PT-2021-12494 · Allen Bradley · Allen-Bradley Flex Io 1794-Aent/B

Name of the Vulnerable Software and Affected Versions: Allen-Bradley Flex IO 1794-AENT/B version 4.003 Description: An exploitable denial of service issue exists in the ENIP Request Path Network Segment functionality. A specially crafted network request can cause a loss of communications with the...

Vulnerabilities fixed in libexif

Several vulnerabilities have been fixed in libexif. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with the application's permissions. To do this, the malicious party must use the vulnerable application to have rogue image da...

SUSE-SU-2020:3282-1 Security update for u-boot

This update for u-boot fixes the following issues: CVE-2019-14192 bsc1143777, CVE-2019-14193 bsc1143817, CVE-2019-14199 bsc1143824, CVE-2019-14197 bsc1143821, CVE-2019-14200 bsc1143825, CVE-2019-14201 bsc1143827, CVE-2019-14202 bsc1143828, CVE-2019-14203 bsc1143830, CVE-2019-14204 bsc1143831,...

Cybozu Garoon vulnerable to improper input validation

Overview Cybozu Garoon provided by Cybozu, Inc. contains an improper input validation vulnerability CWE-20. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...

CVE-2020-15269

In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory...

PYSEC-2020-320

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the datasplits argument of tf.rawops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after ...

SUSE-SU-2020:2743-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2020-13361: Fixed an OOB access possibility in ES1370 audio device emulation bsc1172384. - CVE-2020-14364: Fixed an OOB access while processing USB packets bsc1175441. - CVE-2020-16092: Fixed a denial of service in packet processing of variou...

PT-2020-4181 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers affected versions not specified Cisco IOS XE Software for Cisco Catalyst 9000 Series affected versions not specified Description: The issue is related to insufficient...

PT-2020-8627 · Ingenico · Ingenico Telium 2

Name of the Vulnerable Software and Affected Versions: Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N Description: The issue is a buffer overflow via SOCKET TASK in the NTPT3 protocol. This buffer overflow can be exploited, but details about real-world incidents o...

OPENSUSE-SU-2020:1215-1 Security update for chromium

This update for chromium fixes the following issues: - Chromium updated to 84.0.4147.125 boo1175085 CVE-2020-6542: Use after free in ANGLE CVE-2020-6543: Use after free in task scheduling CVE-2020-6544: Use after free in media CVE-2020-6545: Use after free in audio CVE-2020-6546: Inappropriate...

Potentially sensitive data exposure

Description Impact Inside Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::onPublish, messages are arbitrarily broadcasted to the related Topic if Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::dispatch does not succeed. The dispatch method can be considered to...

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

There is an improper authentication vulnerability in several smartphones. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted...

OPENSUSE-SU-2020:0902-1 Security update for chromium

This update for chromium fixes the following issues: Update to 83.0.4103.116 boo1173251: CVE-2020-6509: Use after free in extensions - Add patch to work with new ffmpeg bsc1173292 - Add multimedia fix for disabled location and also try one additional patch from Debian on the same issue boo1173107...

SUSE-SU-2020:1621-1 Security update for libEMF

This update for libEMF fixes the following issues: - CVE-2020-11863: Fixed an issue which could have led to denial of service bsc1171496. - CVE-2020-11864: Fixed an issue which could have led to denial of service bsc1171499. - CVE-2020-11865: Fixed an out of bounds memory access bsc1171497. -...

CVE-2020-3308 Cisco Firepower Threat Defense Software Signature Verification Bypass Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper...

SUSE-SU-2020:0779-1 Security update for keepalived

This update for keepalived fixes the following issues: Initial release of keepalived v2.0.19 as supported package. bsc1158280, jscECO-223...

GHSA-Q65M-PV3F-WR5R XSS in Bleach when noscript and raw tag whitelisted

Impact A mutation XSS affects users calling bleach.clean with noscript and a raw tag see below in the allowed/whitelisted tags option. Patches v3.1.1 Workarounds modify bleach.clean calls to not whitelist noscript and one or more of the following raw tags: title textarea script style noembed...

MGASA-2020-0078 Updated chromium-browser-stable packages fix security vulnerability

Multiple flaws were found in the way Chromium 78.0.3904.108 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2019-13725, CVE-2019-13726, CVE-2019-13727,...

SUSE-SU-2019:14229-1 Security update for cups

This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1gettype functionbsc1146358. - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1getpacked function bsc1146359. - Fixed a double free which was triggered by Java application...

Medtronic Valleylab FT10 and LS10

1. EXECUTIVE SUMMARY CVSS v3 4.8 ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: Valleylab FT10, Valleylab LS10 Vulnerabilities: Improper Authentication, Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to...