CVE-2020-1117

CVE-2020-1117 affects the Color Management Module in Windows (ICM32.dll). FireEye’s analysis documents a heap-based overflow in icm32 occurring during InitNamedColorProfileData while parsing the ‘ncl2’ color-profile element, due to using an incorrect offset (0x51) for verification and advancing t...

CVE-2020-1117

A remote code execution vulnerability exists in the way that the Color Management Module ICM32.dll handles objects in memory, aka 'Microsoft Color Management Remote Code Execution Vulnerability'...

Microsoft Color Management Remote Code Execution Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A remote code execution vulnerability exists in the handling of memory objects in the...

Microsoft Color Management Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the Color Management Module ICM32.dll handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data;...

CVE-2020-5881

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition VE is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer NDAL Interfaces can lock up and in turn disrupting the communicatio...

IBM Tivoli Netcool Impact Denial of Service Vulnerability

IBM Tivoli Netcool Impact is a suite of network management software from IBM in the United States. The software has the ability to automate business-critical functions and provide a platform that provides unified access to real-time data, events and indicators. A security vulnerability exists in...

CVE-2020-4236

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an authenticated user to cause a denial of service due to improper content parsing in the project management module. IBM X-Force ID: 175409...

CVE-2020-4236

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an authenticated user to cause a denial of service due to improper content parsing in the project management module. IBM X-Force ID: 175409...

Security Bulletin: Denial of service vulnerability in IBM Tivoli Netcool Impact (CVE-2020-4236)

Summary There is a denial of service vulnerability in IBM Tivoli Netcool Impact. Vulnerability Details CVEID: CVE-2020-4236 DESCRIPTION: IBM Tivoli Netcool Impact could allow an authenticated user to cause a denial of service due to improper content parsing in the project management module. CVSS...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSSL (CVE-2012-4929)

Summary The following vulnerability in OpenSSL has been addressed by IBM Integrated Management Module II IMM2. Vulnerability Details CVEID: CVE-2012-4929 DESCRIPTION: The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome,Qt, and other products, can encrypt compressed data...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a vulnerability with the IPv6 networking support (CVE-2015-2922)

Summary The following vulnerability in IPv6 has been addressed by IBM Integrated Management Module II IMM2. Vulnerability Details CVEID: CVE-2015-2922 DESCRIPTION: Linux Kernel, built with the IPv6 networking supportCONFIGIPV6, is vulnerable to a denial of service, caused by the improper handling...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a libcurl security vulnerability (CVE-2019-5482)

Summary IBM Integrated Management Module II IMM2 is affected by a libcurl security vulnerability CVE-2019-5482 Vulnerability Details CVEID: CVE-2019-5482 DESCRIPTION: cURL libcurl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tftpreceivepacket function. ...

F5 BIG-IP connector profile denial of service vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A security vulnerability exists in F5 BIG-IP. An attacker could exploit the vulnerability to temporarily fail to handle traffi...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSSH (CVE-2018-15919)

Summary The following vulnerability in OpenSSH has been addressed by IBM Integrated Management Module II IMM2. Vulnerability Details CVEID: CVE-2018-15919 DESCRIPTION: Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of user...

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by Linux kernel vulnerability (CVE-2019-11477)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following Linux kernel vulnerability. Vulnerability Details CVEID: CVE-2019-11477 DESCRIPTION: Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when...

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in SQLite (CVE-2018-20346)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in SQLite. Vulnerability Details CVEID: CVE-2018-20346 DESCRIPTION: SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3...

F5 BIG-IP Input Validation Error Vulnerability (CNVD-2020-00237)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An input validation error vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to cause a TMM reboot with...

CVE-2019-15524

CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI...

Remote code execution

CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI...

F5 SSL Orchestrator Input Validation Error Vulnerability

F5 SSL Orchestrator is an all-in-one appliance solution for SSL infrastructures from F5, Inc. that provides policy-based dynamic decryption, encryption and traffic control. An input validation error vulnerability exists in F5 SSL Orchestrator. An attacker could exploit this vulnerability to cause...