Varnostne grožnje

A vulnerability classified as critical was found in Oracle One-to-One Fulfillment 12.1.1/12.1.2/12.1.3 . This vulnerability affects an unknown code of the component Print Server . Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. Izvor: Oracle One-to-One Fulfillment 12.1.1/12.1.2/12.1.3 Print Server unknown vulnerability

UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. Izvor: CVE-2020-5797

In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn’t correctly handling the case where a Type 3 char referred to another char in the same Type 3 font. Izvor: CVE-2020-25725

The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). Izvor: CVE-2020-25189

HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Izvor: CVE-2020-14230