Cybersecurity Vulnerabilities news & analysis | SC Media Vulnerabilities

Vulnerabilities News and Analyis

Mozilla issues patches for Firefox 73, Firefox ESR 68.5 and Thunderbird 68.5

Mozilla today pushed out nine patches today covering three products Firefox 73, Firefox ESR 68.5 and Thunderbird 68.5. Firefox 73 had six vulnerabilities with CVE-2020-6796, CVE-2020-6800 and CVE-2020-6801 regarded as having a high impact. The first is a missing bounds check that could cause a memory corruption and a potentially exploitable crash. The second and…

IBM

Critical vulnerability found in IBM ServeRAID Manager

IBM issued an advisory for a critical vulnerability in its now unsupported ServeRAID Manager product that could lead to arbitrary code execution. The warning carries a CVSS rating of 9.3 for CVE-2011-3556 and covers ServeRAID Manager Java version 1.4.2. The problem lies in the fact that ServeRAID Manager runs with system privileges on Microsoft Windows…

patch flaw vulnerability

Adobe Patch Tuesday: Critical vulnerabilities in Flash Player, Framemaker patched

Adobe conducted a large-scale rollout of security updates for a variety of its products for February Patch Tuesday, including a critical patch for Flash Player that if exploited could result in arbitrary code execution in the context of the current user. Joining Adobe Flash Player in receiving security updates are Framemaker, Acrobat Reader and DC,…

Dell patches SupportAssist vulnerability

Dell is reporting a high-rated vulnerability in its SupportAssist for business and home PCs that could result in remote code execution. CVE-2020-5316 affects business PC versions 2.0 through 2.1.3 and home PC versions 2.0 through 3.4. Each contain an uncontrolled search path vulnerability that can be exploited by a locally authenticated low-privileged user to cause…

Google patches Bluetooth vulnerability impacting most Android devices

Google has issued a critical security update for Android that affects the Bluetooth functionality on about two-thirds of all Android devices now in use. The vulnerability, CVE-2020-0022, affects devices running Android Oreo (8.0 and 8.1) and Pie (9.0) and can allow remote code execution without any user interaction. The flaw was found and reported to…

Five high-level flaws patched in Cisco Discovery Protocol

Cisco Systems has issued fixes for five high-level vulnerabilities in various implementations of its Cisco Discovery Protocol, which is enabled by default in tens of millions of Cisco products. The five flaws, collectively named CDPwn, could allow attackers to either remotely execute code or trigger a denial of service, warned Cisco yesterday, as did researchers…

Critical flaw in OpenSMTPD found, patched

A critical vulnerability has been found in OpenSMTPD that if exploited could allow an attacker to execute arbitrary code. The flaw, CVE-20207247, was discovered by Qualys Research Labs and affects OpenSMTPD version 6.6, which does not properly sanitize user input which could lead to a local attacker being able to to escalate their privileges, and…

Adobe Utah facility

Adobe patches critical Magento security vulnerabilities

Adobe issued an out-of-band security advisory and issued patches for six vulnerabilities, three critical, in its Magento Commerce and Open Source products. The Adobe products affected are Commerce 2.3.3, Open Source 2.3.3, Enterprise Edition 1.14.4.3 and Community Edition 1.9.4.3. The three critical vulnerabilities are CVE-2020-3716, CVE-2020-3718 and CVE-2020-3719. The first two, respectively, have a deserialization…

applePatch

Apple patches dozens of security issues

Apple has released security advisories and patches for multiple products, including Safari, iOS and macOS. Two vulnerabilities were associated with Safari 13.0.5, CVE-2020-3833 and CVE-2020-3841, effecting macOS Mojave and High Sierra and included in Catalina. CVE-2020-3833 covers an inconsistent user interface issue that could be exploited if a user visited a malicious website leading to…

Next post in Vulnerabilities