Security Bulletin: Db2 vulnerabilities affect IBM Spectrum Protect Server (CVE-2020-4230, CVE-2020-4135, CVE-2020-4204, CVE-2020-4200)

Summary The IBM Spectrum Protect Server is affected by multiple Db2 vulnerabilities such as privilege escalation, denial of service, and buffer overflow. Vulnerability Details CVEID: CVE-2020-4230 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1 and 11.5 is...

Continuous Monitoring and Beyond

As security professionals, we struggle with the high volume of data we need to sort through while trying to parse out the critical alerts that are important for us to take immediate action upon. Being at the forefront of innovation for the past 20 years, Qualys offers 20 plus solutions which all...

PT-2020-3943 · Microsoft · Windows Gdi +1

Name of the Vulnerable Software and Affected Versions: Windows GDI component affected versions not specified Description: An information disclosure issue exists due to the improper handling of memory contents by the Windows GDI component. This could allow an attacker to obtain information that...

Security Bulletin: There are vulnerabilities in the IBM® Java Runtime Environment™ used by DB2 Recovery Expert for Linux, Unix and Windows

Summary An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. An...

PT-2020-14194 · Etcd +4 · Etcd +4

Name of the Vulnerable Software and Affected Versions: etcd versions 3.3.0 through 3.3.22 etcd versions 3.4.0 through 3.4.9 Description: The issue is related to data validation in the ReadAll method in wal/wal.go, where it is possible to have an entry index greater than the number of entries. Thi...

Apple Knocked Off Perch as Most Imitated Brand for Phishing Attacks

Google and Amazon overtook Apple in the second quarter Q2 of 2020 as the brand most spoofed by attackers to lure people into falling for phishing attacks. The leaderboard change is likely due to activity related to the COVID-19 pandemic, according to new research. While the number of so-called...

Carbon Black EDR’s All-New Live Query Capability and Enhanced Fileless Visibility

VMware Carbon Black is excited to announce that VMware Carbon Black EDR formerly CB Response, recently named by Gartner as a 2020 Customers’ Choice for Endpoint Detection and Response solutions, now features enhanced insight into fileless activity via Microsoft’s AMSI and a brand new Live Query...

QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices

Cybersecurity agencies in the US and UK yesterday issued a joint advisory about a massive ongoing malware threat infecting Taiwanese company QNAP's network-attached storage NAS appliances. Called QSnatch or Derek, the data-stealing malware is said to have compromised 62,000 devices since reports...

Security Bulletin: Pentest results for IBM Netcool Operations Insight found a security vulnerability.

Summary Security Bulletin: Pentest results for IBM Netcool Operations Insight found a security vulnerability. Vulnerability Details Third Party Entry: PSIRT-ADV0021917 DESCRIPTION: Created from Advisory: ADV0021917 CVSS Base score: 2.4 CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N...

Security Bulletin: Security vulnerability has been identified in BigFix Platform shipped with IBM License Metric Tool.

Summary BigFix Platform is shipped with IBM License Metric Tool. Information about a security vulnerability affecting BigFix Platform has been published in a security bulletin. Vulnerability Details CVEID: CVE-2020-4095 DESCRIPTION: HCL BigFix Platform could allow a local authenticated attacker t...

5vshop e-commerce system has a logic flaw vulnerability

5vshop e-commerce system is shijiazhuang zhenghong network technology limited company a station building system. 5vshop e-commerce system has a logic flaw vulnerability, attackers can use this vulnerability to arbitrarily modify the payment amount, resulting in economic losses...

EmpireCMS is vulnerable to information leakage

EmpireCMS is a content management system CMS. EmpireCMS suffers from an information disclosure vulnerability. An attacker can exploit this vulnerability to obtain sensitive information...

immer:flex-vector-gc: Crash in immer::detail::rbts::node<int, immer::memory_policy<immer::heap_policy<immer::gc

Project: https://github.com/arximboldi/immer.git Detailed Report: https://oss-fuzz.com/testcase?key=5660697665732608 Project: immer Fuzzing Engine: libFuzzer Fuzz Target: flex-vector-gc Job Type: libfuzzerasanimmer Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x7083eb04e907 Crash...

immer:flex-vector-gc: Crash in decltype

Project: https://github.com/arximboldi/immer.git Detailed Report: https://oss-fuzz.com/testcase?key=6017886557306880 Project: immer Fuzzing Engine: libFuzzer Fuzz Target: flex-vector-gc Job Type: libfuzzerasanimmer Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00018055f9f9 Crash...

Amazon Linux 2 : java-11-amazon-corretto, --advisory ALAS2-2020-1464 (ALAS-2020-1464)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.8+10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1464 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Support...

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes kubelet and kube-proxy security vulnerability (CVE-2020-8558)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes kubelet and kube-proxy that could allow neighboring nodes to bypass localhost boundary CVE-2020-8558 Vulnerability Details CVEID: CVE-2020-8558 Description: Kubernetes kube-proxy could allow a remote...

Zoom Addresses Vanity URL Zero-Day

A previously undisclosed bug in Zoom’s customizable URL feature has been addressed that could have offered a hacker a perfect social-engineering avenue for stealing credentials or sensitive information. Disclosed by Zoom and Check Point on Thursday, the security flaw existed in the “Vanity URL”...

immer:flex-vector-gc: Segv on unknown address in immer::detail::rbts::relaxed_pos<immer::detail::rbts::node<int, immer::memory_po

Project: https://github.com/arximboldi/immer.git Detailed Report: https://oss-fuzz.com/testcase?key=4872518268354560 Project: immer Fuzzing Engine: libFuzzer Fuzz Target: flex-vector-gc Job Type: libfuzzerasanimmer Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State:...

CVE-2020-14702

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2020-14695

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Orac...