chromium-browser: Inappropriate implementation in WebRTC

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream...

CVE-2020-6514

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream...

Oracle E-Business Suite Human Resources SQL Injection (CVE-2020-2956)

An SQL execution vulnerability exists in the Position Hierarchy Viewer module of the Human Resources component in Oracle E-Business Suite. The vulnerability is due to use of untrusted user input to build a portion of an SQL query string...

CVE-2020-10039

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker in a privileged network position between a legitimate user and the web server might be able to conduct a Man-in-the-middle attack and gain read and write access to...

CVE-2020-10039

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker in a privileged network position between a legitimate user and the web server might be able to conduct a Man-in-the-middle attack and gain read and write access to...

WordPress Easy Testimonials plugin cross-site scripting vulnerability (CNVD-2020-52690)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Easy Testimonials is a sidebar testimonials button plugin used in it. A cross-site scripting vulnerability exists in WordPress Easy...

Curve: Sensitive Info Leak - An Attacker Can Retrieve All the Users Mobile Numbers at https://website-api.production.curve.app/api/waitlist/us

Hi, When am going through all the JS files in curve.com I found a link called "/usa" is used to create Curve USA Waitlists by entering your name, email address, mobile number and address details. F874173 Then there is a functionality called "Track my Position" by using which joined users can view...

UBUNTU-CVE-2020-14415

osswrite in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position...

Fedora 31 : webkit2gtk3 (2020-7f34d2cfd8)

Update to 2.28.2 : - Fix excessive CPU usage due to GdkFrameClock not being stopped. - Fix UI process crash when EGLWLbindwaylanddisplay extension is not available. - Fix position of select popup menus in X11. - Fix playing of Youtube live stream/H264 URLs. - Fix several crashes and rendering...

SUSE-SU-2020:1198-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution bsc1170643. Non-security issues fixed: - Update to version 2.28.2 bsc1170643: + Fix excessive CPU usage due to GdkFrameClock...

Fedora 30 : webkit2gtk3 (2020-bd170e803f)

Update to 2.28.2 : - Fix excessive CPU usage due to GdkFrameClock not being stopped. - Fix UI process crash when EGLWLbindwaylanddisplay extension is not available. - Fix position of select popup menus in X11. - Fix playing of Youtube live stream/H264 URLs. - Fix several crashes and rendering...

kernel: offset2lib allows for the stack guard page to be jumped over

A flaw was found in the Linux kernel's implementation of mapping ELF PIE binary loading to allow evasion of the stack-guard page protection mechanisms that intend to mitigate this behavior. This issue appears to be limited to i386 based systems...

CVE-2019-6203

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic...

CVE-2019-6203

CVE-2019-6203 affects Apple devices via the 802.1X component, where a logic/state-management issue could allow a privileged network-position attacker to intercept traffic. Apple’s security pages tie this to iOS 12.2, macOS Mojave 10.14.4, and tvOS 12.2, with fixes in those releases. The CVE is do...

Input validation

Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper validation of host header values. An attacker with a privileged network position, either a...

Streaming issues that are related to Microsoft Media Foundation in Windows 7

Streaming issues that are related to Microsoft Media Foundation in Windows 7 Symptoms A hotfix is available for Microsoft Media Foundation in Windows 7. This hotfix resolves the following streaming issues that relate to Media Foundation: Issue 1 You cannot stream some audio files to multiple...

CVE-2020-9770

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic...

CVE-2020-9770

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic...

CVE-2020-9770

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic...

The vulnerability of Firefox browser, related to an error in determining the user cursor position, which may be located over the address bar, allows attackers to compromise data integrity.

The vulnerability of Firefox browsers is related to an error in the determination of the user’s cursor position, which can be located above the address bar. Exploiting this vulnerability allows a remote attacker to compromise data integrity...