PT-2021-3139 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is related to errors in...

GHSA-PVGF-MRR4-CW7R Cross-Site Request Forgery in ForkCMS

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

KubeArmor - Container-aware Runtime Security Enforcement System

Introduction to KubeArmor KubeArmor is a container-aware runtime security enforcement system that restricts the behavior such as process execution, file access, networking operation, and resource utilization of containers at the system level. KubeArmor operates with Linux security modules LSMs,...

[SECURITY] Fedora 32 Update: ansible-2.9.20-1.fc32

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 34 Update: ansible-2.9.20-1.fc34

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 33 Update: ansible-2.9.20-1.fc33

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Security update for virtualbox (important)

openSUSE Security Update: Security update for virtualbox Announcement ID: openSUSE-SU-2021:0630-1 Rating: important References: 1181197 1181198 1183125 1183329 1184542 Cross-References: CVE-2021-2074 CVE-2021-2129 CVE-2021-2264 CVSS scores: CVE-2021-2074 NVD : 8.2...

Metasploit Wrap-Up

Operations shell Operations and management software make popular targets due to their users typically having elevated privileges across a network. Our own wvu contributed the VMware vRealize Operations vROps Manager SSRF RCE exploit module for the vulnerabilities discovered by security researcher...

ceph: mgr modules' passwords are in clear text in mgr logs

A flaw was found in Ceph where Ceph stores mgr module passwords in clear text. This issue can be found by searching the mgr logs for Grafana and dashboard, with passwords visible. The highest threat from this vulnerability is to confidentiality...

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for various areas, including web application security, penetration testing, and vulnerability research. The primary purpose of Vulhub is to provide a convenie...

Metasploit Wrap-Up

Nagios modules Community member Erik Wynter has contributed two more Nagios XI modules this week, on top of the previous week’s contributions! If you’ve noticed Nagios XI 5.6.0 to 5.7.5 running within your target’s infrastructure during a pen test, be sure to check both these new modules out as...

CVE-2021-2236

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Advanced Global Intercompany. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

CVE-2021-2236

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Advanced Global Intercompany. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

CVE-2021-2236

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Advanced Global Intercompany. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

CVE-2021-27393

A vulnerability has been identified in Nucleus NET All versions, Nucleus ReadyStart V3 All versions V2013.08, Nucleus Source Code Versions including affected DNS modules. The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS...

ansible: multiple modules expose secured values

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

ansible: multiple modules expose secured values

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

am.ik.blog:blog-mapper (>=4.0.0 <=4.6.0), app.myoss.cloud.mybatis:myoss-mybatis (>=2.0.0.RELEASE <=2.1.7.RELEASE) +8809 more potentially affected by CVE-2020-26945 via org.mybatis:mybatis (>=2.3.5 <=3.5.5)

org.mybatis:mybatis MAVEN version =2.3.5, =4.0.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =1.2.0, =20.3.0, =19.3.0, =20.3.0, =19.3.0, =19.3.0, =23.1.0, =2.23.0, =19.3.0, =19.3.0, =19.3.0, =0.1.0, =1.6.0 and more Source cves: CVE-2020-26945 Source advisory: OSV:GHSA-QQ48-M4JX-XQH8...

GHSA-J2H6-73X8-22C4 Exposure of Sensitive Information to an Unauthorized Actor in ansible

A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldapattr and ldapentry community modules are used. The issue...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Financials...