3096 matches found
Mass surveillance alone will not save us from coronavirus
As the pattern-shattering truth of our new lives drains heavy—as coronavirus rends routines, raids our wellbeing, and whiplashes us between anxiety and fear—we should not look to mass digital surveillance to bring us back to normal. Already, governments have cast vast digital nets. South Koreans...
PT-2020-12812
Name of the Vulnerable Software and Affected Versions Media Library Assistant plugin versions prior to 2.82 Description The issue is related to a Local File Inclusion vulnerability. It affects the mla gallery link when set to download. Recommendations For versions prior to 2.82, update to version...
[SECURITY] Fedora 31 Update: nss-3.51.0-1.fc31
Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...
Virtual memory size of Explorer increases when you open programs continuously in Windows 8.1 or Windows Server 2012 R2
Virtual memory size of Explorer increases when you open programs continuously in Windows 8.1 or Windows Server 2012 R2 This article describes a memory leak issue in the Explorer.exe process in Windows 8.1, Windows RT 8.1, or Windows Server 2012 R2. An update is available to fix this issue. Before...
CVE-2020-1992
A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card LFC allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS...
CVE-2019-14887
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...
CVE-2020-5283
ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS showsubdirlastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the...
CVE-2020-10861
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service AvastSvc.exe allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled...
CVE-2020-11445
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855...
Authentication flaw
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855...
PT-2023-3403
Name of the Vulnerable Software and Affected Versions ImageMagick affected versions not specified Description A security flaw in ImageMagick causes a remote code execution vulnerability in OpenBlob when --enable-pipes is configured. This vulnerability exists due to the lack of measures to...
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...
Red Hat Wildfly Encryption Problem Vulnerability
Red Hat Wildfly is the United States Red Hat Red Hat, Inc. of a lightweight JavaEE-based open source application server . A security vulnerability exists in Red Hat Wildfly used with the OpenSSL security provider that stems from a program failing to enforce the 'enabled-protocols' setting of the...
Discourse < 2.4.0.beta6 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
Cisco IOS Software Network-Based Application Recognition Denial of Service Vulnerabilities
According to its self-reported version, Cisco IOS Software is affected by following multiple vulnerabilities - Multiple vulnerabilities in the Network-Based Application Recognition NBAR feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to caus...
CVE-2019-14887
CVE-2019-14887 affects WildFly when using the OpenSSL security provider: the configured enabled-protocols setting is not honored, allowing downgrading TLS for traffic and potentially leaking data. Affected WildFly releases include 7.2.0.GA, 7.2.3.GA, and 7.2.5.CR2. The issue is referenced in Red ...
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...