PT-2020-16212

Name of the Vulnerable Software and Affected Versions sized-chunks crate versions through 0.6.2 Description An issue was discovered in the sized-chunks crate, where the array size is not checked when constructed with unit and pair in the Chunk implementation. Additionally, the array size is not...

PT-2020-13334 · Oasis · Oasis Digital Signature Services

Name of the Vulnerable Software and Affected Versions: OASIS Digital Signature Services DSS version 1.0 Description: The issue allows an attacker to control the validation outcome of a signature via a crafted XML signature when the InlineXML option is used, defeating the expectation of...

Microsoft Chakra Inline Cache Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementatio...

CVE-2020-1655

When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine PFE will become disabled upon receipt of large packets requiring fragmentation,...

CVE-2020-1655

When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine PFE will become disabled upon receipt of large packets requiring fragmentation,...

Design/Logic Flaw

When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine PFE will become disabled upon receipt of small fragments requiring reassembly,...

Design/Logic Flaw

When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine PFE will become disabled upon receipt of large packets requiring fragmentation,...

CVE-2020-1655 Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation

When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine PFE will become disabled upon receipt of large packets requiring fragmentation,...

CVE-2020-1649 Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of small fragments requiring reassembly

When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine PFE will become disabled upon receipt of small fragments requiring reassembly,...

CVE-2020-1649

CVE-2020-1649 affects Juniper Junos OS on MX Series with MPC7/8/9 line cards when inline IP reassembly is enabled. Continuous receipt of small fragments that cannot be reassembled can disable the packet forwarding engine (PFE), causing a sustained DoS. Affected Junos OS versions are listed across...

Fedora 31 : roundcubemail (2020-5352732865)

RELEASE 1.4.7 - Fix bug where subfolders of special folders could have been duplicated on folder list - Increase maximum size of contact jobtitle and department fields to 128 characters - Fix missing newline after the logged line when writing to stdout 7418 - Elastic: Fix context menu paste on th...

The vulnerability in the `fs/f2fs/inline.c` component of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the fs/f2fs/inline.c component in the Linux operating system is related to reading beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...

Testing ModSecurity for false positives by books texts

The main things that prevent enabling security solutions like WAF/RASP/IDS/IPS in a blocking mode are false positives. Probably the second one is their inline performance and additional latency, but still. As a cloud-native WAF vendor, we at Wallarm are actively checking our products for false...

openSUSE Security Update : opera (openSUSE-2020-402)

This update for opera fixes the following issues : Update to version 67.0.3575.97 - DNA-84063 Open URL in new tab with Go to web address in search/copy popup and right mouse click context menu - DNA-84780 Search in Search and Copy popup opens tab in wrong position from popup window - DNA-84786...

Akamai Enhances Enterprise Threat Protector to Add Secure Web Gateway Capabilities

Today, Akamai announced that it has added secure web gateway SWG capabilities to its Enterprise Threat Protector ETP service to help enterprises further accelerate their transformation to a Zero Trust security architecture. So what are the SWG enhancements and what benefits will these deliver for...

PT-2020-2103 · Mozilla +1 · Bleach +1

Name of the Vulnerable Software and Affected Versions: Mozilla Bleach versions prior to 3.12 Description: A mutation XSS issue affects users calling bleach.clean with specific settings, including whitelisting svg or math tags, allowing RCDATA tags, and setting the strip keyword argument to False...

CVE-2019-14883

A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token...

CVE-2019-14883

A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token...

The vulnerability of the vrend_renderer_transfer_write_iov function in the virglrenderer library, which allows a hacker to trigger a service failure.

The vulnerability of the vrendrenderertransferwriteiov function in the virglrenderer library is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure using the VIRGLCCMDRESOURCEINLINEWRITE command...

CVE-2019-20438

An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting XSS vulnerability has been identified in the inline API documentation editor page of the API Publisher...