bmoor-cache (>=0.3.0 <=0.6.0), bmoor-comm (>=0.0.1 <=0.6.0) +4 more potentially affected by CVE-2020-7736 via bmoor (>=0.0.5 <=0.5.1)

bmoor NPM version =0.0.5, =0.3.0, =0.0.1, =0.0.1, =0.1.0, =0.0.4, =0.6.0, =0.6.43 Source cves: CVE-2020-7736 Source advisory: SNYK:JS-BMOOR-598664...

SilverStripe has an unspecified vulnerability (CNVD-2020-44912)

SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . SilverStripe 4.5.0 version of a security vulnerability , the vulnerability stems from...

Nagios XI Cross-Site Scripting Vulnerability (CNVD-2020-41877)

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. A cross-site scripting vulnerability exists in Graph Explorer in Nagios XI versions prior to 5.7.2. An attacker can exploit this...

CVE-2020-15902

Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option...

CVE-2020-15902

Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option...

Design/Logic Flaw

Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option...

CVE-2020-15902

Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option...

PT-2020-14700 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions prior to 5.7.2 Description: The issue allows for XSS via the link url option in the Graph Explorer component. This could potentially lead to malicious script execution. Recommendations: For versions prior to 5.7.2, update t...

git:fuzz-commit-graph: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5166823746830336 Project: git Fuzzing Engine: libFuzzer Fuzz Target: fuzz-commit-graph Job Type: libfuzzerasangit Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x61b000004000 Crash State: NULL Sanitizer: address ASAN Recommended...

CVE-2020-10271

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as...

CVE-2020-10272

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with...

git:fuzz-commit-graph: Crash in parse_commit_graph

Detailed Report: https://oss-fuzz.com/testcase?key=5174251396268032 Project: git Fuzzing Engine: honggfuzz Fuzz Target: fuzz-commit-graph Job Type: honggfuzzasangit Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x7fffe173e000 Crash State: parsecommitgraph fuzz-commit-graph.c...

CVE-2020-10271 RVD#2555: MiR ROS computational graph is exposed to all network interfaces, including poorly secured wireless networks and open wired ones

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as...

CVE-2020-10272 RVD#2554: MiR ROS computational graph presents no authentication mechanisms

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with...

Mattermost Server Resource Management Error Vulnerability (CNVD-2020-41488)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A resource management error vulnerability exists in Mattermost Server. An attacker could exploit this vulnerability to cause a denial of service memory consumption with OpenGraph...

BIND -- Remote Denial of Service vulnerability

ISC reports: The asterisk character "" is allowed in DNS zone files, where it is most commonly present as a wildcard at a terminal node of the Domain Name System graph. However, the RFCs do not require and BIND does not enforce that an asterisk character be present only at a terminal node. A...

git:fuzz-commit-graph: Crash with empty stacktrace

Project: https://github.com/git/git.git Detailed Report: https://oss-fuzz.com/testcase?key=5698013027893248 Project: git Fuzzing Engine: libFuzzer Fuzz Target: fuzz-commit-graph Job Type: libfuzzerasangit Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x61b000024000 Crash State: NULL...

CVE-2020-13252

Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabasestatuspath via a main.get.php request and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page...

UBUNTU-CVE-2020-13164

In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem...

Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials

A new phishing campaign can bypass multi-factor authentication MFA on Office 365 to access victims’ data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found. Researchers at Cofense Phishing Defense Center discovered the...