3s-smart Software Solutions CODESYS Development System 代码问题漏洞

3s-smart Software Solutions CODESYS Development System is a set of programming tools for the field of industrial controllers and automation technology from 3S-Smart Software Solutions 3s-smart Software Solutions, Germany. A code issue vulnerability exists in the PackageManagement.plugin...

Security update for icinga2 (moderate)

openSUSE Security Update: Security update for icinga2 Announcement ID: openSUSE-SU-2021:1089-1 Rating: moderate References: Cross-References: CVE-2020-29663 CVE-2021-32739 CVE-2021-32743 CVSS scores: CVE-2020-29663 NVD : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-29663 SUSE: 5.3...

Unspecified Vulnerability in IBM QRadar SIEM (CNVD-2021-52959)

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A security...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2021:2393-1 Rating: important References: 1188275 Cross-References: CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 CVSS scores: CVE-2021-30547 NVD : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected...

CVE-2020-4980

IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. IBM X-Force ID: 192539...

Security Bulletin: IBM QRadar SIEM uses less secure methods for securing data at rest and in transit between hosts (CVE-2020-4980)

Summary IBM QRadar SIEM uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. Vulnerability Details CVEID: CVE-2020-4980 DESCRIPTION: IBM QRadar SIEM uses less secure methods for protecting data in transit betwe...

Security update for nodejs14 (important)

openSUSE Security Update: Security update for nodejs14 Announcement ID: openSUSE-SU-2021:2354-1 Rating: important References: 1184450 1187973 1187976 1187977 Cross-References: CVE-2020-7774 CVE-2021-22918 CVE-2021-23362 CVE-2021-27290 CVSS scores: CVE-2020-7774 NVD : 7.3...

Security update for nodejs12 (important)

openSUSE Security Update: Security update for nodejs12 Announcement ID: openSUSE-SU-2021:2327-1 Rating: important References: 1183851 1183852 1184450 1187973 1187976 1187977 Cross-References: CVE-2020-7774 CVE-2021-22918 CVE-2021-23362 CVE-2021-27290 CVE-2021-3449 CVE-2021-3450 CVSS scores:...

Security update for dbus-1 (important)

openSUSE Security Update: Security update for dbus-1 Announcement ID: openSUSE-SU-2021:2292-1 Rating: important References: 1187105 Cross-References: CVE-2020-35512 CVSS scores: CVE-2020-35512 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-35512 SUSE: 7...

Security update for arpwatch (important)

openSUSE Security Update: Security update for arpwatch Announcement ID: openSUSE-SU-2021:2177-1 Rating: important References: 1186240 Cross-References: CVE-2021-25321 CVSS scores: CVE-2021-25321 SUSE: 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Leap 15.3 An update...

Security update for libass (moderate)

openSUSE Security Update: Security update for libass Announcement ID: openSUSE-SU-2021:1664-1 Rating: moderate References: 1184153 Cross-References: CVE-2020-24994 CVSS scores: CVE-2020-24994 SUSE: 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 An update th...

Security update for graphviz (critical)

openSUSE Security Update: Security update for graphviz Announcement ID: openSUSE-SU-2021:1651-1 Rating: critical References: 1185833 Cross-References: CVE-2020-18032 CVSS scores: CVE-2020-18032 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-18032 SUSE: 9.8...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2021:1014-1 Rating: important References: 1180399 1187706 1187707 Cross-References: CVE-2020-18670 CVE-2020-18671 CVE-2020-35730 CVSS scores: CVE-2020-18670 NVD : 5.4...

Security Bulletin: Eclipse OpenJ9 jio_snprintf() and jio_vsnprintf() buffer overflow and

Summary In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. These functions were not directly callable by non-native user code. And This...

KB5005112: Servicing stack update for Windows 10, version 1809: August 10, 2021

KB5005112: Servicing stack update for Windows 10, version 1809: August 10, 2021 Important: Windows 10, version 1809 reached end of service on May 11, 2021 for devices running the Enterprise, Education, and IoT Enterprise editions. After May 11, 2021, these devices will no longer be offered...

Security update for clamav-database (important)

openSUSE Security Update: Security update for clamav-database Announcement ID: openSUSE-SU-2021:2242-1 Rating: important References: 1084929 Affected Products: openSUSE Leap 15.3 An update that contains security fixes can now be installed. Description: This update for clamav-database fixes the...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2021:0942-1 Rating: important References: 1180399 1187706 1187707 Cross-References: CVE-2020-18670 CVE-2020-18671 CVE-2020-35730 CVSS scores: CVE-2020-18670 NVD : 5.4...

ruby: Code injection via command argument of Shell#test / Shell#[]

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...

UBUNTU-CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

Monumental Supply-Chain Attack on Airlines Traced to State Actor

A monster cyberattack on SITA, a global IT provider for 90 percent of the world’s airline industry, is slowly unfurling to reveal the largest supply-chain attack on the airline industry in history. The enormous data breach, estimated to have already impacted 4.5 million passengers, has potentiall...