Hotfix XS82E013 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. All customers who are affected by the issues described inCTX286756 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Information About this Hotfix Component| Details ---|---...

CVE-2020-26975

When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. Note: This...

Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2020-4870)

Summary IBM MQ Appliance has resolved a denial of service vulnerability. Vulnerability Details CVEID: CVE-2020-4870 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack caused by an error processing connecting applications. CVSS Base score: 5.9 CVSS Temporal Score: See:...

Security feature bypass

We have resolved a security issue in the camera plugin that could have affected certain Cordova Android applications. An attacker who could install or lead the victim to install a specially crafted or malicious Android application would be able to access pictures taken with the app externally...

CVE-2020-11990

We have resolved a security issue in the camera plugin that could have affected certain Cordova Android applications. An attacker who could install or lead the victim to install a specially crafted or malicious Android application would be able to access pictures taken with the app externally...

Design/Logic Flaw

CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in versio...

CVE-2020-7378 CRIXP OpenCRX Unverified Password Change

CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in versio...

PVS Accelerator - For Citrix Hypervisor 8.2

Who Should Install This Update? This PVS Accelerator update is for customers who use the PVS Accelerator provided with Citrix Hypervisor 8.2. It constitutes the following deliverable: File Name| CitrixHypervisor-8.2.0-pvsaccelerator.iso ---|--- Description| This file updates the PVS Accelerator...

Hotfix XS80E004 - For Citrix Hypervisor 8.0

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.0. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| Restart Host Content live patchable| Yes Baselines for Live Patch| XS80E003 Revision History| Published on A...

TikTok: CSRF for deleting videos

A CSRF Cross Site Request Forgery vulnerability was reported on TikTok which could potentially be used by an attacker to delete other users' public videos if the user were to click a malicious link. This issue has since been resolved. We thank @luizviana for reporting this to our team and...

VecCopy allows misaligned access to elements

VecCopy::data is created as a Vec of u8 but can be used to store and retrieve elements of different types leading to misaligned access. The issue was resolved in v0.5.0 by replacing data being stored by Vec with a custom managed pointer. Elements are now stored and retrieved using types with prop...

Release Information for Veeam Backup for AWS v2 Patch 1

Requirements You can check your build number under Configuration | Support Information | About | Server version by clicking the gear icon at the top-right corner of the main menu in Veeam Backup for AWS. After installing Veeam Backup for AWS v2 Patch 1, your build version will be 2.0.1.622...

Fedora 32 : chromium (2020-a1f140614b)

Update to Chromium 85.0.4183.83. Bugs fixed, security holes patched, and features added. Hold on to your butts. List of CVEs resolved with this update: CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545...

OS4Ed openSIS Modules.php remote code execution vulnerability

Summary A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Product URLs...

CVE-2020-13921

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

CVE-2020-13921

The CVE-2020-13921 issue affects Apache SkyWalking when using H2/MySQL/TiDB as the storage backend. The vulnerability is a SQL injection in the wildcard query cases, introduced by insufficient validation of user-supplied input for wildcard alarm searches via GraphQL. Affects the storage-implement...

All Vulnerabilities for ipirangadosul.rs.gov.br Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| ipirangadosul.rs.gov.br ---|--- Open Bu...

CVE-2019-19453

Wowza Streaming Engine before 4.8.5 allows XSS issue 1 of 2. An authenticated user, with access to the proxy license editing is able to insert a malicious payload that will be triggered in the main page of server settings. This issue was resolved in Wowza Streaming Engine 4.8.5...

Security Bulletin: IBM MQ Appliance is affected by a buffer overflow vulnerability (CVE-2015-2716)

Summary IBM MQ Appliance has resolved a buffer overflow vulnerability. Vulnerability Details CVEID: CVE-2015-2716 DESCRIPTION: Expat, as used in Mozilla Firefox and Thunderbird, is vulnerable to a buffer overflow, caused by improper bounds checking by the XML parser. By persuading a victim to ope...

Release Information for Veeam ONE 10a

Challenge Release Information for Veeam ONE 10a build 10.0.2.1094. Cause Please make sure you are running version 9.5.0.3801 9.5 Update 3 or later prior to installing this update. You can check this under Windows Programs and Features. After upgrade, your build will be version 10.0.2.1094. Soluti...