[SECURITY] Fedora 32 Update: PyYAML-5.4.1-1.fc32

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

XML External Entity attack in log4net

Apache log4net before 2.0.10 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users...

GHSA-2CWJ-8CHV-9PP9 XML External Entity attack in log4net

Apache log4net before 2.0.10 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users...

Linux: Get content of configuration files

Get content of relevant Linux config files like /etc/shadow, /etc/passwd and other Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Linux: Get access permissions to configuration files

Get access permissions to relevant Linux config files like /etc/shadow, /etc/passwd and other. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-lat...

EulerOS 2.0 SP3 : spamassassin (EulerOS-SA-2021-1120)

According to the versions of the spamassassin package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email SPAM from your incoming email. It c...

USN-4699-1: Apache Log4net vulnerability

It was discovered that Apache Log4net incorrectly handled certain configuration files. An attacker could possibly use this issue to expose sensitive information...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Apache Log4net vulnerability (USN-4699-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4699-1 advisory. It was discovered that Apache Log4net incorrectly handled certain configuration files. An attacker could possibly use this issue to expose...

BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation. Reconnaissance is the most important step in any penetration testing or a bug hunting process. It provides an attacke...

CVE-2021-1126

A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center FMC could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. A...

CVE-2021-1126 Cisco Firepower Management Center Information Disclosure Vulnerability

A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center FMC could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. A...

CVE-2021-21470

SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which could result in XXE-based attacks in applications that accept attacker-controlled XML configurati...

CVE-2020-13451

An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros...

Design/Logic Flaw

An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros...

CVE-2020-13451

CVE-2020-13451 affects Gotenberg up to version 6.2.1. The issue is described as an incomplete-cleanup vulnerability in the Office rendering engine, enabling an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros. Connected documents corroborate the vulnerab...

CVE-2020-13451

An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros...

Apache Flink 安全漏洞

Apache Flink is efficient and distributed general purpose data processing platform. Apache Flink products have an arbitrary file read vulnerability that can be exploited by an attacker to read sensitive files on the server and with the help of hard-coded credentials exploit the vulnerability to...

CVE-2020-29492

Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any target specific station...

NCH Express Accounts Security Vulnerability

NCH Express Accounts Accounting is a business accounting software. The software includes features such as financial income and expense management, financial analysis and reporting. A security vulnerability exists in NCH Express Accounts version 8.24 and prior versions that allows local users to...

CVE-2020-29550

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...