CVE-2020-14562

Vulnerability in the Java SE product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...

Resource Management Error Vulnerability in Multiple Siemens Products (CNVD-2021-54362)

Siemens SIMATIC IT LMS is a total equipment effectiveness OEE line monitoring system. simatic IT Production Suite is a plant production management suite. A resource management error vulnerability exists in several Siemens products, which could be exploited by an attacker to send multiple...

Design/Logic Flaw

A vulnerability has been identified in Opcenter Execution Discrete All versions V3.2, Opcenter Execution Foundation All versions V3.2, Opcenter Execution Process All versions V3.2, Opcenter Intelligence All versions V3.3, Opcenter Quality All versions V11.3, Opcenter RD&L V8.0, SIMATIC IT LMS All...

UBUNTU-CVE-2020-14578

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

CVE-2020-14562

Vulnerability in the Java SE product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...

CVE-2020-14579

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

UBUNTU-CVE-2020-14579

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2020:1733-1)

This update for curl fixes the following issues : CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option bsc1173027. CVE-2020-8169: Fixed an issue where could have led to partial password leak over DNS on HTTP...

The vulnerability of microprogramming software for managing video cards (motherboards) in hypervisors such as VMware ESXi, VMware Workstation, and VMware Fusion allows attackers to cause partial service interruptions.

The vulnerability of microprogramming software for managing video cards controllers in VMware ESXi, VMware Workstation, and VMware Fusion lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a partial service...

Security update for curl (important)

openSUSE Security Update: Security update for curl Announcement ID: openSUSE-SU-2020:0883-1 Rating: important References: 1173026 1173027 Cross-References: CVE-2020-8169 CVE-2020-8177 Affected Products: openSUSE Leap 15.2 An update that fixes two vulnerabilities is now available. Description: Thi...

CVE-2020-8169

A flaw was found in libcurl. A part of a password may be prepended to the host name before the host name is resolved, leading to a leak of the partial password over the network and to DNS servers. This highest threat from this vulnerability is to data confidentiality...

CVE-2020-3970

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative loc...

CURL-CVE-2020-8169 Partial password leak over DNS on HTTP redirect

libcurl can be tricked to prepend a part of the password to the hostname before it resolves it, potentially leaking the partial password over the network and to the DNS servers. libcurl can be given a username and password for HTTP authentication when requesting an HTTP resource - used for HTTP...

Partial password leak over DNS on HTTP redirect

libcurl can be tricked to prepend a part of the password to the hostname before it resolves it, potentially leaking the partial password over the network and to the DNS servers. libcurl can be given a username and password for HTTP authentication when requesting an HTTP resource - used for HTTP...

CVE-2020-8169

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS servers...

UBUNTU-CVE-2020-8169

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS servers...

CVE-2019-20884

An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post...

CVE-2019-20884

An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post...

thrift: Endless loop when feed with specific input data

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...

Server-Side Request Forgery

Web applications often rely on network requests to query external resources and retrieve data in order to process it. A Server-Side Request Forgery SSRF vulnerability exists when an attacker is able to control these outbound requests and send it to a resource he owns, to the localhost itself, or ...