9185 matches found
FreeBSD : GnuTLS -- flaw in DTLS protocol implementation (d887b3d9-7366-11ea-b81a-001cc0382b2f)
The GnuTLS project reports : It was found that GnuTLS 3.6.3 introduced a regression in the DTLS protocol implementation. This caused the DTLS client to not contribute any randomness to the DTLS negotiation breaking the security guarantees of the DTLS protocol. C Tenable Network Security, Inc. The...
Moderate: Red Hat Security Advisory: texlive security update
An update for texlive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
CVE-2018-5703
The tcpv6synrecvsock function in net/ipv6/tcpipv6.c in the Linux kernel, through 4.14.11, allows attackers to cause a denial of service slab out-of-bounds write or possibly have unspecified other impact via vectors involving in-kernel TLS implementation. Due to the nature of the flaw, privilege...
March 2020 - Professional Services and the Media Industry
In today's ever-shifting market, we recognize that you need to be constantly adapting, and Akamai provides a way to enhance your customers' experiences through our unique expertise, helping you unlock the value of Akamai's products and services. Professional Services' primary mission is to drive...
Debian DSA-4645-1 : chromium - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-20503 Natalie Silvanovich discovered an out-of-bounds read issue in the usrsctp library. - CVE-2020-6422 David Manouchehri discovered a use-after-free issue in the WebGL implementation. - CVE-2020-6424 Sergei...
DEBIAN-CVE-2020-6426
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2020-6426
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Design/Logic Flaw
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
[SECURITY] [DSA 4645-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4645-1 [email protected] https://www.debian.org/security/ Michael Gilbert March 22, 2020 https://www.debian.org/security/faq -...
Authentication flaw
Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit...
CVE-2020-1864
CVE-2020-1864 affects Huawei Secospace AntiDDoS8000 series (V500R001C00, V500R001C20, V500R001C60, V500R005C00). Root cause is improper authentication implementation that allows a remote attacker to obtain information and forge the peer device to send specific packets, enabling connection to the ...
CVE-2020-6426
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
SuiteCRM .htaccess Protection Mechanism Incorrectly Implemented Vulnerability
SuiteCRM is a free open source customer relationship management application. SuiteCRM is vulnerable to an incorrect implementation of the .htaccess protection mechanism. No detailed vulnerability details are provided at this time...
[SECURITY] Fedora 32 Update: opensmtpd-6.6.4p1-2.fc32
OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defi ned by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTP...
Design/Logic Flaw
An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data...
CVE-2020-10571
An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data...
CVE-2019-14303
Ricoh SP C250DN 1.05 devices allow denial of service issue 1 of 3. Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability...
Debian DSA-4638-1 : chromium - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-19880 Richard Lorenz discovered an issue in the sqlite library. - CVE-2019-19923 Richard Lorenz discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-19925 Richard Lorenz discovered an issue in...
Visma Bug Bounty Program: [IDOR]Ability to Pause & Resume the Invoice of other users If GUID is known.
Insecure Direct Object Reference IDOR vulnerability is discovered via a certain endpoint and the application exposes a reference to an internal implementation object. It reveals the real identifier and format/pattern used of the element in the storage backend side...
Node.js: Node.js: TLS session reuse can lead to hostname verification bypass
The Node.js TLS library supports client side reuse of TLS sessions when multiple connections to the same server are opened. Code that wants to use this feature can listen for the 'session' event https://nodejs.org/api/tls.htmltlseventsession on a tls.TLSSocket to get notified of newly created TLS...