VMware has published a security advisory to address a Time-of-check Time-of-use (TOCTOU) issue in the service opener, an issue in the shader functionality and a memory leak vulnerability in the VMCI module.
Drupal has released security advisories to address cross site scripting and open redirect vulnerabilities in the jQuery library and the "drupal_goto" function of Drupal Core.
Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.
Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. These security updates addressed multiple remote code execution vulnerabilities that are under active exploitation.
Red Hat has released new versions of JBoss Enterprise Application Platform to address multiple vulnerabilities in the Apache JServ Protocol (AJP), Apache Thrift and OpenSSL security provider.
VMware has published a security advisory to address use-after-free vulnerability in vmnetdhcp, improper file permissions in Cortado Thinprint, and improper protection for the configuration files of the VMware USB arbitration service.
Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. Reports indicate that active exploitation against the vulnerability in Microsoft Exchange Server for remote code execution have been observed. Microsoft also identified a new vulnerability in its Server Message Block 3.1.1 (SMBv3) protocol.
A vulnerability was found in Extensible Authentication Protocol (EAP) packet processing in eap_request and eap_response of the pppd (Point-to-Point Protocol Daemon).
ESET has published a security report revealing technical details about a vulnerability in FullMAC wireless chipset manufactured by Broadcom and Cypress.
Microsoft has published a security advisory (ADV200001) to mitigate a remote code execution vulnerability in the JScript.dll of the Microsoft Internet Explorer.
Microsoft has published a security advisory (ADV200001) to mitigate a remote code execution vulnerability in the JScript.dll of the Microsoft Internet Explorer.
Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.
A vulnerability has been found in Citrix ADC and Citrix Gateway. An unauthenticated remote attacker may send a specially crafted command to an affected system to exploit the vulnerability.
Mozilla has published two security advisories (MFSA 2020-01 and MFSA 2020-02) to address multiple browser vulnerabilities. Reports indicate that active exploitation against the vulnerability has been observed.
