SUSE-SU-2020:3181-1 Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-2415 fixes one issue. The following security issue was fixed: - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc....

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-2176)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-25212

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452...

Code injection

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452...

SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1514-1)

This update for qemu fixes the following issues : Security issues fixed : CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code bsc1166240. CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation bsc1146873. CVE-2020-1983: Fixed a use-after-free in the ipreass...

SUSE SLES12 Security Update : qemu (SUSE-SU-2020:1538-1)

This update for qemu fixes the following issues : Security issues fixed : CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code bsc1166240. CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation bsc1146873. CVE-2020-1983: Fixed a use-after-free in the ipreass...

Fifthplay S.A.M.I Cross-Site Scripting Vulnerability

Fifthplay S.A.M.I is a management interface used in Fifthplay products from Fifthplay Belgium. A cross-site scripting vulnerability exists in versions prior to Fifthplay S.A.M.I 2019.3HP2. The vulnerability stems from the WEB application lacking proper validation of client data. An attacker can...

CVE-2020-8794

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce...

CVE-2020-8794

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce...

SolarWinds Orion Platform Cross-Site Scripting Vulnerability (CNVD-2020-04012)

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user opinions, and a mapped view of the entire network. A...

Debian DLA-2016-1 : ssvnc security update

Several vulnerabilities have been identified in the VNC code of ssvnc, an encryption-capable VNC client.. The vulnerabilities referenced below are issues that have originally been reported against Debian source package libvncserver which also ships the libvncclient shared library. The ssvnc sourc...

SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2019:2866-1)

This update for provides the following fixes : Following security issues were fixed : CVE-2019-14847: User with 'get changes' permission could have crashed AD DC LDAP server via dirsync bsc1154598. CVE-2019-10218: Client code could have returned filenames containing path separators bsc1144902...

SUSE-SU-2019:2868-1 Security update for samba

This update for samba fixes the following issues: Security issues fixed: - CVE-2019-14847: User with 'get changes' permission can crash AD DC LDAP server via dirsync bsc1154598. - CVE-2019-10218: Client code can return filenames containing path separators bsc1144902. - CVE-2019-14833: Fixed Accen...

Client code can return filenames containing

Description Samba client code libsmbclient returns server-supplied filenames to calling code without checking for pathname separators such as "/" or "../" in the server returned names. A malicious server can craft a pathname containing separators and return this to client code, causing the client...

WordPress Easy Digital Downloads Reviews extension cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Easy Digital Downloads EDD Reviews extension is a FAQ plugin used in it. A cross-site scripting vulnerability exists in the WordPress...

HongCMS Cross-Site Scripting Vulnerability (CNVD-2019-36220)

HongCMS is an open source lightweight content management system CMS. A cross-site scripting vulnerability exists in HongCMS. An attacker can exploit this vulnerability to execute client-side code...

Craft CMS Cross-Site Scripting Vulnerability (CNVD-2019-35848)

Craft CMS is a content management system CMS. A cross-site scripting vulnerability exists in Craft CMS versions prior to 3.3.8 that can be exploited by an attacker to execute client-side code...

samba -- multiple vulnerabilities

The samba project reports: Malicious servers can cause Samba client code to return filenames containing path separators to calling code. When the password contains multi-byte non-ASCII characters, the check password script does not receive the full password string. Users with the "get changes"...

WordPress shortcode-factory plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. shortcode-factory is a plugin that provides ready-to-use shortcodes. A cross-site scripting vulnerability exists in the WordPress...

UNA Cross-Site Scripting Vulnerability

UNA is a full-stack software platform for building custom community websites, social networks and collaboration centers. A cross-site scripting vulnerability exists in studio/buildermenu.php?page=sets in UNA version 10.0.0-RC1, which stems from a lack of proper validation of client-side data in t...