openSUSE: Security Advisory for postgresql10 (openSUSE-SU-2020:1312-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

cairo 1.16.0 in cairo_ft_apply_variations() in cairo-ft-font.c would free memory using a free function incompatible with WebKit's fastMalloc leading to an application crash with a "free(): invalid pointer" error.

...

OSV-2020-1554 Object-size in void hb_ot_map_t::apply<GPOSProxy>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24508 Crash type: Object-size Crash state: void hbotmapt::apply hbotmapt::position hbotshapeplant::position...

OSV-2020-1441 Heap-buffer-overflow in void apply_sao_internal<unsigned short>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21935 Crash type: Heap-buffer-overflow READ 1 Crash state: void applysaointernal void applysao threadtasksao::work...

Security Bulletin: Public disclosed vulnerability from Cacti affects IBM Spectrum LSF RTM and IBM Spectrum LSF Suite for HPA

Summary Public disclosed vulnerability from Cacti affects IBM Spectrum LSF RTM and IBM Spectrum LSF Suite for HPA. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Spectrum LSF RTM|...

PT-2020-14691 · D Link · D-Link Dap-1520

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1520 versions prior to 1.10b04Beta02 Description: An issue was discovered in the apply.cgi of D-Link DAP-1520 devices. The problem arises when a user performs a login action from the web interface, and the request values are...

PT-2020-5461

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.6.1 through 11.6.5.1 F5 BIG-IP versions 12.1.0 through 12.1.5.1 F5 BIG-IP versions 13.1.0 through 13.1.3.3 F5 BIG-IP versions 14.1.0 through 14.1.2.5 F5 BIG-IP versions 15.0.0 through 15.1.0.3 Description The Traffic...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the following...

Microsoft Releases June 2020 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

PALLET CONTROL vulnerable to arbitrary code execution

Overview PALLET CONTROL provided by JAL Information Technology Co., Ltd. is IT asset management software. PALLET CONTROL contains an arbitrary code execution vulnerability due to improper file access permission CWE-284. Yoshimasa Obana reported this vulnerability to IPA. JPCERT/CC coordinated wit...

Mozilla Releases Security Updates for Firefox and Firefox ESR 

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Security update for git (moderate)

openSUSE Security Update: Security update for git Announcement ID: openSUSE-SU-2020:0598-1 Rating: moderate References: 1063412 1095218 1095219 1110949 1112230 1114225 1132350 1149792 1156651 1158785 1158787 1158788 1158789 1158790 1158791 1158792 1158793 1158795 1167890 1168930 1169605 1169786...

PT-2020-2537

Name of the Vulnerable Software and Affected Versions Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241 Description The issue is related to insufficient access control in the Libraries component of Java SE and Java SE Embedded, allowing an unauthenticated attacker with...

JVN#89224521: Multiple vulnerabilities in EasyBlocks IPv6

EasyBlocks IPv6 provided by Plat'Home Co., Ltd. contains multiple vulnerabilities listed below. Cross site request forgeryCWE-352 - CVE-2020-5549 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base...

Google Releases Security Updates for Chrome

Google has released Chrome version 80.0.3987.132 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

CVE-2019-20478

A vulnerability was discovered in the ruamel.yaml library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the load method. Applications that use ruamel.yaml to process untrusted input may be vulnerable to this flaw. An attacker could use this fl...

pacman command injection vulnerability

pacman is a package manager used in Linux. A command injection vulnerability exists in the 'applydeltas' function in the lib/libalpm/sync.c file in pacman versions prior to 5.2. The vulnerability stems from a network system or product not properly filtering special elements of external input data...

CVE-2019-18183

pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the applydeltas function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted...

OS command injection in git-diff-apply

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

GHSA-84CM-V6JP-GJMR OS command injection in git-diff-apply

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...