Security update for pdns-recursor (moderate)

openSUSE Security Update: Security update for pdns-recursor Announcement ID: openSUSE-SU-2020:1101-1 Rating: moderate References: 1173302 Cross-References: CVE-2020-14196 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes one vulnerability is now available. Description: This...

Protected: TBD

This content is password protected. To view it please enter your password below: Password:...

ZenTao Pro 8.8.2 Remote Code Execution Exploit

This Metasploit module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlier versions in order to execute arbitrary commands with SYSTEM privileges. Valid credentials for a ZenTao admin account are required. This module has been successfully tested against ZenTao 8.8.1 and...

openSUSE Security Update : pdns-recursor (openSUSE-2020-1005)

This update for pdns-recursor fixes the following issues : - CVE-2020-14196: Fixed an access restriction bypass with API key and password authentication boo1173302. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Security update for pdns-recursor (moderate)

openSUSE Security Update: Security update for pdns-recursor Announcement ID: openSUSE-SU-2020:1005-1 Rating: moderate References: 1173302 Cross-References: CVE-2020-14196 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP1 SUSE Package Hub for SUSE Linux...

Fedora: Security Advisory for curl (FEDORA-2020-6af1dd2936)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Improper Session Management

sorcery uses an improper session management. The vulnerability allows brute force attack to be carried out on the password authentication since the expired protection is not re-enabled after the first lockout period...

CVE-2020-11052

In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor...

CVE-2020-11052

In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor...

Design/Logic Flaw

In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor...

CVE-2020-11052

Summary: CVE-2020-11052 describes a brute-force vulnerability in Sorcery prior to 0.15.0 related to password authentication. The built-in brute-force protection submodule would block attempts for a defined lockout period, but after expiry the protection is not re-enabled automatically unless a su...

JetBrains Space License Issue Vulnerability

JetBrains Space is a team collaboration solution from the Czech company JetBrains. The product supports features such as online chat, online meetings, code review and package repository. A security vulnerability exists in JetBrains Space version 2020-04-22 and earlier that stems from insecure...

CVE-2020-11796

In JetBrains Space through 2020-04-22, the password authentication implementation was insecure...

Authentication flaw

In JetBrains Space through 2020-04-22, the password authentication implementation was insecure...

CVE-2020-11796

In JetBrains Space through 2020-04-22, the password authentication implementation was insecure...

CVE-2020-11796

CVE-2020-11796 concerns a vulnerability in JetBrains Space where, through 2020-04-22, the password authentication implementation was insecure. The connected CNVD entry explicitly notes a vulnerability in Space versions up to 2020-04-22 that allows an attacker to bypass security restrictions due t...

CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The software maintainer believes...

CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The software maintainer believes...

CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The software maintainer believes...

CVE-2019-19015

An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service which is typically exposed to all users allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy without password authentication, an attacker is able to fully...