[SECURITY] Fedora 34 Update: mupdf-1.18.0-6.fc34

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

Stripe: Verifying email bypass

A vulnerability was discovered in Stripe's Connect API that allowed an attacker to create an account without verifying the email address. This allowed the attacker to impersonate a real company and generate invoices and payments on their behalf. The invoices appeared valid as they were sent by...

Continuing to Listen: Good News about the Security Update Guide API!

Based on user feedback we have simplified programmatic access to the security update data by removing the authentication and API-Key requirements when using the CVRF API. You will no longer have to log in to obtain a personal API key to access the data. Were happy to make this valuable public...

CVE-2020-29538

Archer before 6.9 P1 6.9.0.1 contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather information about the system, and may use this information in subsequent attacks...

Authentication Bypass

mautic/core is vulnerable to authentication bypass. An OAuth2 auth plugin added for API access is able to allow a disabled user to still login using email address...

FreeBSD : Gitlab -- vulnerability (0a8ebf4a-5660-11eb-b4e2-001b217b3468)

SO-AND-SO reports : Ability to steal a user's API access token through GitLab Pages C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2021 Jacques Vidrine and contributors Redistribution and use ...

Fedora 33 : sympa (2021-11cb6626e2)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-11cb6626e2 advisory. - Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as...

Fedora 32 : sympa (2021-a5570c5281)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-a5570c5281 advisory. - Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as...

FreeBSD : Gitlab -- multiple vulnerabilities (a2a2b34d-52b4-11eb-87cb-001b217b3468)

Gitlab reports : Ability to steal a user's API access token through GitLab Pages Prometheus denial of service via HTTP request with custom method Unauthorized user is able to access private repository information under specific conditions Regular expression denial of service in NuGet API Regular...

Gitlab -- multiple vulnerabilities

Gitlab reports: Ability to steal a user's API access token through GitLab Pages Prometheus denial of service via HTTP request with custom method Unauthorized user is able to access private repository information under specific conditions Regular expression denial of service in NuGet API Regular...

Tangro Business Workflow Authorization Issues Vulnerability (CNVD-2020-74071)

Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A security vulnerability exists in Tangro Business Workflow versions prior to 1.18.1, which can be exploited by an attacker to...

Authentication flaw

In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API...

Debian: Security Advisory (DLA-2499-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2020-29668

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

UBUNTU-CVE-2020-29668

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

Apache APISIX Trust Management Issues Vulnerability

Apache Apisix is a cloud-native microservice API gateway service from the Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . Apache APISIX suffers from a trust...

Exploit for Path Traversal in Gitlab

CVE-2020-10977.py authenticated arbitrary file read for Gitla...

Microsoft Azure Active Directory again a “Leader” in Gartner Magic Quadrant for Access Management

Howdy folks, I’m proud to announce that for the fourth year in a row, Microsoft Azure Active Directory Azure AD has been recognized as a “Leader” in Gartner Magic Quadrant for Access Management, Worldwide. Earlier this year, my boss, Joy Chik, CVP of Identity Engineering shared Microsoft’s guidin...

Microsoft Azure Active Directory again a “Leader” in Gartner Magic Quadrant for Access Management

Howdy folks, I’m proud to announce that for the fourth year in a row, Microsoft Azure Active Directory Azure AD has been recognized as a “Leader” in Gartner Magic Quadrant for Access Management, Worldwide. Earlier this year, my boss, Joy Chik, CVP of Identity Engineering shared Microsoft’s guidin...

CVE-2020-6939

Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions...