823 matches found
CVE-2020-26867
CVE-2020-26867 concerns ARC Informatique PcVue deserialization of untrusted data, enabling remote arbitrary code execution on the web/mobile back-end server. Affected: PcVue versions prior to 12.0.17 (8.10–12.0.x). Root cause: insecure deserialization of messages on the interface. Impact: high-se...
CVE-2020-26867 ARC Informatique PcVue Deserialization of Untrusted Data
ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server...
CVE-2020-26869 ARC Informatique PcVue Exposure of Sensitive Information to an Unauthorized Actor
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit...
CVE-2020-26869
ARC Informatique PcVue Information Disclosure (CVE-2020-26869): PcVue versions 8.10 up to before 12.0.17 expose session data of legitimate users to unauthorized actors via Web Services Toolkit integration. ICSA-20-308-03 confirms the vulnerability and cites a CVSS v3 base score of 7.5 (Network, L...
CVE-2020-26868
The CVE-2020-26868 issue affects ARC Informatique PcVue versions prior to 12.0.17. It enables a denial-of-service by an unauthorized user who can modify data used to validate messages from legitimate web clients (also impacting systems based on the Web Services Toolkit). The ICS advisory confirms...
CVE-2020-26868 ARC Informatique PcVue Access to Critical Private Variable via Public Method
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit...
PT-2020-4303 · Arc Informatique · Pcvue
Name of the Vulnerable Software and Affected Versions: ARC Informatique PcVue versions prior to 12.0.17 Description: The issue is related to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server. This is due to...
PT-2020-16522 · Arc Informatique · Pcvue +1
Name of the Vulnerable Software and Affected Versions: ARC Informatique PcVue versions prior to 12.0.17 Description: The issue allows an unauthorized user to modify information used to validate messages sent by legitimate web clients, leading to a denial-of-service attack. This problem also affec...
An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c related to _arc_max_angle_for_tolerance_normalized.
...
An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
...
Security update for rust, rust-cbindgen (moderate)
openSUSE Security Update: Security update for rust, rust-cbindgen Announcement ID: openSUSE-SU-2020:0933-1 Rating: moderate References: 1115645 1154817 1173202 Cross-References: CVE-2020-1967 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has two fixes is now...
CVE-2020-10027 ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions...
vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities (CVE-2020-11651, CVE-2020-11652)
3. vRealize Operations Application Remote Collector ARC addresses Authentication Bypass CVE-2020-11651 and Directory Traversal CVE-2020-11652 vulnerabilities. The Application Remote Collector ARC introduced with vRealize Operations 7.5 utilizes Salt which is affected by CVE-2020-11651 and...
arc-gm.nihr.ac.uk Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1138671 Security Researcher g0bl1nsec Helped patch 3754 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting arc-gm.nihr.ac.uk website...
strong-arc (>=1.8.6 <=1.8.9), strong-mesh-client (>=1.3.5 <=2.0.2) +1 more potentially affected by CVE-2020-7621 via strong-nginx-controller (=1.0.2)
strong-nginx-controller NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on strong-nginx-controller and may be impacted: - strong-arc =1.8.6, =1.3.5, =6.0.1, =6.0.3 Source cves: CVE-2020-7621 Source advisory:...
CVE-2019-6462
An issue was discovered in cairo 1.16.0. There is an infinite loop in the function arcerrornormalized in the file cairo-arc.c, related to arcmaxanglefortolerancenormalized...
openSUSE Security Update : arc (openSUSE-2020-103)
This update for arc fixes the following issues : - CVE-2015-9275: Fixed a directory traversal vulnerability boo1121032. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2020-103. The text description of...
openSUSE: Security Advisory for arc (openSUSE-SU-2020:0103_1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2020:0103-1 Security update for arc
This update for arc fixes the following issues: - CVE-2015-9275: Fixed a directory traversal vulnerability boo1121032...
Security update for arc (moderate)
openSUSE Security Update: Security update for arc Announcement ID: openSUSE-SU-2020:0103-1 Rating: moderate References: 1121032 Cross-References: CVE-2015-9275 Affected Products: openSUSE Leap 15.1 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that fixes one vulnerability is n...