EulerOS Virtualization 2.9.1 : unbound (EulerOS-SA-2021-1629)

According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local...

samba: Missing handle permissions check in SMB1/2/3 ChangeNotify

A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality...

Information Disclosure

samba is vulnerable to information disclosure. A missing permissions check on a directory handle requesting ChangeNotify meant that a client with a directory handle open only for FILEREADATTRIBUTES minimal access rights could be used to obtain change notify replies from the server. These replies...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2020-2441)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-9331

CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation by local users with the SeChangeNotifyPrivilege right because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space...

GHSA-J8QR-RVCV-CRHV Malicious Package in electron-native-notify

All versions of electron-native-notify contain malicious code. The package was part of a targeted attack to steal cryptocurrency wallet seeds and upload them to a remote server, effectively giving attackers access to users wallets. Recommendation Remove the package from your environment and follo...

Malicious Package in electron-native-notify

All versions of electron-native-notify contain malicious code. The package was part of a targeted attack to steal cryptocurrency wallet seeds and upload them to a remote server, effectively giving attackers access to users wallets. Recommendation Remove the package from your environment and follo...

EulerOS 2.0 SP8 : unbound (EulerOS-SA-2020-1886)

According to the version of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP...

Open-Xchange: Null dereference in `cmd_denotify_operation_execute`

To reproduce, run test suite on following input : require "vnd.dovecot.testsuite"; require "notify"; require "envelope"; test "D Middle" // notify :options "timo@exat"; denotify :is "noot"; if not testresultexecute testfail "fat"; Output is with ASAN enabled stack trace...

mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.

A cryptographic protocol integrity flaw was discovered in Apache Mina. The closure of a TLS session would not always result in closure of the socket, allowing the conversation to continue in clear text. This could undermine the confidentiality of a connection and potentially disclose sensitive...

sineparelektronik.com Cross Site Scripting vulnerability OBB-1211672

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.6.0) +35 more potentially affected by CVE-2020-13596 via django (>=2.2.0 <=2.2.12)

django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.3.0a0, =0.0.1, =0.0.1, =0.0.26 and more Source cves: CVE-2020-13596 Source advisory: OSV:GHSA-2M34-JCJV-45XF...

ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.6.0) +35 more potentially affected by CVE-2020-13254 via django (>=2.2.0 <=2.2.12)

django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.3.0a0, =0.0.1, =0.0.1, =0.0.26 and more Source cves: CVE-2020-13254 Source advisory: OSV:GHSA-WPJR-J57X-WXFW...

CVE-2020-12826

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because execid in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a donotifyparent protection mechanism. A child process can send an arbitrary signal to a parent...

EulerOS 2.0 SP3 : systemd (EulerOS-SA-2020-1436)

According to the version of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The managerinvokenotifymessage function in systemd 231 and earlier allows local users to cause a denial of service assertion failure and PID 1 han...

mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.

A cryptographic protocol integrity flaw was discovered in Apache Mina. The closure of a TLS session would not always result in closure of the socket, allowing the conversation to continue in clear text. This could undermine the confidentiality of a connection and potentially disclose sensitive...

CloudBees Jenkins Pipeline GitHub Notify Step Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A cross-site request forgery vulnerability exists in Pipeline GitHub Notify Step Plugin 1.0.4 and earlier versions in CloudBees Jenkins. The vulnerability stems...

CloudBees Jenkins Pipeline GitHub Notify Step Plugin Authorization Issue Vulnerability (CNVD-2020-11649)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . An authorization issue vulnerability exists in Pipeline GitHub Notify Step Plugin 1.0.4 and earlier versions in CloudBees Jenkins. The vulnerability stems from a...

CloudBees Jenkins Pipeline GitHub Notify Step Plugin Authorization Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...

CVE-2020-2118

A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...