A Stored Cross-Site Scripting (XSS) vulnerability in VMware ESXi was privately reported to VMware. Patches are available to address this vulnerability in affected VMware products. VMware ESXi patches address Stored Cross-Site Scripting (XSS) vulnerability (CVE-2020-3955). The VMware ESXi Host Client does not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the …
An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface. As a result, this can lead to Improper Access Control. Products Affected: FortiMail versions 5.4.10 and below.FortiMail versions 6.0.7 and below.FortiMail versions 6.2.2 and …
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. TT-CSIRT encourages users and administrators to review Microsoft’s April 2020 Security Update Summary and Deployment Information and apply the necessary updates. Security Update Summary: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr Deployment Information: https://support.microsoft.com/en-us/help/20200414/security-update-deployment-information-april-14-2020
Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain escalation of privileges. TT-CSIRT encourages users and administrators to review the following Intel advisories and apply the necessary updates or workarounds: Data Migration Software Advisory- INTEL-SA-00327 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html PROSet/Wireless WiFi Software Advisory- INTEL-SA-00338 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html Driver …
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to the following …
Cross Site Scripting (XSS) and Open Redirect vulnerabilities exist in vRealize Log Insight due to improper Input validation; (CVE-2020-3953) and (CVE-2020-3954) respectively. VMware has evaluated the severity of these issues to be in the important and moderate severity ranges with the Cross Site Scripting vulnerability having a maximum CVSSv3 base score of 8.4 and Open …
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. TT-CSIRT encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. ColdFusion: https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html After Effects: https://helpx.adobe.com/security/products/after_effects/apsb20-21.html Digital Editions: https://helpx.adobe.com/security/products/Digital-Editions/apsb20-23.html
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. Impact: Execute Unauthorized Code or Commands Affected Products: FortiADC version 5.3.4 and belowFortiADC version 5.4.0 and below Solutions: Upgrades to FortiADC versions 5.3.5 or above and FortiADC …
An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks GlobalProtect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks GlobalProtect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1. Severity: High (7) Solution: …
Be advised that security vulnerabilities were fixed in Firefox 74.0.1 and Firefox ESR 68.6.1 It should be noted that under certain conditions, when running the nsDocShell destructor and ReadableStream, a race condition can cause a use-after-free. Mozilla are aware of targeted attacks in the wild abusing this flaw. The Trinidad and Tobago Cyber Security Incident …