Security Bulletin: Multiple vulnerabilities in IBM webMethods Integration

Summary An authenticated developer user can utilize webMethods Integration Server to create a user through the scheduler service and then elevate that user to an administrator using runAsUser. This action provides elevated privileges for the developer user. webMethods Integration Server could...

IBM webMethods Integration Elevation of Privilege Vulnerability

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. An elevation of privilege vulnerability exists in IBM webMethods Integration version 10.15, which can be exploited by an authenticated attacker to create scheduler tasks that elevate their privileges...

macOS Dirty Cow Arbitrary File Write Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'macOS Dirty Cow Arbitrary File Write Local Privilege Escalation', 'Description' = %q An app may be able to execute arbitrary code with kernel...

Apple macOS 缓冲区错误漏洞

Apple macOS is a suite of specialized operating systems developed by Apple Inc. for Mac computers. A buffer error vulnerability exists in Apple macOS versions 10.15 19A583 - 10.15.7 19H1823, which stems from a boundary condition in AppleScript. A local attacker can exploit the vulnerability to...

Apple macOS 权限许可和访问控制问题漏洞

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A privilege-granting and access-control issue vulnerability exists in macOS, which arises from the system not properly securing the login window component in macOS. The following products and versions are...

SUSE: Security Advisory (SUSE-SU-2020:3455-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple Mac OS X Security Updates (HT212147)-04

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : postgresql10 (SUSE-SU-2020:3455-1)

This update for postgresql10 fixes the following issues : Upgrade to version 10.15 : - CVE-2020-25695, bsc1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. - CVE-2020-25694, bsc1178667: a Fix usage of complex...

openSUSE Security Update : postgresql10 (openSUSE-2020-2028)

This update for postgresql10 fixes the following issues : - Upgrade to version 10.15 : - CVE-2020-25695, bsc1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. - CVE-2020-25694, bsc1178667: a Fix usage of complex...

Security update for postgresql10 (important)

openSUSE Security Update: Security update for postgresql10 Announcement ID: openSUSE-SU-2020:2028-1 Rating: important References: 1178666 1178667 1178668 Cross-References: CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilities...

Design/Logic Flaw

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportuni...

Vulnerabilities fixed in PostgreSQL

Several vulnerabilities have been fixed in PostgreSQL. A local malicious person with limited privileges within the vulnerable PostgreSQL database, could potentially exploit the vulnerabilities to within the database or on the local system to execute arbitrary code execute arbitrary code with root...

macOS 10.15.x < 10.15.6 / 10.14.x < 10.14.6 Security Update 2020-004 / 10.13.x < 10.13.6 Security Update 2020-004

The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2020-004, 10.14.x prior to 10.14.6 Security Update 2020-004, or 10.15.x prior to 10.15.6. It is, therefore, affected by multiple vulnerabilities, including the following: - A vulnerability wa...

CVE-2020-11474

NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant...

Apple Mac OS X Security Update (HT211170 - 02)

Apple Mac OS X is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apple Mac OS X Security Update (HT211100 - 04)

Apple Mac OS X is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...