VLC < 2.2.4 DoS

The version of VLC media player installed on the remote host with version prior to 2.2.4, is affected by a denial of service vulnerability. A buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN allows remote attackers to cause a denial of service crash or possibl...

Fedora: Security Advisory for gst (FEDORA-2020-3d23d3ea02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4408-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : telnet (ALAS-2020-1387)

The version of telnet installed on the remote host is prior to 0.17-49.9. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1387 advisory. utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent dat...

USN-4407-1: LibVNCServer vulnerabilities

It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. CVE-2019-15680 It was discovered that an information disclosure vulnerability existed in LibVNCServer when sendin...

Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2020-1688)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Input validation

A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by...

EulerOS 2.0 SP2 : xulrunner (EulerOS-SA-2020-1619)

According to the versions of the xulrunner package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to...

CVE-2020-4470

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725...

CVE-2020-14080

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to applysec.cgi via the action pingtest with a sufficiently long pingipaddr key...

CVE-2020-8337

An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code...

Mozilla Thunderbird Security Advisories (MFSA2020-20, MFSA2020-22) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla Firefox ESR Security Advisories (MFSA2020-20, MFSA2020-21) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities.

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerabilities. Jackson-databind has known vulnerabilities in IBM Identity Governance and Intelligence. Vulnerability Details CVEID: CVE-2017-15095 DESCRIPTION: Jackson Library...

Ubuntu: Security Advisory (USN-4360-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated transmission packages fix security vulnerability

Updated transmission packages fix security vulnerability: Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted torrent file CVE-2018-10756...

Microsoft Edge (Chromium-Based) Multiple Vulnerabilities (May 2020)

This host is missing an important security update according to Microsoft Edge Chromium-Based updates. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

KLA11790 Multiple vulnerabilities in Apple iCloud

Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, execute arbitrary code, obtain sensitive information, cause denial of service. Below is a complete list of vulnerabilities: 1. A logic vulnerability in...

CVE-2005-1513

Integer overflow in the strallocreadyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request...

CVE-2005-1515

Integer signedness error in the qmailput and substdioput functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO commands...