Server-side Request Forgery (SSRF)

Overview github.com/thecodingmachine/gotenberg is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as...

Obfuscator - The Program Is Designed To Obfuscate The Shellcode

The program is designed to obfuscate the shellcode. Currently the tool supports 2 encryption. 1 XOR 2 AES The tool accepts shellcode in 4 formats. 1 base64 2 hex 3 c 4 raw Command Line Usage Usage Description ----- ----------- /f Specify the format of the shellcode base64 hex c raw /enc Specify t...

webkitgtk: Incorrect processing of file URLs

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed...

Apple iCloud 10.x < 10.9.3 Multiple Vulnerabilities

According to its version, the iCloud application installed on the remote Windows host is 10.x prior to 10.9.3. It is, therefore, affected by multiple vulnerabilities: - A logic issue was addressed with improved restrictions. A file URL may be incorrectly processed. CVE-2020-3885 - A logic issue w...

Denial Of Service (DoS)

Python is vulnerable to denail of service DoS. Due to a flaw found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects, it caused Python applications using these modules to follow any new URL that they...

Arbitrary Code Execution

curl is vulnerable to arbitrary code execution. A flaw in libcurl where it would not differentiate between different target URLs when handling automatic redirects. This caused libcurl to follow any new URL that it understood, including the "file://" URL type. This could allow a remote server to...

CVE-2020-3885

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed...

DEBIAN-CVE-2020-3885

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed...

CVE-2020-3885

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed...

Design/Logic Flaw

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed...

CVE-2020-3885

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed...

UBUNTU-CVE-2020-3885

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed...

CVE-2020-3885

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed...

CVE-2020-3885

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed...

Multiple Apple Products WebKit Page Loading Component Logic Issue Vulnerability

Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. apple iPadOS is an operating system for iPad tablets. webKit Page Loading is one of the WebKit Page Loading components. loading component. A security vulnerability exists in the WebKit...

About the security content of iTunes 12.10.5 for Windows

About the security content of iTunes 12.10.5 for Windows This document describes the security content of iTunes 12.10.5 for Windows. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

curl: curl still vulnerable to SMB access smuggling via FILE URL on Windows

Summary: The released fix for CVE-2019-15601, SMB access smuggling via FILE URL on Windows, leaves curl still vulnerable to SMB access smuggling via FILE URLs. - FILE URLs formatted as file:////smbserver/smbshare/file are not filtered. - FILE URLs which point to the global DOS name space, ??, and...

PT-2020-20268 · Alfresco · Alfresco Community +1

Name of the Vulnerable Software and Affected Versions: Alfresco Enterprise versions prior to 5.2.7 Alfresco Community versions prior to 6.2.0 rb65251d6-b368 Description: The issue is related to a Cross-Site Scripting XSS problem. It occurs via the URL property of a file, allowing potential...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1144)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : curl (EulerOS-SA-2020-1144)

According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - CURL before 7.68.0 lacks proper input validation, which allows users to create a FILE: URL that can make the client access a remote file using SMB...