[ASA-202011-14] postgresql: multiple issues

Arch Linux Security Advisory ASA-202011-14 ========================================== Severity: High Date : 2020-11-17 CVE-ID : CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 Package : postgresql Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1276 Summary ======= The...

OPENSUSE-SU-2020:1875-1 Security update for apache-commons-httpclient

This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

openSUSE: Security Advisory for apache-commons-httpclient (openSUSE-SU-2020:1873-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: CVE-2018-11775 TLS hostname verification when using the Apache ActiveMQ Client

Summary TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. Vulnerability Details CVEID:...

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.3 security update

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

SUSE-SU-2020:3151-1 Security update for apache-commons-httpclient

This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

SUSE-SU-2020:3149-1 Security update for apache-commons-httpclient

This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

Pulse Secure Desktop Client < 9.1R9 Multiple Vulnerabilities (SA44601)

The Pulse Secure Desktop Client installed on the remote Windows system is prior to 9.1R9. It is, therefore, affected by multiple vulnerabilities, including the following: - A vulnerability in the Pulse Secure Desktop Client 9.1R9 could allow the attacker to perform a MITM Attack if end users are...

CVE-2020-8241

A vulnerability in the Pulse Secure Desktop Client 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server...

Design/Logic Flaw

A vulnerability in the Pulse Secure Desktop Client 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server...

CVE-2020-8241

CVE-2020-8241 affects the Pulse Secure Desktop Client when running versions prior to 9.1R9, enabling a MITM attack if users connect to a malicious server. Public-coverage documents (SA44601) confirm remediation by upgrading to Pulse Secure Desktop Client 9.1R9 (and note related mitigations such a...

CVE-2020-8241

A vulnerability in the Pulse Secure Desktop Client 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server...

CVE-2020-3993

VMware NSX-T 3.x before 3.0.2, 2.5.x before 2.5.2.2.0 contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node...

PT-2020-4415 · Vmware · Vmware Nsx-T

Name of the Vulnerable Software and Affected Versions: VMware NSX-T versions 3.x before 3.0.2 VMware NSX-T versions 2.5.x before 2.5.2.2.0 Description: The issue exists in the way VMware NSX-T allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM...

FortiGate VPN Default Config Allows MitM Attacks

Default configurations of Fortinet’s FortiGate VPN appliance could open organizations to man-in-the-middle MitM attacks, according to researchers, where threat actors could intercept important data. According to the SAM IoT Security Lab, the FortiGate SSL-VPN client only verifies that the...

FortiGate SSL VPN "Breaching the Fort"

Security researchers at SAM Seamless Network published a blog post on September 24, 2020 stating that 200,000 businesses were exposed to Man-in-the-Middle MITM attacks against FortiGate SSL VPNs due to the VPN client’s failure to properly verify the server’s certificate out of the box. Instead,...

CVE-2020-15767

An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with the ability to MITM plain HTTP requests to obtain it, if the user mistakenly uses a HTTP instead of HTTPS...

Cross site request forgery (csrf)

An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with the ability to MITM plain HTTP requests to obtain it, if the user mistakenly uses a HTTP instead of HTTPS...

CVE-2020-15185

In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker...

in seleniumhq/selenium

Description Selenium is an umbrella project encapsulating a variety of tools and libraries enabling web browser automation. Selenium specifically provides infrastructure for the W3C WebDriver specification — a platform and language-neutral coding interface compatible with all major web browsers...