Microsoft Dynamics 365 (on-premises) Update 2.25

Microsoft Dynamics 365 on-premises Update 2.25 Introduction Service Update 2.25 for Microsoft Dynamics CRM on-premises 8.2 is now available. This article describes the hotfixes and updates that are included in Service Update 2.25. More information Update package| Version number ---|--- Microsoft...

CVE-2020-25675

In the CropImage and CropImageToTiles routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a...

CVE-2020-5799

The Eat Spray Love mobile app for both iOS and Android contains a backdoor account that, when modified, allowed privileged access to restricted functionality and to other users' data...

Design/Logic Flaw

The Eat Spray Love mobile app for both iOS and Android contains a backdoor account that, when modified, allowed privileged access to restricted functionality and to other users' data...

Automattic: [intensedebate.com] No Rate Limit On The report Functionality Lead To Delete Any Comment When it is enabled

Hello Summary: I have found a no rate limit issue on the report functionality. When you enabled the report functionality on your site, you can set a number of reports before deleting the comment reported. By default, this functionality is unable, but if you enabled this and you set a $x number of...

OPENSUSE-SU-2020:2170-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Update to version jdk8u275 icedtea 3.17.1 JDK-8214440, bsc1179441: Fix StartTLS functionality that was broken in openjdk272. bsc1179441 JDK-8223940: Private key not supported by chosen signature algorithm JDK-8236512: PKCS11 Connectio...

CVE-2020-13543

A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability...

CVE-2020-6111

An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000...

SUSE-SU-2020:3591-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Update to version jdk8u275 icedtea 3.17.1 JDK-8214440, bsc1179441: Fix StartTLS functionality that was broken in openjdk272. bsc1179441 JDK-8223940: Private key not supported by chosen signature algorithm JDK-8236512: PKCS11 Connectio...

Stored XSS Vulnerability in Cognex Serial Server C2000-B2-SFE0101-BB1

The C2000-B2-SFE0101-BB1 Serial Server provides serial-to-network functionality, capable of converting an RS-232 serial port into a TCP/IP protocol network interface. A stored XSS vulnerability exists in the Connex Serial Server C2000-B2-SFE0101-BB1, which can be exploited by attackers to obtain...

CVE-2020-28922

An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges...

binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()

Hao Wang reports: There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption...

Automattic: [intensedebate.com] XSS Reflected POST-Based on update/tumblr2/{$id}

Summary: Hello, I have found an XSS Reflected POST-Based on https://www.intensedebate.com/update/tumblr2/$id. The parameter $POST'txtCode' is reflected and is not sanitized. To trigger the XSS an attacker need to create a site and invite the victim in their own site and give then full permissions...

CVE-2020-14208

SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting XSS in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML...

CVE-2020-28133

An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in salesinventory/login.php...

CVE-2020-8272

Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8...

CVE-2020-8272

Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8...

CVE-2020-15481

CVE-2020-15481 affects PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel drivers DirectIo32.sys and DirectIo64.sys expose IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the calling process’...

Citrix SD-WAN Center 10.2.x < 10.2.8 / 11.1.x < 11.1.2b / 11.2.x < 11.2.2 Multiple Vulnerabilities (CTX285061)

The remote Citrix SD-WAN Center is version 10.2.x prior to 10.2.8, 11.1.x prior to 11.1.2b, 11.2.x prior to 11.2.2. It is, therefore, affected by multiple vulnerabilities: - An unauthenticated remote code execution with root privileges. CVE-2020-8271 - A authentication bypass resulting in exposur...

Service Update 0.22 for Microsoft Dynamics 365 9.0

Service Update 0.22 for Microsoft Dynamics 365 9.0 INTRODUCTION Service Update 9.0.22 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.22. MORE INFORMATION Update package| Version number ---|---...