9178 matches found
GHSA-6X3V-RW2Q-9GX7 Improper implementation of the session fixation protection in Infinispan
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling...
USN-4245-1: PySAML2 vulnerability
It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data...
[SECURITY] [DSA 4606-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4606-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 20, 2020 https://www.debian.org/security/faq -...
Critical: Red Hat Security Advisory: .NET Core on Red Hat Enterprise Linux security and bug fix update
An update for dotnet3.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
CVE-2019-13722
Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2019-13722
CVE-2019-13722 concerns an inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79, which could allow a remote attacker to trigger heap corruption via a crafted HTML page. The vulnerability affects Chrome WebRTC code and arises from improper handling that may lead to memory ...
5G Security
The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping i...
CVE-2020-0601, aka NSACrypt
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
EulerOS Virtualization for ARM 64 3.0.5.0 : wpa_supplicant (EulerOS-SA-2020-1073)
According to the versions of the wpasupplicant package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - hostapd before 2.10 and wpasupplicant before 2.10 allow an incorrect indication of disconnection in certain...
EulerOS Virtualization for ARM 64 3.0.5.0 : libgcrypt (EulerOS-SA-2020-1085)
According to the versions of the libgcrypt package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected:...
VMSA-2020-0003:vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities
Advisory ID: VMSA-2020-0003 CVSSv3 Range: 5.3-9.0 Issue Date:2020-02-18 Updated On: 2020-02-18 Initial Advisory CVEs: CVE-2020-3943, CVE-2020-3944, CVE-2020-3945 Synopsis: vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities CVE-2020-3943, CVE-2020-3944,...
Fedora Update for libssh FEDORA-2019-8b0ad69829
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for freetds FEDORA-2019-b67929609d
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RUSTSEC-2020-0045 bespoke Cell implementation allows obtaining several mutable references to the same data
The custom implementation of a Cell primitive in the affected versions of this crate does not keep track of mutable references to the underlying data. This allows obtaining several mutable references to the same object which may result in arbitrary memory corruption, most likely use-after-free. T...
bespoke Cell implementation allows obtaining several mutable references to the same data
The custom implementation of a Cell primitive in the affected versions of this crate does not keep track of mutable references to the underlying data. This allows obtaining several mutable references to the same object which may result in arbitrary memory corruption, most likely use-after-free. T...
USN-4226-1: Linux kernel vulnerabilities
Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. CVE-2019-10220 It was discovered that a heap-based buffer overflow existed in the...
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4227-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4227-1 advisory. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attack...
[SECURITY] Fedora 30 Update: libssh-0.9.3-1.fc30
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...
Xiaomi Cameras Connected to Google Nest Expose Video Feeds From Others
Internet-connected devices have been one of the most remarkable developments that have happened to humankind in the last decade. Although this development is a good thing, it also stipulates a high security and privacy risk to personal information. In one such recent privacy mishap, smart IP...
CVE-2010-3782
obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation...