JerryScript ecma_is_lexical_environment buffer overflow vulnerability

JerryScript is a lightweight JavaScript engine from the JerryScript project. jerryScript ecmaislexicalenvironment has a buffer overflow vulnerability that can be exploited by attackers to submit special requests that can crash an application or execute arbitrary code...

Oracle Linux 8 : virt:ol (ELSA-2020-1358)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1358 advisory. - Resolves: bz1791565 CVE-2020-7039 virt:rhel/qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcpemu rhel-8.1.0.z - Resolves:...

CVE-2020-17446

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder...

Security Bulletin: IBM i2 Analysts' Notebook and IBM i2 Analysts' Notebook Premium Memory vulnerabilities

Summary Multiple memory corruption vulnerabilities have been found in the IBM i2 Analysts' Notebook, and IBM i2 Analysts' Notebook Premium. Please see linked CVE's for details. Vulnerability Details CVEID: CVE-2020-4549 DESCRIPTION: IBM i2 Analyst's Notebook could allow a local attacker to execut...

Ubuntu: Security Advisory (USN-4450-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-16199

Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read/modify information, execute arbitrary code, and/or crash the...

CVE-2020-4553

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force I...

CVE-2020-4550

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force I...

CVE-2020-4553

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force I...

CVE-2020-15433

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxphppecl.php. When parsing the phpversion parameter, the process...

CVE-2020-15715

rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter...

Code injection

rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter...

About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

KLA11917 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in WebUSB can be exploited to cause denial of service. 2. Heap...

Adobe Bridge Security Update (APSB20-44) - Windows

Adobe Bridge is prone to multiple vulnerabilities Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Ubuntu: Security Advisory (USN-4434-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Hyper-V RemoteFX vGPU Buffer Overflow Vulnerability (CNVD-2020-45324)

Microsoft Windows is a popular operating system. A buffer overflow vulnerability exists in Microsoft Hyper-V RemoteFX vGPU that originates from a program's inability to properly validate authenticated user input on a virtual machine operating system. An attacker could exploit the vulnerability by...

Amazon Linux AMI : qemu-kvm (ALAS-2020-1400)

The version of qemu-kvm installed on the remote host is prior to 1.5.3-156.19. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1400 advisory. In libslirp 4.1.0, as used in QEMU 4.2.0, tcpsubr.c misuses snprintf return values, leading to a buffer overflow in...

Security Bulletin: Multiple vulnerabilities in openssl, gnutl, mysql, kernel, glibc, ntp shipped with SmartCloud Entry Appliance

Summary Multiple vulnerabilities have been idintified in openssl, gnutl, mysql, kernel, glibc and ntp shipped with SmartCloud Entry Appliance. SmartCloud Entry Appliance has addressed the vulnerabilities. Vulnerability Details CVEID: CVE-2016-8610 DESCRIPTION: The SSL/TLS protocol is vulnerable t...

Input validation

A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied...