Qualys ID
238599
Date Published
September 14, 2020
Vendor Reference
RHSA-2020:3723
CVE Reference
CVE-2020-6559, CVE-2020-6560, CVE-2020-6561, CVE-2020-6562, CVE-2020-6563, CVE-2020-6564, CVE-2020-6565, CVE-2020-6566, CVE-2020-6567, CVE-2020-6568, CVE-2020-6569, CVE-2020-6570, CVE-2020-6571
CVSS Scores
Base / Temporal
Description
Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 85.0.4183.83.
Security Fix(es): chromium-browser: Use after free in presentation API (CVE-2020-6559)
chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6571)
chromium-browser: Insufficient policy enforcement in autofill (CVE-2020-6560)
chromium-browser: Inappropriate implementation in Content Security Policy (CVE-2020-6561)
chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6562)
chromium-browser: Insufficient policy enforcement in intent handling (CVE-2020-6563)
chromium-browser: Incorrect security UI in permissions (CVE-2020-6564)
chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6565)
chromium-browser: Insufficient policy enforcement in media (CVE-2020-6566)
chromium-browser: Insufficient validation of untrusted input in command line handling (CVE-2020-6567)
chromium-browser: Insufficient policy enforcement in intent handling (CVE-2020-6568)
chromium-browser: Integer overflow in WebUSB (CVE-2020-6569)
chromium-browser: Side-channel information leakage in WebRTC (CVE-2020-6570)
Affected Products:

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Consequence
On successful exploitation it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2020:3723 to address this issue and obtain more information.
Patches
Red Hat Enterprise Linux RHSA-2020:3723
CVE-2020-15663+
OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2020:1392-1)
Severity
Critical4
Recently Published
Qualys ID
174015
Date Published
September 14, 2020
Vendor Reference
openSUSE-SU-2020:1392-1
CVE Reference
CVE-2020-15663, CVE-2020-15664, CVE-2020-15669
CVSS Scores
Base 5 / Temporal 4.4
Description
SUSE has released security update for mozillathunderbird to fix the vulnerabilities.
Affected Products:
openSUSE Leap 15.2

Consequence
N/A
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2020:1392-1 to address this issue and obtain further details.
Patches
OpenSuse openSUSE-SU-2020:1392-1
CVE-2020-15663+
OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2020:1383-1)
Severity
Critical4
Recently Published
Qualys ID
174013
Date Published
September 14, 2020
Vendor Reference
openSUSE-SU-2020:1383-1
CVE Reference
CVE-2020-15663, CVE-2020-15664, CVE-2020-15669
CVSS Scores
Base 5 / Temporal 4.4
Description
SUSE has released security update for mozillathunderbird to fix the vulnerabilities.
Affected Products:
openSUSE Leap 15.1

Consequence
N/A
Solution
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2020:1383-1 to address this issue and obtain further details.
Patches
OpenSuse openSUSE-SU-2020:1383-1
CVE-2020-2040
Palo Alto Networks PAN-OS Buffer Overflow Vulnerability (PAN-145149, PAN-145150, PAN-145151, PAN-145195)
Severity
Critical4
Recently Published
Qualys ID
13975
Date Published
September 11, 2020
Vendor Reference
PAN-145149, PAN-145150, PAN-145151, PAN-145195
CVE Reference
CVE-2020-2040
CVSS Scores
Base 9.8 / Temporal 8.5
Description
PAN OS is the software that runs all Palo Alto Networks next-generation firewalls.
A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface.
Affected Versions:
PAN-OS 9.1 versions earlier than PAN-OS 9.1.3
PAN-OS 9.0 versions earlier than PAN-OS 9.0.9
PAN-OS 8.1 versions earlier than PAN-OS 8.1.15
PAN-OS 8.0 all versions
QID Detection Logic (Authenticated):
This QID looks for the vulnerable version of PAN-OS via XML API.
NOTE: This issue is applicable only where either Captive Portal is enabled or Multi-Factor Authentication (MFA) is configured.
Consequence
Successful exploitation allows attacker to execute arbitrary code with root privileges.
Solution
Refer to PAN-145149, PAN-145150, PAN-145151, PAN-145195 for more information about patching this vulnerability.
Patches
PAN-145149, PAN-145150, PAN-145151 and PAN-145195
CVE-2020-2036
Palo Alto Networks PAN-OS Reflected Cross-Site Scripting (XSS) vulnerability (PAN-116720)
Severity
Critical4
Recently Published
Qualys ID
13971
Date Published
September 10, 2020
Vendor Reference
PAN-116720
CVE Reference
CVE-2020-2036
CVSS Scores
Base 8.8 / Temporal 7.7
Description
PAN OS is the software that runs all Palo Alto Networks next-generation firewalls.
A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface.
Affected Versions:
PAN-OS 9.0 versions earlier than PAN-OS 9.0.9
PAN-OS 8.1 versions earlier than PAN-OS 8.1.16
QID Detection Logic (Authenticated):
This QID looks for the vulnerable version of PAN-OS via XML API.
Consequence
Successful exploitation allows attacker to potentially execute arbitrary JavaScript code.
Solution
Refer to PAN-116720 for more information about patching this vulnerability.
Patches
PAN-116720
CVE-2020-2038
Palo Alto Networks PAN-OS OS Command Injection Vulnerability (PAN-101484)
Severity
Critical4
Recently Published
Qualys ID
13973
Date Published
September 10, 2020
Vendor Reference
PAN-101484
CVE Reference
CVE-2020-2038
CVSS Scores
Base 7.2 / Temporal 6.3
Description
PAN OS is the software that runs all Palo Alto Networks next-generation firewalls.
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.
Affected Versions:
PAN-OS 10.0 versions earlier than PAN-OS 10.0.1
PAN-OS 9.1 versions earlier than PAN-OS 9.1.4
PAN-OS 9.0 versions earlier than PAN-OS 9.0.10
QID Detection Logic (Authenticated):
This QID looks for the vulnerable version of PAN-OS via XML API.
Consequence
Successful exploitation allows attacker to run arbitrary system commands with maximum privileges.
Solution
Refer to PAN-101484 for more information about patching this vulnerability.
Patches
PAN-101484
CVE-2020-2037
Palo Alto Networks PAN-OS OS Command Injection Vulnerability (PAN-128761)
Severity
Critical4
Recently Published
Qualys ID
13972
Date Published
September 10, 2020
Vendor Reference
PAN-128761
CVE Reference
CVE-2020-2037
CVSS Scores
Base 7.2 / Temporal 6.3
Description
PAN OS is the software that runs all Palo Alto Networks next-generation firewalls.
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.
Affected Versions:
PAN-OS 9.1 versions earlier than PAN-OS 9.1.3
PAN-OS 9.0 versions earlier than PAN-OS 9.0.10
PAN-OS 8.1 versions earlier than PAN-OS 8.1.16
QID Detection Logic (Authenticated):
This QID looks for the vulnerable version of PAN-OS via XML API.
Consequence
Successful exploitation allows an attacker to execute arbitrary OS commands in the firewall.
Solution
Refer to PAN-128761 for more information about patching this vulnerability.
Patches
PAN-128761

Vulnerability Detection Pipeline (Beta)

Upcoming and New High-Severity QIDs

Detection Status

EOL/Obsolete Operating System: IBM AIX 7.2 TL 0, IBM AIX 7.2 TL 1 Detected

Mozilla Firefox Multiple Vulnerabilities(MFSA2020-42)

Nagios XI Privilege Escalation Vulnerability

Ubuntu Security Notification for Sa-exim Vulnerability (USN-4520-1)

Oracle Enterprise Linux Security Update for postgresql:10 (ELSA-2020-3669)

Oracle Enterprise Linux Security Update for php:7.3 (ELSA-2020-3662)

SUSE Enterprise Linux Security Update for less (SUSE-SU-2020:2687-1)

Google Chrome Prior To 85.0.4183.121 Multiple Vulnerabilities

SUSE Enterprise Linux Security Update for samba (SUSE-SU-2020:2673-1)

Amazon Linux Security Advisory for tomcat7: AL2012-2020-317

SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2020:2699-1)

SUSE Enterprise Linux Security Update for perl-DBI (SUSE-SU-2020:2661-1)

SUSE Enterprise Linux Security Update for perl-DBI (SUSE-SU-2020:2645-1)

Amazon Linux Security Advisory for tomcat6: AL2012-2020-313

Amazon Linux Security Advisory for tomcat7: AL2012-2020-312

Amazon Linux Security Advisory for telnet: AL2012-2020-310

Amazon Linux Security Advisory for libarchive: AL2012-2020-308

SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2020:2582-1)

FreeBSD Security Update for samba (24ace516-fad7-11ea-8d8c-005056a311d1)

Atlassian Jira Server and Data Center Supported Platform Apache Tomcat Remote Code Execution Vulnerability(JRASERVER-71221)

Amazon Linux Security Advisory for ipmitool: AL2012-2020-309

Amazon Linux Security Advisory for bind: AL2012-2020-311

Ubuntu Security Notification for Storebackup Vulnerability (USN-4508-1)

SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2020:2610-1)

OpenSUSE Security Update for fossil (openSUSE-SU-2020:1478-1)

OpenSUSE Security Update for perl-DBI (openSUSE-SU-2020:1483-1)

VMware Fusion Privilege Escalation Vulnerability (VMSA-2020-0020)

Fedora Security Update for mingw-libxml2 (FEDORA-2020-b60dbdd538)

Fedora Security Update for mingw-libxml2 (FEDORA-2020-7dd29dacad)

OpenSUSE Security Update for libvirt (openSUSE-SU-2020:1455-1)

Drupal Core Multiple Vulnerabilities(SA-CORE-2020-011, SA-CORE-2020-010, SA-CORE-2020-009, SA-CORE-2020-008)

Fedora Security Update for php-symfony4 (FEDORA-2020-16eb328853)

WordPress Plugin Advanced Access Manager - Arbitrary File Access/Download vulnerability

McAfee Web Gateway Improper Authorization Vulnerabilities (SB10323)

Drupal Core Cross Site Scripting Vulnerability (SA-CORE-2020-007)

Fedora Security Update for libxml2 (FEDORA-2020-35087800be)

Ubuntu Security Notification for Samba Vulnerability (USN-4510-1)

Ubuntu Security Notification for Samba Vulnerability (USN-4510-2) (Deprecated)

Amazon Linux Security Advisory for httpd: ALAS2-2020-1490

Microsoft Office and Microsoft Office Services Security Update for MacOS September 2020

Amazon Linux Security Advisory for java-1.8.0-openjdk: ALAS2-2020-1491

Amazon Linux Security Advisory for mod_http2: ALAS2-2020-1493

Amazon Linux Security Advisory for dovecot: ALAS2-2020-1489

Microsoft Windows Netlogon Elevation of Privilege Vulnerability (unauthenticated check)

EOL/Obsolete Software: Cisco Jabber For Windows Prior To 12.0.x Detected

Amazon Linux Security Advisory for java-1.8.0-openjdk: ALAS-2020-1434

Red Hat Update for chromium-browser (RHSA-2020:3740)

Red Hat Update for librepo (RHSA-2020:3749)

OpenSUSE Security Update for xorg-x11-server (openSUSE-SU-2020:1302-1)

OpenSUSE Security Update for xorg-x11-server (openSUSE-SU-2020:1279-1)

Amazon Linux Security Advisory for clamav: ALAS-2020-1433

CentOS Security Update for dovecot (CESA-2020:3617)

Red Hat Update for httpd:2.4 (RHSA-2020:3726)

Red Hat Update for Red Hat JBoss Enterprise Application Platform 6.4 (RHSA-2020:3730)

Red Hat Update for httpd24-httpd (RHSA-2020:3733)

Red Hat Update for dovecot (RHSA-2020:3736)

OpenSUSE Security Update for ldb, samba (openSUSE-SU-2020:1313-1)

Red Hat Update for mysql:8.0 (RHSA-2020:3732)

Red Hat Update for mysql:8.0 (RHSA-2020:3757)

Debian Security Update for teeworlds (DSA 4763-1)

Lenovo System Update Privilege escalation Vulnerability(LEN-42150)

Red Hat Update for openstack-nova (RHSA-2020:3702)

Red Hat Update for openstack-nova (RHSA-2020:3704)

Red Hat Update for openstack-nova (RHSA-2020:3706)

Red Hat Update for openstack-nova (RHSA-2020:3708)

Red Hat Update for httpd:2.4 (RHSA-2020:3714)

McAfee Agent Multiple Vulnerabilities (SB10325)

CentOS Security Update for thunderbird (CESA-2020:3631)

CentOS Security Update for thunderbird (CESA-2020:3643)

Cisco SD-WAN vManage Software Authorization Bypass Vulnerability(cisco-sa-uabvman-SYGzt8Bv)

Cisco SD-WAN Solution Software Buffer Overflow Vulnerability(cisco-sa-sdbufof-h5f5VSeL)

Cisco SD-WAN Solution Privilege Escalation Vulnerability(cisco-sa-20180905-sd-wan-escalation)

Cisco SD-WAN Solution Software Denial of Service Vulnerability(cisco-sa-sdw-dos-KWOdyHnB)

Cisco SD-WAN Solution Command Injection Vulnerability(cisco-sa-20180905-sd-wan-injection)

Cisco SD-WAN Solution Privilege Escalation Vulnerability(cisco-sa-20190619-sdwan-privesca)

F5 BIG-IP ASM,LTM,APM BIG-IP SIP ALG profile vulnerability(K42830212)

OpenSUSE Security Update for go1.14 (openSUSE-SU-2020:1407-1)