SUSE-SU-2020:2534-1 Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19751 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgaconscroll bsc1174247. - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted bsc1165631...

SUSE-SU-2020:2517-1 Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19745 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgaconscroll bsc1174247. - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs bsc1174186. -...

SUSE-SU-2020:2525-1 Security update for the Linux Kernel (Live Patch 19 for SLE 15)

This update for the Linux Kernel 4.12.14-15055 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgaconscroll bsc1174247. - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver bsc1173942. - CVE-2020-1749:...

SUSE-SU-2020:2524-1 Security update for the Linux Kernel (Live Patch 18 for SLE 15)

This update for the Linux Kernel 4.12.14-15052 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgaconscroll bsc1174247. - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs bsc1174186. -...

SUSE-SU-2020:2502-1 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3)

This update for the Linux Kernel 4.4.180-94127 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgaconscroll bsc1174247. - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c bsc1173659. - CVE-2020-11668: Fixed a memory...

EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1938)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate...

About the security content of watchOS 5.1 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

NewStart CGSL MAIN 6.01 : unbound Multiple Vulnerabilities (NS-SA-2020-0037)

The remote NewStart CGSL host, running version MAIN 6.01, has unbound packages installed that are affected by multiple vulnerabilities: - Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This...

CVE-2020-12028

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found...

CVE-2020-12027

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...

Design/Logic Flaw

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...

Design/Logic Flaw

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found...

CVE-2020-12028 Rockwell Automation FactoryTalk View SE

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found...

CVE-2020-12028

CVE-2020-12028 affects Rockwell Automation FactoryTalk View SE SCADA (FactoryTalk View SEA remote). The issue arises from handlers that do not enforce permissions, enabling an attacker to interact with remote endpoint data. Exploitation is described as an unauthenticated/remote chain of vulnerabi...

CVE-2020-12027 Rockwell Automation FactoryTalk View SE

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...

CVE-2020-12027

CVE-2020-12027 affects Rockwell Automation FactoryTalk View SE; all versions disclose hostnames and file paths, enabling recon by a remote, authenticated attacker. Public docs indicate remediation guidance: enable built‑in security features and follow KB guidance 109056/1126943 to deploy IPSec an...

openSUSE Security Update : unbound (openSUSE-2020-913)

This update for unbound fixes the following issues : - CVE-2020-12662: Fixed an issue where unbound could have been tricked into amplifying an incoming query into a large number of queries directed to a target bsc1171889. - CVE-2020-12663: Fixed an issue where malformed answers from upstream name...

openSUSE Security Update : unbound (openSUSE-2020-912)

This update for unbound fixes the following issues : - CVE-2020-12662: Fixed an issue where unbound could have been tricked into amplifying an incoming query into a large number of queries directed to a target bsc1171889. - CVE-2020-12663: Fixed an issue where malformed answers from upstream name...

SUSE SLES15 Security Update : unbound (SUSE-SU-2020:1819-1)

This update for unbound fixes the following issues : CVE-2020-12662: Fixed an issue where unbound could have been tricked into amplifying an incoming query into a large number of queries directed to a target bsc1171889. CVE-2020-12663: Fixed an issue where malformed answers from upstream name...

Cisco IOS XE Software IPsec VPN DoS (cisco-sa-iosxe-vpn-dos-edOmW28Z)

According to its self-reported version, Cisco IOS XE Software is affected by a denial of service DoS vulnerability in the hardware crypto driver due to insufficient verification of authenticity of received Encapsulating Security Payload ESP packets. An attacker could exploit this vulnerability by...