USN-4489-1: Linux kernel vulnerability

Or Cohen discovered that the AFPACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

NTFS Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially...

CVE-2020-3545 Cisco FXOS Software Buffer Overflow Vulnerability

A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this...

CVE-2020-3545 Cisco FXOS Software Buffer Overflow Vulnerability

A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this...

Cisco FXOS Software Buffer Overflow (cisco-sa-fxos-buffer-cSdmfWUt)

According to its self-reported version, Cisco Firepower Extensible Operating System FXOS is affected by a software buffer overflow vulnerability due to incorrect bounds checking that are parsed from a specific file. An authenticated, local attacker with with valid administrative credentials can...

RUSTSEC-2020-0039 `index()` allows out-of-bound read and `remove()` has off-by-one error

Slab::index does not perform the boundary checking, which leads to out-of-bound read access. Slab::remove copies an element from an invalid address due to off-by-one error, resulting in memory leakage and uninitialized memory drop...

Security Bulletin: A vulnerability in IBM WebSphere Application Server(Liberty profile) affects IBM Operations Analytics Predictive Insights (CVE-2020-4329)

Summary Websphere Application Server Liberty profile is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting Liberty profile has been disclosed in a security bulletin. Vulnerability Details CVEID: CVE-2020-4329 DESCRIPTION: I...

Security Bulletin: Information disclosure vulnerability in WebSphere Application Server - Liberty affects IBM MobileFirst Platform Foundation

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability: Information disclosure in WebSphere Application Server - Liberty Vulnerability Details CVEID: CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4...

Stack overflow

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578...

CVE-2020-4587

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578...

Pyre-Check - Performant Type-Checking For Python

Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providing instantaneous feedback to developers as they write code. Pyre ships with Pysa , a security focused static analysis tool we've built on top of Py...

CVE-2019-11848

An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values...

Design/Logic Flaw

An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values...

CVE-2019-11848 ALEOS AT Command API Abuse

An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values...

[SECURITY] Fedora 32 Update: roundcubemail-1.4.8-1.fc32

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 31 Update: roundcubemail-1.4.8-1.fc31

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

CVE-2020-8729

CVE-2020-8729 corresponds to a buffer copy issue in Intel® Server Boards, Server Systems and Compute Modules prior to firmware version 1.59 that may allow an authenticated local user to escalate privileges. The Intel advisory INTEL-SA-00384 documents this family of vulnerabilities and lists CVE-2...

August 11, 2020-KB4569748 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709

August 11, 2020-KB4569748 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709 Release Date: August 11, 2020 Version: .NET Framework 4.8 Summary Security improvements An elevation of privilege vulnerability exists when ASP.NET or .NET Framework web applications running on IIS...

Sensitive Information Disclosure

etcd is vulnerable to sensitive information disclosure. Lack of password strength checking length, coexistence of numbers and alphabets, etc during the creation or updating of a user password allows an attacker to brute-force the password easily if an administrator does not enforce a requirement ...

CVE-2020-6070

An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this...