ansible: secrets readable after ansible-vault edit

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...

Denial Of Service (DoS)

pidgin is vulnerable to denial of service. A denial of service flaw was found in Finch's XMPP chat implementation, when using multi-user chat. If a Finch user in a multi-user chat session were to change their nickname to contain the HTML "br" element, it would cause Finch to crash...

SQL Injection Vulnerability in B2B2C Multi-User Mall System (CNVD-2020-26551)

Shanghai Shangchuang Network Technology Co., Ltd. is an independent e-commerce service and technology provider with development strength. There is a SQL injection vulnerability in the B2B2C Multi-User Mall system, which can be exploited by attackers to obtain sensitive information from the databa...

UBUNTU-CVE-2020-1740

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...

UPDATE: Empire 3.1.0

Empire 3.1.0 was released a few hours ago! If you remember, I briefly mentioned about this tool in my five month old post titled – List of Open Source C2 Post-Exploitation Frameworks. It’s a very good thing that, BC-Security has taken over the development of the tool and has made some awesome...

[SECURITY] Fedora 31 Update: community-mysql-8.0.19-1.fc31

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

[SECURITY] Fedora 30 Update: community-mysql-8.0.19-1.fc30

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

XSS Vulnerability in Ridewind's Multi-User PHP Statistics System

Ride the wind multi-user PHP statistics system can be statistics PV and IP traffic , can be used for online store statistics , can change the skin , you can choose the number , icon , text , message , statistics can be any search engine keywords . Ride the wind multi-user PHP statistics system...

SQL injection vulnerability in the front-end ge***_aj***_co***.php file of Dascommerce B2B2C Multi-User Mall system

Shanghai Shangchuang Network Technology Co., Ltd. is an independent e-commerce service and technology provider with development strength. A SQL injection vulnerability exists in the front-end geajco.php file of the B2B2C multi-user mall system of Da Shangchuang. An attacker can exploit the...

SQL Injection Vulnerability in Ride the Wind Multi-User PHP Statistics System vi***.php Page

Ride Multi-User PHP Statistics System supports multi-user applications, as well as website and online store statistics. A SQL injection vulnerability exists in the vi.php page of Ridewind Multi-User PHP Statistics System, which can be exploited by attackers to obtain sensitive information...

SQL Injection Vulnerability in B2B2C Multi-User Mall System of Shanghai Shangchuang Network Technology Co.

Shanghai Shangchuang Network Technology Co., Ltd. is an independent e-commerce service and technology provider with development strength. There is a SQL injection vulnerability in the B2B2C Multi-User Mall system of Shanghai Shangchuang Networks Technology Co...

[SECURITY] Fedora 31 Update: community-mysql-8.0.18-4.fc31

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

[SECURITY] Fedora 30 Update: community-mysql-8.0.18-4.fc30

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

SQL Injection Vulnerability in Ridewind Multi-User PHP Statistics System

Ride the Wind Multi-User PHP Statistics System is a website traffic statistics system for web store statistics. Ridewind Multi-User PHP Statistics System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

[SECURITY] Fedora 31 Update: community-mysql-8.0.18-1.fc31

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

[SECURITY] Fedora 30 Update: community-mysql-8.0.18-1.fc30

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

[SECURITY] Fedora 29 Update: community-mysql-8.0.18-1.fc29

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

ALSA-2019:3708 Moderate: mariadb:10.3 security and bug fix update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb 10.3.17, galera 25.3.26. BZ1701687, BZ1711265, BZ1741358 Security Fixes: mysql: InnoDB unspecified vulnerability CPU Jan...

Security Bulletin: IBM Cloud Private for Data is affected by a user impersonation vulnerability in PySpark.

Summary When using Open Source Apache PySpark, it’s possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1. Vulnerability Details CVE-ID:...

[SECURITY] Fedora 29 Update: community-mysql-8.0.17-2.fc29

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...