Hírolvasó

NVD: all CVE · 2021. január 21.

CVE-2020-26285

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an executable file on the server. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved
NVD: all CVE · 2021. január 21.

CVE-2020-26295

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved
NVD: all CVE · 2021. január 21.

CVE-2020-4958

IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 192209.
Linux security Advisories · 2021. január 21.

openSUSE: 2021:0132-1 moderate: python-autobahn>

An update that fixes one vulnerability is now available.
US CERT: Current Activity · 2021. január 21.

Cisco Releases Advisories for Multiple Products

Original release date: January 21, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

US CERT: Current Activity · 2021. január 21.

Drupal Releases Security Updates

Original release date: January 21, 2021

Drupal has released security updates to address a vulnerability affecting Drupal. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-001 and apply the necessary updates or mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

US CERT: Current Activity · 2021. január 21.

CERT/CC and CISA Report Multiple Vulnerabilities in Dnsmasq

Original release date: January 21, 2021

CISA and the CERT Coordination Center (CERT/CC) are aware of multiple vulnerabilities affecting Dnsmasq version 2.82 and prior. Dnsmasq is a widely-used, open-source software that provides Domain Name Service forwarding and caching and is common in Internet-of-Things (IoT) and other embedded devices. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and vendors of IoT and embedded devices that use Dnsmasq to review CERT/CC VU#434904 and CISA ICSA-21-019-01 21 for more information and to apply the necessary update. Refer to vendors for appropriate patches, when available.

This product is provided subject to this Notification and this Privacy & Use policy.

US CERT: Current Activity · 2021. január 21.

Google Releases Security Updates for Chrome

Original release date: January 21, 2021

Google has released Chrome version 88.0.4324.96 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release and apply the necessary updates.

 

This product is provided subject to this Notification and this Privacy & Use policy.

US CERT: Current Activity · 2021. január 21.

Oracle Releases January 2021 Security Bulletin

Original release date: January 21, 2021

Oracle has released its Critical Patch Update for January 2021 to address 329 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Oracle January 2021 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

NVD: all CVE · 2021. január 21.

CVE-2020-3686

Possible memory out of bound issue during music playback when an incorrect bit stream content is copied into array without checking the length of array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
NVD: all CVE · 2021. január 21.

CVE-2020-3687

Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue in XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
NVD: all CVE · 2021. január 21.

CVE-2020-3691

Possible out of bound memory access in audio due to integer underflow while processing modified contents in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
NVD: all CVE · 2021. január 21.

CVE-2020-11167

Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more data than expected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
NVD: all CVE · 2021. január 21.

CVE-2020-11179

Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
NVD: all CVE · 2021. január 21.

CVE-2020-11180

Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
NVD: all CVE · 2021. január 21.

CVE-2020-11181

Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HLOS in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
NVD: all CVE · 2021. január 21.

CVE-2020-11183

A process can potentially cause a buffer overflow in the display service allowing privilege escalation by executing code as that service in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
NVD: all CVE · 2021. január 21.

CVE-2020-11185

Out of bound issue in WLAN driver while processing vdev responses from firmware due to lack of validation of data received from firmware in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
NVD: all CVE · 2021. január 21.

CVE-2020-11197

Possible integer overflow can occur when stream info update is called when total number of streams detected are zero while parsing TS clip with invalid data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
NVD: all CVE · 2021. január 21.

CVE-2020-11200

Buffer over-read while parsing RPS due to lack of check of input validation on values received from user side. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile