CVE-2021-0307

In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no additional...

CVE-2021-0307

CVE-2021-0307 is an Android elevation-of-privilege issue in updatePermissionSourcePackage within PermissionManagerService.java. A careless deputy flaw could allow a malicious app on Android 10–11 to gain a dangerous permission automatically, without user interaction, leading to local privilege es...

Updated compat-openssl10 packages fix security vulnerabilities

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...

CVE-2020-5808

In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration...

CVE-2020-5808

In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration...

CVE-2020-5808

In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration...

CVE-2020-5808

Technical details about CVE-2020-5808 are not publicly provided in the supplied connected documents. Monitor for updates from the listed sources (Red Hat, NVD, NSTG/NESSUS plugin) for concrete affected products, versions, and fixes.

Tenable Network Security Tenable.Sc Security Vulnerability

Tenable Network Security Tenable.Sc is a vulnerability analysis solution from Tenable Network Security, USA. The product supports real-time vulnerability assessment and management, among other things. A security vulnerability exists in versions of Tenable.sc prior to 5.17.0, which stems from the...

Threat Roundup for December 11 to December 18

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 11 and Dec. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

5M WordPress Sites Running 'Contact Form 7' Plugin Open to Attack

A patch for the popular WordPress plugin called Contact Form 7 was released Thursday. It fixes a critical bug that allows an unauthenticated adversary to takeover a website running the plugin or possibly hijack the entire server hosting the site. The patch comes in the form of a 5.3.2 version...

SQL Injection Vulnerability in Environmental Automatic Monitoring System of Jiangsu Sanxi Technology Co.

The business scope of Jiangsu Sanxi Technology Co., Ltd. includes: environmental monitoring and control systems, automation systems, information management systems, computers, communications, control systems, and other types of systems such as software and hardware development. Jiangsu Sanxi...

Auto-Update Fails with Citrix Workspace App 2012 for Windows

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Automatic updates from Citrix Workspace app 2012 for Windows fails with the error "Could not load fi...

Oracle Linux 7 : ELSA-2020-5566-1: / openssl (ELSA-2020-55661)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-55661 advisory. 1.0.2k-21 - remove ASN1FASN1ITEMEMBEDD2I from openssl-1.0.2k-cve-2020-1971.patch 1.0.2k-20 - fix CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference...

Ignored Certificate Revocation List

icinga2 ignores certificate revocation list. Revoked certificates due for renewal does not check against the certificate revocation list, and automatically renews the certificate...

Amazon Linux 2 : openssl, openssl11 (ALAS-2020-1573)

The version of openssl installed on the remote host is prior to 1.0.2k-19. The version of openssl11 installed on the remote host is prior to 1.1.1c-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1573 advisory. A null pointer dereference flaw was found in openssl...

CVE-2020-1971 EDIPARTYNAME NULL pointer dereference

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...

Citrix Secure Mail for Android Security Update

Description of Problem Vulnerabilities have been discovered in CitrixSecure Mailfor Androidthatcould allowunauthorisedaccessto datawithinCitrix Secure Mail. These vulnerabilities have the following identifiers: CVE ID| Description| Vulnerability Type| Pre-conditions ---|---|---|--- CVE-2020-8274|...

CVE-2020-1971

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...

Information Disclosure

Thunderbird is vulnerable to information disclosure. An attacker is able to intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and sends a crafted response, of which Thunderbird will responds with username and password...

CVE-2020-29565

A flaw was found in python-django-horizon. The "next" parameter is not correctly validated allowing a remote attacker to supply a malicious URL in the dashboard that could cause an automatic redirect to the provided malicious site. The highest threat from this vulnerability is to data...