OSV-2020-224 Use-of-uninitialized-value in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23038 Crash type: Use-of-uninitialized-value Crash state: std::1::basicstring, std::1::allocator, std::1::allocatorch pcpp::IDnsResource::IDnsResource...

Timing attack on django-basic-auth-ip-whitelist

Impact Potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character...

GHSA-M38J-PMG3-V5X5 Timing attack on django-basic-auth-ip-whitelist

Impact Potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character...

Mattermost Desktop App Authorization Issue Vulnerability

Mattermost Desktop App is a messaging desktop application from Mattermost USA. An authorization issue vulnerability exists in Mattermost Desktop App versions prior to 4.4.0, which stems from the program failing to properly handle the popup of the HTTP Basic Authentication box and can be exploited...

The vulnerability of the OpenOffice office suite is related to errors in applying Visual Basic for Applications (VBA) macros for security settings. This allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the OpenOffice office suite is related to errors in applying macros’ security settings in Visual Basic for Applications VBA. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

CVE-2020-14455

An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007...

CVE-2020-14455

An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007...

Authentication flaw

An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007...

CVE-2020-14455

Technical details beyond the provided description are not publicly available in the supplied documents. Monitor for updates.

CVE-2020-14455

An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007...

CVE-2020-14445

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console Basic Policy Editor user Interface...

Cross site scripting

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console Basic Policy Editor user Interface...

PT-2020-14005 · Wso2 · Wso2 Identity Server +1

Name of the Vulnerable Software and Affected Versions: WSO2 Identity Server versions through 5.9.0 WSO2 IS as Key Manager versions through 5.9.0 Description: A potential Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console Basic Policy Editor user...

CVE-2020-7501

CVE-2020-7501 affects Schneider Electric’s Vijeo Designer Basic (V1.1 HotFix 16 and earlier) and Vijeo Designer (V6.2 SP9 and earlier). The vulnerability is a CWE-798 hard-coded credentials issue that could enable unauthorized read and write during project or firmware download/upload operations i...

CVE-2020-1216

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1230, CVE-2020-1260...

CVE-2020-1213

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260...

April 14, 2020—KB4549951 (OS Builds 18362.778 and 18363.778) - EXPIRED

April 14, 2020—KB4549951 OS Builds 18362.778 and 18363.778 - EXPIRED NEW 8/5/21 EXPIRATION NOTICEIMPORTANT As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security...

Description of the security update for Office 2010: June 9, 2020

Description of the security update for Office 2010: June 9, 2020 Summary This update resolves a security feature bypass vulnerability that exists if Microsoft Outlook or another relevant product does not enforce security settings that are configured on a system. To learn more about the...

Description of the security update for Office 2016: June 9, 2020

Description of the security update for Office 2016: June 9, 2020 Summary This update resolves a security feature bypass vulnerability that exists if Microsoft Outlook or another relevant product does not enforce security settings that are configured on a system. To learn more about the...

Security update for axel (moderate)

openSUSE Security Update: Security update for axel Announcement ID: openSUSE-SU-2020:0778-1 Rating: moderate References: 1172159 Cross-References: CVE-2020-13614 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for axel fixes...