SUSE-SU-2020:3022-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2020-46 bsc1177872, bsc1176756 CVE-2020-15969 Use-after-free in usersctp CVE-2020-15683 Memory safety bugs fixed in Firefox 82...

CVE-2020-27664

admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality...

CVE-2020-3549 Cisco Firepower Management Center Software and Firepower Threat Defense Software sftunnel Pass the Hash Vulnerability

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center FMC Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation...

CVE-2020-27601

BigBlueButton before 2.2.7: the setting lockSettingsProps.disablePrivateChat is not applied to chats that are already open. Root cause is in bigbluebutton-html5/imports/ui/components/chat/service.js. Impact is that private-chat restrictions may not be enforced for existing chats (low severity per...

Code injection

This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners advertisers can remotely execute arbitrary code on a user device...

A performance and functionality update is available for Windows 7 and for Windows Server 2008 R2

A performance and functionality update is available for Windows 7 and for Windows Server 2008 R2 Introduction This article describes an update for Windows 7 and for Windows Server 2008 R2. This update provides a set of performance and functionality improvements to graphics, XPS, and Media...

CVE-2020-14144

The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLEGITHOOKS line i...

CVE-2020-6104

An exploitable information disclosure vulnerability exists in the getdnodeofdata functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this...

Information disclosure

An exploitable information disclosure vulnerability exists in the getdnodeofdata functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this...

CVE-2020-6105

An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-6107

An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability...

Design/Logic Flaw

This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Do...

CVE-2020-7744 Information Exposure

This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Do...

CVE-2020-7744

CVE-2020-7744 affects all versions of the com.mintegral.msdk:alphab component in the Android Mintegral SDK. Connected sources describe a malicious module that monitors downloads from Google domains or Google apps and from APKs, then exfiltrates the captured data to Mintegral’s servers, continuing...

CVE-2020-24188

Cross-site scripting XSS vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter...

Windows Error Reporting Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to...

Windows Error Reporting Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to...

SQL Express Maximum Database Size Limitation for Veeam Backup & Replication

Veeam Backup & Replication 12 Feature Starting with Veeam Backup & Replication 12, all new deployments will use PostgreSQL as the default database engine to host the configuration database. PostgreSQL does not have the limitations discussed in this article. Existing deployments upgraded from Veea...

SUSE-SU-2020:2877-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2020-14364: Fixed an OOB access while processing USB packets bsc1175441,bsc1176494. - CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs bsc1174641. - CVE-2020-15863: Fixed a buffer overflow in the XGMAC...