Oracle Linux 8 : git-lfs (ELSA-2026-16875)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-16875 advisory. 3.4.1-10 - Rebuild with new Golang - Resolves: RHEL-167541, RHEL-167379, RHEL-166518 3.4.1-9 - Rebuild with new Golang - Resolves: RHEL-156637 Tenable...

AlmaLinux 8 : git-lfs (ALSA-2026:16875)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:16875 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root...

Linux Distros Unpatched Vulnerability : CVE-2017-16875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Teluu pjproject pjlib and pjlib-util in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an...

Linux Distros Unpatched Vulnerability : CVE-2018-16875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow...

openSUSE Security Advisory (SUSE-SU-2024:3656-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : etcd (SUSE-SU-2024:3656-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3656-1 advisory. Update to version 3.5.12: Security fixes: - CVE-2018-16873: Fixed remote command execution in cmd/go bsc1118897 - CVE-2018-16874: Fixed directory...

Google Chrome Security Bypass Vulnerability (CNVD-2024-16875)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from a mal-execution issue in iOS. An attacker can exploit this vulnerability to bypass security restrictions...

OpenDataSH_twitter_notifier (>=0.1.0 <=0.1.2), a2 (>=0.2.0 <=0.6.2) +2993 more potentially affected by CVE-2018-16875 via webpki (>=0.18.1 <=0.21.4)

webpki CARGO version =0.18.1, =0.1.0, =0.2.0, =0.1.0, =0.2.0-beta.4, =0.1.1, =0.0.1, =0.0.7-alpha.3, =0.0.7-alpha.2, =0.0.7-alpha.1, =0.0.7-alpha.3, =1.0.0, =0.1.0, =0.8.0, =0.1.0, =0.2.2, =2.0.0-alpha.4 and more Source cves: CVE-2018-16875 Source advisory: OSV:RUSTSEC-2023-0052...

SUSE CVE-2018-16875

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients a...

VulnCheck KEV: CVE-2020-16875

A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an...

Mageia: Security Advisory (MGASA-2019-0180)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:4297-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:1234-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:0286-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:0048-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Metasploit Wrap-Up

MicroFocus? More like MacroVuln MicroFocus’s Operations Bridge Manager is a security information and event management SIEM tool designed to collect and parse security logs from multiple disparate sources. OBM has a large attack surface—something Pedro Ribeiro was able to take advantage of with hi...

Cumulative Update 18 for Exchange Server 2016

Cumulative Update 18 for Exchange Server 2016 Cumulative Update 18 for Microsoft Exchange Server 2016 was released on September 15, 2020. This cumulative update includes fixes for nonsecurity issues and all previously released fixes for security and nonsecurity issues. These fixes will also be...

Microsoft Exchange Memory Corruption (CVE-2020-16875)

A memory corruption vulnerability exists in Microsoft Exchange. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2020-16875

creationtimestamp| type| source ---|---|--- 2020-09-16 20:41:14+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/exchangeecpdlppolicy.rb 2020-12-23 13:09:12+00:00| exploited| https://t.me/CyberGovIL/1021 2020-12-23 14:15:56+00:00| exploited|...

CVE-2020-16875

CVE-2020-16875 (Microsoft Exchange Server) is a remote code execution vulnerability caused by improper validation of cmdlet arguments in Exchange. The issue allows an attacker who has an authenticated Exchange role to run arbitrary code with SYSTEM privileges by exploiting how cmdlet arguments ar...