Weekly Vulnerabilities Reports > October 26 to November 1, 2020

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution.

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger an out-of-memory condition on the BIG-IP system.

An issue was discovered in Dual DHCP DNS Server 7.40.

An issue was discovered in Home DNS Server 0.10.

Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta.

Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66.

An out-of-bounds read was addressed with improved input validation.

A null pointer dereference was addressed with improved input validation.

An input validation issue was addressed with improved input validation.

Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized).

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request.

A flaw was found in Ansible Collection community.crypto.

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8.

An issue was discovered in FastReport before 2020.4.0.

SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution.

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information disclosure.

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI.

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions.

Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication.

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands.

The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack.

An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).

This issue was addressed with improved checks.

A buffer overflow was addressed with improved bounds checking.

A validation issue existed in Trust Anchor Management.

Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3).

Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114.

A memory consumption issue was addressed with improved memory handling.

Multiple memory corruption issues were addressed with improved input validation.

Multiple memory corruption issues were addressed with improved input validation.

An out-of-bounds read was addressed with improved input validation.

An out-of-bounds read was addressed with improved input validation.

A use after free issue was addressed with improved memory management.

A null pointer dereference was addressed with improved input validation.

An out-of-bounds read issue existed that led to the disclosure of kernel memory.

The issue was addressed with improved validation on the FaceTime server.

This issue is fixed in macOS Mojave 10.14.

Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string.

All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().

A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.

konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.

libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes().

A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request.

SSMC3.7.0.0 is vulnerable to remote authentication bypass.

A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022.

Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation.

Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access.

A logic issue was addressed with improved validation.

An information disclosure issue was addressed by removing the vulnerable code.

A memory corruption issue was addressed with improved memory handling.

A logic issue existed resulting in memory corruption.

A use after free issue was addressed with improved memory management.

A memory corruption issue was addressed with improved state management.

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0.

On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel (TMM) may produce a core file while processing layer 4 (L4) behavioral denial-of-service (DoS) traffic.

The issue was addressed with improved permissions logic.

Blueman is a GTK+ Bluetooth Manager.

Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider.

SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability.

SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.

An issue exits in IOBit Malware Fighter version 8.0.2.547.

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request, which can lead to information disclosure or code execution.

osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server.

A memory corruption issue was addressed with improved validation.

A use after free issue was addressed with improved memory management.

This issue was addressed with improved checks.

A memory corruption issue was addressed with improved state management.

A memory corruption issue was addressed with improved state management.

Multiple memory corruption issues were addressed with improved memory handling.

Multiple memory corruption issues were addressed with improved memory handling.

Multiple memory corruption issues were addressed with improved memory handling.

Multiple memory corruption issues were addressed with improved memory handling.

Multiple memory corruption issues were addressed with improved memory handling.

A memory corruption issue was addressed with improved state management.

Multiple memory corruption issues were addressed with improved memory handling.

Multiple memory corruption issues were addressed with improved memory handling.

A memory corruption issue was addressed with improved input validation.

This issue was addressed by removing the vulnerable code.

A validation issue existed in the handling of symlinks.

A memory corruption issue was addressed with improved state management.

A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands.

An out-of-bounds read was addressed with improved bounds checking.

baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE).

The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController.

An issue was discovered in SmartStoreNET before 4.0.1.

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.

An out-of-bounds read was addressed with improved bounds checking.

A buffer overflow issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to alter the value of [the `GITHUB_REF` environment variable].

This affects the package systeminformation before 4.27.11.

A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

pathval before version 1.1.1 is vulnerable to prototype pollution.

Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins.

A parsing issue in the handling of directory paths was addressed with improved path validation.

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Write Attributes No Response message.

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files.

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.

Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module.

A custom URL scheme handling issue was addressed with improved input validation.

An access issue was addressed with improved access restrictions.

In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.

Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials.

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1.

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation.

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server.

IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2.

In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder.

On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart.

Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies.

IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data.

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure.

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure.

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information disclosure.

NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30.

Gophish through 0.10.1 does not invalidate the gophish cookie upon logout.

Gophish before 0.11.0 allows SSRF attacks.

Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform.

An issue was discovered in QSC Q-SYS Core Manager 8.2.1.

Winston 1.5.4 devices do not enforce authorization.

IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read.

Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw.

An issue existed with Siri Suggestions access to encrypted data.

A logic issue was addressed with improved validation.

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Discover Commands Received Response message or a ZCL Discover Commands Generated Response message.

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Read Reporting Configuration Response message.

An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices.

A logic issue was addressed with improved state management.

A user privacy issue was addressed by removing the broadcast MAC address.

A logic issue was addressed with improved state management.

A logic issue was addressed with improved validation.

A validation issue was addressed with improved input sanitization.

A logic issue was addressed with improved state management.

A logic issue was addressed with improved restrictions.

Source-routed IPv4 packets were disabled by default.

The issue was addressed with improved data deletion.

A logic issue was addressed with improved validation.

A memory consumption issue was addressed with improved memory handling.

All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.

This affects the package npm-user-validate before 1.0.1.

A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file.

Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).

konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.

A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router.

Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.

Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions.

NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution.

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

An input validation issue was addressed with improved memory handling.

Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware.

Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0.

On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile.

On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual server associated with an MQTT profile and an iRule performing manipulations on that traffic, TMM may produce a core file.

Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability.

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack

Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters.

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code.

NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_BlockStart.php?code= XSS.

Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.

The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS.

This issue was addressed with improved checks to prevent unauthorized actions.

An issue existed in the parsing of URLs.

This issue was addressed with improved checks This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra.

An information disclosure issue existed in the handling of the Storage Access API.

An API issue existed in the handling of outgoing phone calls initiated with Siri.

An access issue was addressed with additional sandbox restrictions.

A validation issue was addressed with improved input sanitization.

An out-of-bounds read was addressed with improved input validation.

A logic issue was addressed with improved validation.

An input validation issue was addressed with improved input validation.

A buffer overflow was addressed with improved bounds checking.

The HTTP referrer header may be used to leak browsing history.

A resource exhaustion issue was addressed with improved input validation.

This issue was addressed with improved iframe sandbox enforcement.

A validation issue was addressed with improved logic.

This issue was addressed with improved checks.

A cross-origin issue existed with "iframe" elements.

This issue was addressed with improved checks.

A memory corruption issue existed in the handling of IPv6 packets.

A denial of service issue was addressed with improved validation.

This was addressed with additional checks by Gatekeeper on files mounted through a network share.

An issue existed in the handling of S-MIME certificates.

An out-of-bounds read was addressed with improved bounds checking.

A logic issue was addressed with improved state management.

A denial of service issue was addressed with improved validation.

A permissions issue was addressed by removing vulnerable code and adding additional checks.

This issue was addressed by removing additional entitlements.

A logic issue was addressed with improved state management.

A configuration issue was addressed with additional restrictions.

An inconsistent user interface issue was addressed with improved state management.

An inconsistent user interface issue was addressed with improved state management.

A resource exhaustion issue was addressed with improved input validation.

Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript.

AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion.

On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow.

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure.

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template.

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system.

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.

This issue was addressed by verifying host keys when connecting to a previously-known SSH server.

A configuration issue was addressed with additional restrictions.

A denial of service issue was addressed with improved validation.

An input validation issue was addressed with improved input validation.

An issue existed in the handling of encrypted Mail.

A logic issue was addressed with improved state management.

A denial of service issue was addressed with improved memory handling.

eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort, sort_by, search{URL], or search[attachment] parameter to the email search feature.

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval.

A lock screen issue allowed access to the share function on a locked device.

Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware.

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting.

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting.

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter.

On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages.

WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks.

Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page.

Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template.

Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.

Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter.

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code.

A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.

The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data.

In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results.

A ZTE product is impacted by an XSS vulnerability.

On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted.

IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address.

A buffer overflow was addressed with improved bounds checking.

CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.

There is no input validation on the Locale property in an apt transaction.

Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland.

An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code.

The God Kings application 0.60.1 for Android exposes a broadcast receiver to other apps called com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver.

A trust issue was addressed by removing a legacy API.

The issue was addressed with improved validation when an iCloud Link is created.

A validation issue was addressed with improved logic.

This issue was resolved by replacing device names with a random identifier.

This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0.

A lock screen issue allowed access to contacts on a locked device.

The issue was addressed with improved data deletion.

A logic issue was addressed with improved restrictions.

A memory initialization issue was addressed with improved memory handling.

This issue was addressed with a new entitlement.

checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink.

opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack.

Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.