Malicious Package

Overview aastra-xml-api is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using aastra-xml-a...

Malicious Package

Overview apressdocumentation is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

Malicious Package

Overview authenticated-client is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

Malicious Package

Overview active-application is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

The vulnerability of the RRE decoder VNC client component of the remote desktop management software UltraVNC allows a hacker to execute arbitrary code.

The vulnerability of the RRE decoder VNC client component of the remote desktop management software UltraVNC is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

ZSQL: Server Logging Levels

The LOGLEVEL parameter specifies the levels of run logs and debug logs to be written into the server. The default value is 7, indicating that run logs in all levels are written into the server. If LOGLEVEL is set to 0, not only RUN and DEBUG logging, but also ALARM logging will be disabled. This...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Apr 2020)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

DEBIAN-CVE-2020-11760

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp...

UBUNTU-CVE-2020-11760

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp...

PT-2020-6217 · Industrial Light & Magic +5 · Openexr +5

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 2.4.1 Description: The issue is related to an out-of-bounds read during RLE uncompression in the rleUncompress function in ImfRle.cpp. This can potentially allow a remote attacker to cause a denial of service...

You cannot run a Windows 8-based or Windows Server 2012-based virtual machine in Windows Server 2008 R2

You cannot run a Windows 8-based or Windows Server 2012-based virtual machine in Windows Server 2008 R2 Symptoms Assume that you have the Hyper-V server role installed on a computer that is running Windows Server 2008 R2. Additionally, you create a virtual machine that is running Windows 8 or...

February 6, 2018, update for Office 2013 (KB4011700)

February 6, 2018, update for Office 2013 KB4011700 This article describes update 4011700 for Microsoft Office 2013 that was released on February 6, 2018. This update also applies to Office Home and Student 2013 RT. This update has a prerequisite. Be aware that the update in the Microsoft Download...

March 8, 2016, update for Office 2016 (KB3114849)

March 8, 2016, update for Office 2016 KB3114849 This article describes update KB3114849 for Microsoft Office 2016, which was released on March 8, 2016. This update has a prerequisite. Be aware that the update on the Microsoft Download Center applies to the Microsoft Installer .msi-based edition o...

SUSE SLES15 Security Update : runc (SUSE-SU-2020:0944-1)

This update for runc fixes the following issues : runc was updated to v1.0.0rc10 CVE-2019-19921: Fixed a mount race condition with shared mounts bsc1160452. Fixed an issue where podman run hangs when spawned by salt-minion process bsc1149954. Note that Tenable Network Security has extracted the...

Command Execution Vulnerability in Flush Cloud

Flush Cloud is a stock analysis and trading software launched by Zhejiang Nuclear New Flush Network Information Co. Flush Cloud Computing suffers from a command execution vulnerability that can be exploited by attackers to execute malicious code...

USN-4317-1 firefox vulnerabilities

Two use-after-free bugs were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit these to cause a denial of service or execute arbitrary code...

run-down.com Cross Site Scripting vulnerability

Security Researcher g0bl1nsec Helped patch 3630 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting run-down.com website and its users. Following coordinated...

CVE-2020-1864

Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit...

Acontent code issue vulnerability

AContent is an online learning content creation tool and repository. A security vulnerability exists in Acontent 1.4 and earlier versions. An attacker can exploit the vulnerability by using a low-privileged account to run commands on the server...

CVE-2020-0088

In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Andro...