A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16292

A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16288

A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

'701807?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2020-16300: Invalid Bug ID

A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

'701794?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2020-16294: Invalid Bug ID

A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

'701796?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2020-16295: Invalid Bug ID

A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16301

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.

'701815?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2020-16302: Invalid Bug ID

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.

CVE-2020-11110: grafana/CHANGELOG.md at main · grafana/grafana

**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.

 

Reference

 : 

SESB-2020-105-01

SESB-2020-105-01\_Legacy\_Triconex\_Product\_Vulnerabilities\_Security\_Bulletin\_V2.1 (.pdf)

**Product Ranges:**

**Unlock additional features****Please log in or register to see additional features**

CVE-2020-7491: Security Bulletin - Legacy Triconex Product Vulnerabilities (V2.1) | Schneider Electric

A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2), Opcenter Execution Core (V8.2). An authenticated user with the ability to create containers, packages or register defects could perform stored Cross-Site Scripting (XSS) attacks within the vulnerable software. The impact of this attack could result in the session cookies of legitimate users being stolen. Should the attacker gain access to these cookies, they could then hijack the session and perform arbitrary actions in the name of the victim.

%PDF-1.5 %���� 1 0 obj << /D \[2 0 R /XYZ 70.866 771.024 null\] >> endobj 3 0 obj << /D \[2 0 R /XYZ 70.866 630.026 null\] >> endobj 4 0 obj << /D \[2 0 R /XYZ 70.866 245.88 null\] >> endobj 5 0 obj << /D \[2 0 R /XYZ 70.866 99.116 null\] >> endobj 6 0 obj << /D \[7 0 R /XYZ 85.039 586.151 null\] >> endobj 8 0 obj << /D \[7 0 R /XYZ 70.866 373.907 null\] >> endobj 9 0 obj << /S /GoTo /D \[2 0 R /Fit\] >> endobj 2 0 obj << /Contents 10 0 R /Type /Page /Resources 11 0 R /Parent 12 0 R /Annots \[13 0 R 14 0 R 15 0 R 16 0 R\] /MediaBox \[0 0 595.276 841.89\] >> endobj 13 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[303.117 445.075 446.757 457.981\] >> endobj 14 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[303.117 384.766 446.757 397.672\] >> endobj 15 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[303.117 324.457 446.757 337.364\] >> endobj 16 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[303.117 264.149 446.757 277.055\] >> endobj 17 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/cert/operational-guidelines-industrial-security) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[164.798 698.869 487.754 710.406\] >> endobj 11 0 obj << /ProcSet \[/PDF /Text\] /Font << /F54 18 0 R /F51 19 0 R >> >> endobj 10 0 obj << /Filter /FlateDecode /Length 2526 >> stream x���r�F����� ���\\YN9�-ڒ);�e�)�!@)��y� ! eO� l�߾7Hr��䧣/����4��UL%�D��(�hk3Iur1M>��eqS,�јi����z4�2-����������I�>�Xs���~��n&����޾�~������G" �'@f��drs��w�L��� ɸ5ɝ{�&�gRp��'�G���T�v\`"{Z�����բ��#�3+�nHڌ\*t~

Tag

#pdf