9184 matches found
RHEL 6 : chromium-browser (RHSA-2020:0514)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0514 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 80.0.3987.87. Security Fixes:...
Debian DSA-4621-1 : openjdk-8 - security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...
[SECURITY] [DSA 4621-1] openjdk-8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4621-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2020 https://www.debian.org/security/faq -...
CVE-2019-19921
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. This vulnerability does not...
CVE-2019-19921
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. This vulnerability does not...
CVE-2009-5139
The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue...
Design/Logic Flaw
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue...
Design/Logic Flaw
The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue...
CVE-2009-5139
The CVE-2009-5139 entry concerns the Gizmo5 SIP soft phone, where the SIP implementation exposes hashed credentials in a response to an invalid authentication challenge. This design allows remote attackers to attempt brute-force access against the target, as described in the vulnerability summary...
CVE-2009-5139
The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue...
CVE-2009-5140
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue...
OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...
OPENSUSE-SU-2020:0210-1 Security update for chromium
This update for chromium fixes the following issues: Chromium was updated to version 80.0.3987.87 boo1162833. Security issues fixed: - CVE-2020-6381: Integer overflow in JavaScript boo1162833. - CVE-2020-6382: Type Confusion in JavaScript boo1162833. - CVE-2019-18197: Multiple vulnerabilities in...
Google Chrome Heap Corruption Vulnerability (CNVD-2020-05122)
Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A heap corruption vulnerability exists in Google Chrome versions prior to 80.0.3987.87. The vulnerability stems from an improper implementation of Blink in Google...
CVE-2019-19921
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. This vulnerability does not...
Security Bulletin: Error in IBM Sterling B2B Integrator console processing could result in stack traces being displayed in the response (CVE-2013-0481)
Summary Errors or exceptions encountered in IBM Sterling B2B Integrator’s console processing could result in stack traces being displayed in the response, which could expose internal implementation information. Vulnerability Details CVE ID: CVE-2013-0481 DESCRIPTION: Errors or exceptions...
Race condition
The uvrwlockt fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service deadlock or possibly have unspecified other impact by leveraging a race...
CVE-2020-6409
Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name...
CVE-2020-6397
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page...
CVE-2020-6404
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...