Code injection

This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation...

Design/Logic Flaw

Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a...

CVE-2020-28870

CVE-2020-28870 affects InoERP 0.7.2, where lack of validations in /modules/sys/form_personalization/json_fp.php enables an unauthorized attacker to execute arbitrary server-side code. Multiple sources (NVD, Red Hat advisory, other vendor trackers) document remote code execution potential with hig...

New Docker Container Escape Bug Affects Microsoft Azure Functions

Cybersecurity researcher Paul Litvak today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab's investigations into the Azure...

Multiple Vulnerabilities in Zhiyuan OA

Founded in March 2002 and headquartered in Beijing, Beijing Zhiyuan Internet Software Co., Ltd Zhiyuan Internet has always been focusing on the field of enterprise-level management software, and is a high-tech enterprise integrating product design, research and development, sales and service. The...

About the security content of iOS 14.3 and iPadOS 14.3 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

Apple iOS Security Vulnerability

Apple iOS is a set of operating systems developed for mobile devices by the American company Apple Apple. A security vulnerability exists in Apple iOS 12, where unauthorized code execution may result in a violation of authentication policies. The following products and versions are affected: iPho...

About the security content of watchOS 6.3 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

About the security content of iOS 12.5 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

About the security content of iOS 12.5

About the security content of iOS 12.5 This document describes the security content of iOS 12.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recen...

SaltStack Salt API Arbitrary Code Execution Vulnerability

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. An input validation vulnerability exists in the SaltStack Salt API that can be exploited by a remote attacker to submit a special request for unauthorized access to arbitrary code...

CVE-2020-8574

Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation JMX RMI service enabled allowing unauthorized code execution to local users...

CVE-2020-8574

Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation JMX RMI service enabled allowing unauthorized code execution to local users...

CVE-2020-8574

Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation JMX RMI service enabled allowing unauthorized code execution to local users...

CVE-2020-8574

CVE-2020-8574 affects NetApp Active IQ Unified Manager for Linux prior to 9.6, where the Java Management Extensions (JMX) RMI service is enabled, enabling unauthorized code execution by local users. The connected sources confirm the issue is tied to the pre-9.6 Linux builds and describe local acc...

GRUB2 Vulnerability – AKA

Lenovo Security Advisory: LEN-34794 Potential Impact: Escalation of privilege Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2020-10713 Summary Description: Lenovo is aware of a vulnerability in GRUB2, an open source bootloader commonly used by Linux, that could allow Secure Bo...

CVE-2020-9047

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could...

Command injection

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could...

CVE-2020-9047 exacqVision Software - Improper Verification of Cryptographic Signature

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could...

CVE-2020-9047

Exacqvision Web Service <= 20.06.3.0 and ExacqVision Enterprise Manager