Sympa before 6.2.56 allows privilege escalation. Date published : 2020-05-27 https://www.debian.org/security/2020/dsa-4818 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3J4NZLGAF4ZYK52XEBQDTBNHLGBEPXXN/
A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files. Date published : 2020-05-26 https://www.us-cert.gov/ics/advisories/ICSA-20-147-02...
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to...
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to...
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to...
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox <...
For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can’t call the bridging functions. That token was being used for JS-to-native also, but it isn’t needed in...
qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root...
qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. Date published : 2020-05-26 https://bugs.debian.org/961060 https://www.debian.org/security/2020/dsa-4692
JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation. Date published : 2020-05-26 https://github.com/jerryscript-project/jerryscript/issues/3785
JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data. Date published : 2020-05-26 https://github.com/jerryscript-project/jerryscript/issues/3787 https://github.com/jerryscript-project/jerryscript/pull/3797
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification. Date published : 2020-05-26 https://github.com/pichi-router/pichi/commit/4698664233bc324f26658d2b041bfe6ea022c573 https://github.com/pichi-router/pichi/releases/tag/1.3.0
lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification for X.509 certificates. Date published : 2020-05-26 https://github.com/qorelanguage/qore/compare/release-0.9.4.1…release-0.9.4.2 https://github.com/qorelanguage/qore/issues/3808
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification. Date published : 2020-05-26 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPZUQSDGV5XDBJGHBWBHWJIBE47Q4QIB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3ECAKIZA2TGBYLUQTLGRMXUFIOGRHG3/