SUSE SLED15 / SLES15 Security Update : rubygem-bundler (SUSE-SU-2020:1582-1)

This update for rubygem-bundler fixes the following issue : CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...

CVE-2020-7494

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...

CVE-2020-7493

A CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...

Path traversal

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...

CVE-2020-7494

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...

Security update for rubygem-bundler (moderate)

openSUSE Security Update: Security update for rubygem-bundler Announcement ID: openSUSE-SU-2020:0803-1 Rating: moderate References: 1143436 Cross-References: CVE-2019-3881 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

OPENSUSE-SU-2020:0803-1 Security update for rubygem-bundler

This update for rubygem-bundler fixes the following issue: - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436. This update was imported from the SUSE:SLE-15:Update update project...

DLL Hijacking Vulnerability in WPS Office for Windows

WPS Office for Windows is the software of Zhuhai Kingsoft Office Software Co., Ltd, which can realize the text, table, presentation and many other functions commonly used in office software. WPS Office for Windows suffers from a DLL hijacking vulnerability, which can be exploited by attackers to...

CVE-2020-1832

E6878-370 products with versions of 10.0.3.1H557SP27C233 and 10.0.3.1H563SP1C00 have a stack buffer overflow vulnerability. The program copies an input buffer to an output buffer without verification. An attacker in the adjacent network could send a crafted message, successful exploit could lead ...

Stack overflow

E6878-370 products with versions of 10.0.3.1H557SP27C233 and 10.0.3.1H563SP1C00 have a stack buffer overflow vulnerability. The program copies an input buffer to an output buffer without verification. An attacker in the adjacent network could send a crafted message, successful exploit could lead ...

CVE-2020-1832

E6878-370 products with versions of 10.0.3.1H557SP27C233 and 10.0.3.1H563SP1C00 have a stack buffer overflow vulnerability. The program copies an input buffer to an output buffer without verification. An attacker in the adjacent network could send a crafted message, successful exploit could lead ...

CVE-2020-1832

The CVE-2020-1832 issue affects Huawei E6878-370 routers (versions 10.0.3.1 with builds H557SP27C233 and H563SP1C00). The vulnerability is a stack buffer overflow caused by copying an input buffer to an output buffer without proper length verification, allowing an adjacent-network attacker to sen...

CVE-2020-1799

E6878-370 with versions of 10.0.3.1H557SP27C233, 10.0.3.1H563SP1C00, 10.0.3.1H563SP1C233 has a use after free vulnerability. The software references memory after it has been freed in certain scenario, the attacker does a series of crafted operations through web portal, successful exploit could...

Security Advisory - Use After Free Vulnerability in Several Products

There is a use after free vulnerability in several products. The software references memory after it has been freed in certain scenario, the attacker does a series of crafted operations through web portal, successful exploit could cause a use after free condition which may lead to malicious code...

KLA11784 Security vulnerability in Apache Tomcat

Security vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to execute arbitrary code, bypass security restrictions. Original advisories Apache Tomcat 7.x vulnerabilities Exploitation Public exploits exist for this vulnerability. Malware exists for this...

DLL Hijacking Vulnerability in 360 Extreme Browser

360 Extreme Browser is a dual-core browser owned by Beijing Qihoo Technology Co. 360 Extreme Browser suffers from a DLL hijacking vulnerability that can be exploited by attackers to execute malicious code...

CVE-2020-7487

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers...

Big Research Insider Edition has a dll hijacking vulnerability

Big Research Insider Edition is a stock speculation software. Big Research Insider Edition suffers from a dll hijacking vulnerability, which can be exploited by attackers to load a malicious dll and execute arbitrary code...

SAP Business Objects Business Intelligence Platform Cross-Site Scripting Vulnerability (CNVD-2020-23031)

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A security vulnerability exists in SAP Business Objects Business...

DLL Hijacking Vulnerability in CCtalk Windows Edition

CCtalk is a real-time interactive education platform under Hujiang. A DLL hijacking vulnerability exists in CCtalk for Windows, which can be exploited by attackers to execute malicious code...