[SECURITY] Fedora 33 Update: pngcheck-2.4.0-8.fc33

pngcheck verifies the integrity of PNG, JNG and MNG files by checking the internal 32-bit CRCs checksums and decompressing the image data; it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statist i...

CVE-2021-1074

NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires...

CVE-2021-1074

NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires...

PT-2021-4110 · Genivia +1 · Genivi Diagnostic Log/Trace +1

Name of the Vulnerable Software and Affected Versions: GENIVI Diagnostic Log and Trace DLT versions 2.10.0 through 2.18.6 Description: The issue is related to the incorrect handling of special characters in configuration files, which can cause a vulnerable component to crash. This can lead to...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7 file-integrity-operator image security update

The file-integrity-operator image update is now available for OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6 file-integrity-operator image security update

A new file-integrity-operator image update is now available for OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

curl: Incorrect argument check can allow remote servers to overwrite local files

A flaw was found in curl. Overwriting local files is possible when using a certain combination of command line options. Requesting content from a malicious server could lead to overwriting local files with compromised files leading to unknown effects. The highest threat from this vulnerability is...

Solorigate/Sunburst : FireEye Breach Leveraged SolarWinds Orion Software

Update Dec 23, 2020: Added new section describing how to reduce risk with File Integrity Monitoring. Update Dec 22, 2020: FireEye Red Team tools & Solorigate/SUNBURST On December 13, SolarWinds released a security advisory regarding a successful supply-chain attack on the Orion management platfor...

curl: Incorrect argument check can allow remote servers to overwrite local files

A flaw was found in curl. Overwriting local files is possible when using a certain combination of command line options. Requesting content from a malicious server could lead to overwriting local files with compromised files leading to unknown effects. The highest threat from this vulnerability is...

Nextcloud Server Encryption Vulnerability

Nextcloud is a set of client-server software for creating network hard disks.Nextcloud Server is the server. An encryption vulnerability exists in Nextcloud Server 19.0.1. An attacker could use this vulnerability to degrade the encryption scheme and compromise the integrity of encrypted files...

CVE-2020-8150

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files...

curl: Incorrect argument check can allow remote servers to overwrite local files

A flaw was found in curl. Overwriting local files is possible when using a certain combination of command line options. Requesting content from a malicious server could lead to overwriting local files with compromised files leading to unknown effects. The highest threat from this vulnerability is...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-2337)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : curl (EulerOS-SA-2020-2337)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1961)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.2.0 : curl (EulerOS-SA-2020-1961)

According to the version of the curl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A flaw was found in curl. Overwriting local files is possible when using a certain combination of command line options...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1907)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Trend Micro Vulnerability Protection and Deep Security Manager Integrity Validation Bypass Vulnerability

Trend Micro Vulnerability Protection is an endpoint vulnerability protection product that provides one step faster and stronger endpoint protection.Trend Micro Deep Security provides advanced server security for physical, virtual, and cloud servers.Deep Security Manager is a centralized Deep...

EulerOS Virtualization for ARM 64 3.0.6.0 : curl (EulerOS-SA-2020-1907)

According to the version of the curl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A flaw was found in curl. Overwriting local files is possible when using a certain combination of command line options...

CVE-2020-8602

A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution...