ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.6.0) +35 more potentially affected by CVE-2020-13596 via django (>=2.2.0 <=2.2.12)

django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.3.0a0, =0.0.1, =0.0.1, =0.0.26 and more Source cves: CVE-2020-13596 Source advisory: OSV:GHSA-2M34-JCJV-45XF...

ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.6.0) +35 more potentially affected by CVE-2020-13254 via django (>=2.2.0 <=2.2.12)

django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.3.0a0, =0.0.1, =0.0.1, =0.0.26 and more Source cves: CVE-2020-13254 Source advisory: OSV:GHSA-WPJR-J57X-WXFW...

Veeam Backup for Microsoft 365 Modern App-Only Authentication Limitations

Information Veeam Backup for Microsoft 365 v8 and higher Due to Microsoft's deprecation of Basic Authentication, the only option available when adding a new Microsoft 365 organization to Veeam Backup for Microsoft 365 v8 is Modern App-Only Authentication. Veeam Backup for Microsoft 365 v7 and v7a...

The vulnerabilities of the functions BasicSocket#recv_nonblock and BasicSocket#read_nonblock in the Ruby programming language allow attackers to gain unauthorized access to protected information.

The vulnerability of the BasicSocketrecvnonblock and BasicSocketreadnonblock functions in the Ruby programming language is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...

Cisco Adaptive Security Appliance Software Lightweight Directory Access Protocol Denial of Service Vulnerability (cisco-sa-20190501-asa-ftds-ldapdos)

According to its self-reported version, the Cisco ASA device is affected by a vulnerability in the implementation of the Lightweight Directory Access Protocol LDAP feature in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated,...

Virtuozzo Hybrid Server 7.5 Update 1 Hotfix 2 (7.5.1-736)

The Hotfix 2 for Virtuozzo Hybrid Server 7.5 Update 1 provides a stability and usability bug fix. All customers that use CloudBlue Cloud Infrastructure Automation with Virtuozzo Hybrid Server 7.5 and newer are strongly recommended to install the hotfix. Vulnerability id: PSBM-125586 Cloud...

CVE-2020-1058

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1060, CVE-2020-1093...

The vulnerability of the VBScript script handler in Internet Explorer allows a hacker to execute arbitrary code.

The vulnerability of VBScript script handlers in Internet Explorer is related to errors in memory object handling. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CNVD-2020-51780)

Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from Microsoft Corporation.VBScript Engine is one of the VBScript scripting language engines. A remote code execution vulnerability exists in the way the VBScript Engine handles memory objects in Microsof...

May 12, 2020—KB4556826 (OS Build 10240.18575)

May 12, 2020—KB4556826 OS Build 10240.18575 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates to improve security when using Internet Explorer. Updates to improve...

CVE-2019-19514

Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic repeater settings via an SSID...

ALPINE-CVE-2020-10933

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocketreadnonblockrequestedsize, buffer, exception: false, the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous valu...

Schneider Electric EcoStruxure Machine Expert-Basic or SoMachine Basic Injection Vulnerability

Schneider Electric EcoStruxure Machine Expert-Basic and SoMachine Basic are both products of Schneider Electric, France.Schneider Electric EcoStruxure Machine Expert-Basic is a PLC configuration application. The program is mainly used for programmable logic controller configuration, programming a...

CVE-2020-7490

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic V1.1 HotFix 15 and prior and Vijeo Designer V6.9 SP9 and prior, which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product...

CVE-2020-7490

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic V1.1 HotFix 15 and prior and Vijeo Designer V6.9 SP9 and prior, which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product...

CVE-2020-7489

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software versions in security notification. The result of this vulnerability, DLL substitution, coul...

PT-2020-19607

Name of the Vulnerable Software and Affected Versions EcoStruxure Machine Expert – Basic or SoMachine Basic programming software affected versions not specified Description A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' issue exists, whi...

April 14, 2020—KB4550922 (OS Build 17134.1425)

April 14, 2020—KB4550922 OS Build 17134.1425 NEW IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional...

Description of the security update for Project 2016: April 14, 2020

Description of the security update for Project 2016: April 14, 2020 Summary This security update resolves a remote code execution vulnerability that exists if Microsoft Office incorrectly loads arbitrary type libraries. To learn more about the vulnerability, see Microsoft Common Vulnerabilities a...

Description of the security update for Project 2010: April 14, 2020

Description of the security update for Project 2010: April 14, 2020 Summary This security update resolves a remote code execution vulnerability that exists when Microsoft Office improperly loads arbitrary type libraries. To learn more about the vulnerability, see Microsoft Common Vulnerabilities...