122 matches found
[SECURITY] Fedora 36 Update: golang-github-burntsushi-toml-test-0.2.0-11.20210108git9767d20.fc36
Toml-test is a higher-order program that tests other TOML decoders or encoder s. The goal is to make it comprehensive. Tests are divided into two groups: inva lid TOML data and valid TOML data. Decoders that reject invalid TOML data pass invalid TOML tests. Decoders that accept valid TOML data an...
OPENSUSE-SU-2022:0148-1 Security update for varnish
This update for varnish fixes the following issues: varnish was updated to release 7.1.0 boo1195188 CVE-2022-23959 VCL: It is now possible to assign a BLOB value to a BODY variable, in addition to STRING as before. VMOD: New STRING strftimeTIME time, STRING format function for UTC formatting...
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...
Code injection
On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection BFD will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the devic...
CVE-2021-28496
CVE-2021-28496 affects Arista EOS and CloudEOS: when using shared secret profiles, the password used for BiDirection Forwarding Detection (BFD) can be leaked through eAPI/JSON outputs to other authenticated users. Affected EOS trains include all 4.22.x, 4.23.x up to 4.23.9, 4.24.x up to 4.24.7, 4...
OPENSUSE-SU-2021:1390-1 Security update for ssh-audit
This update for ssh-audit fixes the following issues: ssh-audit was updated to version 2.5.0 Fixed crash when running host key tests. Handles server connection failures more gracefully. Now prints JSON with indents when -jj is used useful for debugging. Added MD5 fingerprints to verbose output...
Jsleak - A Go Code To Detect Leaks In JS Files Via Regex Patterns
jsleak is a tool to identify sensitive data in JS files through regex patterns. Although it's built for this, you can use it to identify anything as long as you have a regex pattern for it. How to install Directly: your package manager install pkg-config libpcre++-dev go get...
Sx - Fast, Modern, Easy-To-Use Network Scanner
sx is the command-line network scanner designed to follow the UNIX philosophy. The goal of this project is to create the fastest network scanner with clean and simple code. Features 30x times faster than nmap ARP scan : Scan your local networks to detect live devices ICMP scan : Use advanced ICMP...
Gon gem lack of escaping certain input when outputting as JSON
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
GHSA-78VQ-9J56-WRFR Gon gem lack of escaping certain input when outputting as JSON
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
Information Exposure
Overview foremanazurerm is a This gem provides Azure Resource Manager as a compute resource for The Foreman Affected versions of this package are vulnerable to Information Exposure. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API...
Duf - Disk Usage/Free Utility (Linux, BSD, macOS & Windows)
Disk Usage/Free Utility Linux, BSD, macOS & Windows Features User-friendly, colorful output Adjusts to your terminal's width Sort the results according to your needs Groups & filters devices Can conveniently output JSON Installation Packages Linux Arch Linux: duf Nix: nix-env -iA nixpkgs.duf...
SUSE-SU-2020:3539-1 Security update for ceph
This update for ceph fixes the following issues: Security issue fixed: - CVE-2020-25660: Bring back CEPHXV2 authorizer challenges bsc1177843. - mgr/dashboard: Fix for CrushMap viewer items getting compressed vertically bsc1170200 - mon: have 'mon stat' output json as well bsc1174466 -...
Webshell-Analyzer - Web Shell Scanner And Analyzer
Web shell analyzer is a cross platform stand-alone binary built solely for the purpose of identifying, decoding, and tagging files that are suspected to be web shells. The web shell analyzer is the bigger brother to the web shell scanner project http://github.com/tstillz/webshell-scan, which only...
CVE-2020-14330
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...
CVE-2020-14330
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...
PYSEC-2020-3
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...
CVE-2020-14330
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...
Parth - Heuristic Vulnerable Parameter Scanner
Some HTTP parameter names are more commonly associated with one functionality than the others. For example, the parameter ?url= usually contains URLs as the value and hence often falls victim to file inclusion, open redirect and SSRF attacks. Parth can go through your burp history, a list of URLs...
Evine - Interactive CLI Web Crawler
Evine is a simple, fast, and interactive web crawler and web scraper written in Golang. Evine is useful for a wide range of purposes such as metadata and data extraction, data mining, reconnaissance and testing. Follow the project on Twitter. Install From Binary Pre-build binary releases are also...