OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0024)

The remote OracleVM system is missing necessary patches to address critical security updates : - hugetlbfs: don't retry when pool page allocations start to fail Mike Kravetz Orabug: 29324267 - x86/speculation: RSB stuffing with retpoline on Skylake+ cpus William Roche Orabug: 29660924 -...

HPE Intelligent Management Center (IMC) TopoDebugServlet Expression Language Injection Remote Code Execution Vulnerability (CNVD-2019-23783)

HPE Intelligent Management Center IMC is a comprehensive management platform built from the ground up to support the Failure, Configuration, Accounting, Performance and Security FCAPS model. A TopoDebugServlet expression language injection remote code execution vulnerability exists in HPE...

Information disclosure

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...

UBUNTU-CVE-2019-12209

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...

CVE-2019-12210

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...

DEBIAN-CVE-2019-12210

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...

UBUNTU-CVE-2019-12210

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...

DEBIAN-CVE-2019-12209

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...

CVE-2019-12210

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...

CVE-2019-12210

In pam_u2f 1.0.7, when debug_file is configured, the debug file descriptor is not closed across spawned processes, allowing the child process to read/write that descriptor. This can leak sensitive data and, if written to, may be used to fill disk space or plant misinformation. OpenSUSE/SUSE advis...

Metabigor - Command Line Search Engines Without Any API Key

Command line Search Engine without any API key. What is Metabigor? Metabigor allows you do query from command line to awesome Search Engines like Shodan, Censys, Fofa, etc without any API key. But Why Metabigor? Don't use your API key so you don't have to worry about litmit of API quotation. Do...

Joomla! < 3.9.6 XSS Vulnerability

This VT has been deprecated due to the CVE already being covered by another script SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Unikrn: multiple vulnerabilities on your mautic server

Hi @unikrn! I found some vulnerabilities in you crm server: 1. By pass Cloudflare access: You Use Cloudflare Access on https://crm.unikrn.com . BUt this link bypassed Cloudflare Access: ████████/login This vulnerability generates the disclosure of important data: PHP info page: ██████████phpinfo ...

Joomla! 1.7.x < 3.9.6 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A protection bypass exists in versions 3.9.3 to 3.9.5 within the Phar Stream Wrapper Interceptor due to path traversal - A cross-site scripting XSS vulnerability exists in...

Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation

Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation While fuzzing Spidermonkey, I encountered the following commented and modified JavaScript program which crashes debug builds of the latest release version of Spidermonkey from commit...

Fortinet FortiClient 6.2.x < 6.2.1 Missing Encryption Of Sensitive Data Vulnerability (macOS)

The version of Fortinet FortiClient Mac running on the remote host is prior to 6.2.1. It is, therefore, affected by a missing encryption of sensitive data vulnerability. An attacker can access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only ...

JavaScript V8 Turbofan Out-Of-Bounds Read Exploit

V8: Turbofan may read a Map pointer out-of-bounds when optimizing Reflect.construct The following JavaScript program found through fuzzing triggers an assertion failure in debug builds of the latest v8 and the current release branch, 7.2.502.28: function farg const o =...

Fortinet FortiClient 6.2.x < 6.2.1 Missing Encryption Of Sensitive Data Vulnerability

The version of Fortinet FortiClient running on the remote host is prior to 6.2.1. It is, therefore, affected by a missing encryption of sensitive data vulnerability. An attacker can access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only if...

CVE-2018-7854

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus...

Joomla! 1.7.0 <= 3.9.5 XSS Vulnerability

Joomla! is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...