Important: Red Hat Security Advisory: Ansible security and bug fix update (2.9.13)

An update for ansible is now available for Ansible Engine 2.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

SUSE-SU-2020:2355-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: - update to 10.14: CVE-2020-14349, bsc1175193: Set a secure searchpath in logical replication walsenders and apply workers CVE-2020-14350, bsc1175194: Make contrib modules' installation scripts more secure...

ALPINE-CVE-2019-14904

A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...

Command injection

A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...

CVE-2019-14904

CVE-2019-14904 affects the Ansible Community solaris_zone module. When setting the zone name on a Solaris host, the zone name is checked by listing processes with the bare ps command on the remote host, enabling an attacker to craft the zone name and execute arbitrary commands on the remote syste...

openSUSE Security Update : postgresql12 (openSUSE-2020-1243)

This update for postgresql12 fixes the following issues : - update to 12.4 : - CVE-2020-14349, bsc1175193: Set a secure searchpath in logical replication walsenders and apply workers - CVE-2020-14350, bsc1175194: Make contrib modules' installation scripts more secure. -...

Intel Owl - Analyze Files, Domains, IPs In Multiple Ways From A Single API At Scale

Do you want to get threatintelligence data about a file, an IP or a domain? Do you want to get this kind of data from multiple sources at the same time using a single API request? You are in the right place! This application is built to scale out and to speed up the retrieval of threat info. It c...

openSUSE: Security Advisory for postgresql12 (openSUSE-SU-2020:1244-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1243-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: - update to 12.4: CVE-2020-14349, bsc1175193: Set a secure searchpath in logical replication walsenders and apply workers CVE-2020-14350, bsc1175194: Make contrib modules' installation scripts more secure...

Security Bulletin: IBM Connect:Direct for UNIX is Vulnerable to a Privilege Escalation Attack via its ndmauth modules

Summary IBM Sterling Connect:Direct for UNIX could allow a user who is authorized for limited system privileges to attack through the ndmauth modules taking advantage of a buffer overflow vulnerability to manipulate CD UNIX and obtain root privileges. Vulnerability Details CVEID: CVE-2020-4587...

CVE-2020-20633

ajaxpolicygenerator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent cookie-law-info 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation...

CVE-2020-20633

CVE-2020-20633 affects the WordPress plugin GDPR Cookie Consent (cookie-law-info) versions 1.8.2 and earlier, via ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php. The vulnerability allows authenticated stored XSS and privilege escalation. The co...

CVE-2020-20633

ajaxpolicygenerator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent cookie-law-info 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation...

DropEngine - Malleable Payloads!

By @s0lst1c3 Disclaimer DropEngine the "Software" and associated documentation is provided “AS IS”. The Developer makes no other warranties, express or implied, and hereby disclaims all implied warranties, including any warranty of merchantability and warranty of fitness for a particular purpose...

[SECURITY] Fedora 31 Update: ansible-2.9.12-1.fc31

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Vulnerability fixed in Icinga Web 2

Icinga has fixed a potential path-traversal vulnerability in Icinga Web 2. The vulnerability allows a malicious party to read sensitive files that can be read by the process on which Icinga Web 2 is running. This is often a Web server or an FPM process. Although the vulnerability itself is in the...

SUSE-SU-2020:2265-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: - update to 12.4: CVE-2020-14349, bsc1175193: Set a secure searchpath in logical replication walsenders and apply workers CVE-2020-14350, bsc1175194: Make contrib modules' installation scripts more secure...

SUSE-SU-2020:2264-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: - update to 10.14: CVE-2020-14349, bsc1175193: Set a secure searchpath in logical replication walsenders and apply workers CVE-2020-14350, bsc1175194: Make contrib modules' installation scripts more secure...

Huawei E6878-370 Improper Authorization Vulnerability

The Huawei E6878-370 is a portable 5G router from Huawei China. A security vulnerability exists in Huawei E6878-370 version 10.0.3.1 H563SP1C00 and version 10.0.3.1 H563SP21C233, which stems from the device failing to properly restrict certain data received on the WAN port. An attacker could...

Mac Users Targeted by Spyware Spreading via Xcode Projects

A campaign aimed at Mac users is spreading the XCSSET suite of malware, which has the capability to hijack the Safari web browser and inject various JavaScript payloads that can steal passwords, financial data and personal information, deploy ransomware and more. Infections are propagating via...