CVE-2020-8257

CVE-2020-8257 relates to Citrix Gateway Plug-in for Windows. Affected versions before 13.0-64.35 and 12.1-59.16 (including 12.1-FIPS 55.190) have improper privilege management enabling local privilege escalation to SYSTEM. Citrix CTX282684 fixes: upgrade to Citrix Gateway Plug-in 13.0-64.35+, 12....

Apache Traffic Server Information Disclosure Vulnerability

Apache Traffic Server ATS is the United States Apache Apache Software Foundation's set of scalable HTTP proxy and caching server. An information disclosure vulnerability exists in the Apache Traffic Server product, which can be exploited by a local attacker to read memory fragments and obtain...

CVE-2020-9115

ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation ...

Command injection

ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation ...

Apache Cordova 安全漏洞

Apache Cordova is a camera plug-in for Android from the Apache Foundation. An access control error vulnerability exists in Cordova Android, which can be exploited by an attacker to gain access to photos taken externally using the application...

Hacked Security Software Used in Novel South Korean Supply-Chain Attack

The Lazarus cybercriminal group is using a novel supply-chain attack against visitors to websites operated by the South Korean government and financial firms, in order to deliver dropper malware that eventually plants a remote access trojan on victim’s PCs. The attacks use stolen digital...

CVE-2020-3588

A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment...

Release Information for Fsas ETERNUS Plug-In for Veeam Backup & Replication

This plug-in leverages the Veeam Universal Storage API, which enables storage OEMs to allow Veeam Backup & Replication integration to the arrays for backup and replication jobs. Requirements Before installing Fsas ETERNUS Plug-In v1.3, ensure that you are running Veeam Backup & Replication...

Citrix Gateway Plug-in for Windows 12.1.x < 12.1.59.16 / 13.0.x < 13.0.64.35 Multiple Vulnerabilities (CTX282684)

The version of Citrix Gateway Plug-in for Windows is 12.1 prior to 12.1.59.16 or 13.0 prior to 13.0.64.35. It is, therefore, affected by multiple vulnerabilities that, if exploited, can result in a local user escalating their privilege level to SYSTEM. Note that Nessus has not attempted to exploi...

Vulnerabilities fixed in Citrix Gateway Plug-in for Windows

Citrix has fixed two vulnerabilities in the Citrix Gateway Plug-in for Windows. By exploiting these vulnerabilities could potentially gain elevated privileges acquire elevated privileges on the vulnerable system. Citrix has released updates to fix the vulnerabilities. For more information, see:...

Security feature bypass

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

CVE-2020-15251

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

Citrix Gateway Plug-in for Windows Security Update

Description of Problem Vulnerabilities have been identified in Citrix Gateway Plug-in for Windows that, if exploited, could result in a local user escalating their privilege level to SYSTEM. The vulnerabilities have the following identifiers: CVE-2020-8257 CVE-2020-8258 These vulnerabilities affe...

Release Information for INFINIDAT Plug-In for Veeam Backup & Replication

This plug-in leverages the Veeam Universal Storage API, which enables storage OEMs to allow Veeam Backup & Replication integration to the arrays for backup and replication jobs. Requirements Before installing INFINIDAT Plug-In v1.2.6, ensure that you are running Veeam Backup & Replication...

Better email classification, courtesy of you

Cisco customers with Email Security Appliances ESA or Cloud Email Security CES accounts already know the benefits of Cisco’s email filtering. Every day, millions of malicious emails are automatically sent to the trash bin. Cisco encourages customers to participate in honing those filters by...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

...

The vulnerability of the Audit Plug-in component of the MySQL Server database management system allows a hacker to trigger a service failure.

The vulnerability of the Audit Plug-in component of the MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2020-41752)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in the Server: Audit Plug-in component of MySQL Server 8.0.20 and earlier versions of Oracle MySQL. An attacker can...

UBUNTU-CVE-2020-14591

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Audit Plug-in. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2020-14591

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Audit Plug-in. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...