9185 matches found
RHEL 7 / 8 : OpenShift Container Platform 4.4.3 haproxy (RHSA-2020:1936)
The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1936 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
CVE-2020-8896 Buffer Overflow in Google Earth Pro
A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7.3.2 allows an attacker to perform a Man-in-the-Middle attack using a specially crafted key to read data past the end of the buffer used to hold it. Mitigation: Update to Google Earth P...
[SECURITY] Fedora 31 Update: rubygem-json-2.2.0-202.fc31
This is a implementation of the JSON specification according to RFC 4627 in Ruby. You can think of it as a low fat alternative to XML, if you want to store data to disk or transmit it over a network rather than use a verbose markup language...
Junos OS: Established BGP Session Termination Vulnerability (JSA10996)
The version of Junos OS installed on the remote host is 12.3, 12.3X48, 14.1X53 or prior to 15.1R7-S5, 15.1F6-S13, 15.1X49-D180, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 16.1R7-S7, 17.1R2-S12, 17.2R2-S7, 17.2X75-D102, 17.3R2-S5, 17.4R1-S8, 18.1R2-S4, or 18.2X75-D20. It is, therefore, affected by ...
Debian DSA-4667-1 : linux - security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. - CVE-2020-2732 Paulo Bonzini discovered that the KVM implementation for Intel processors did not properly handle instruction emulation for L2 guests...
USN-4346-1: Linux kernel vulnerabilities
It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service system crash. CVE-2019-16233 It was discovered that the Intel Wi-Fi driver in t...
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4346-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4346-1 advisory. It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A loc...
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4344-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4344-1 advisory. It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly u...
[SECURITY] Fedora 32 Update: libssh-0.9.4-2.fc32
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...
CVE-2019-4751
IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311...
Information disclosure
IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311...
CVE-2019-4751
CVE-2019-4751 affects IBM Cloud App Management 2019.3.0 and 2019.4.0, where API requests reveal a stack trace that can disclose implementation details. This is an information-disclosure vulnerability stemming from stack traces exposed by the service. Affected versions: IBM Cloud App Management V2...
CVE-2019-4751
IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311...
Relies on undefined behavior of `char::from_u32_unchecked`
The Windows implementation of this crate relied on the behavior of std::char::fromu32unchecked when its safety clause is violated. Even though this worked with Rust versions up to 1.42 at least, that behavior could change with any new Rust version, possibly leading a security issue. The flaw was...
RUSTSEC-2020-0012 Relies on undefined behavior of `char::from_u32_unchecked`
The Windows implementation of this crate relied on the behavior of std::char::fromu32unchecked when its safety clause is violated. Even though this worked with Rust versions up to 1.42 at least, that behavior could change with any new Rust version, possibly leading a security issue. The flaw was...
CVE-2020-11796
In JetBrains Space through 2020-04-22, the password authentication implementation was insecure...
Authentication flaw
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 North America CDMA software. The LTE protocol implementation allows a bypass of AKA Authentication and Key Agreement. The LG ID is LVE-SMP-180014 February 2019...
CVE-2020-3162
A vulnerability in the Constrained Application Protocol CoAP implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input validation of incoming Co...
Security feature bypass
A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography ECC implementation.An attacker could potentially abuse these bugs to learn information about a server’s private ECC key a key...
CVE-2020-1026
A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography ECC implementation.An attacker could potentially abuse these bugs to learn information about a server’s private ECC key a key...