CVE-2020-5729

In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Any page that is able to trigger a UI Framework Error is susceptible to this issue...

CVE-2020-2174

Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796-CNA This implementation is based on the POC pro...

CVE-2018-8039

It was discovered that when Apache CXF is configured to use the system property com.sun.net.ssl.internal.www.protocol ,it uses reflection to make the HostnameVerifier work with old com.sun.net.ssl.HostnameVerifier interface. Although the CXF implementation throws an exception, which is caught in...

Fedora 30 : php (2020-ce5a2a7403)

PHP version 7.3.16 19 Mar 2020 Core: - Fixed bug php63206 restoreerrorhandler does not restore previous errors mask. Mark Plomer DOM: - Fixed bug php77569: Write Access Violation in DomImplementation. Nikita, cmb - Fixed bug php79271 DOMDocumentType::$childNodes is NULL. cmb Enchant: - Fixed bug...

Fedora 31 : php (2020-0bf228857a)

PHP version 7.3.16 19 Mar 2020 Core: - Fixed bug php63206 restoreerrorhandler does not restore previous errors mask. Mark Plomer DOM: - Fixed bug php77569: Write Access Violation in DomImplementation. Nikita, cmb - Fixed bug php79271 DOMDocumentType::$childNodes is NULL. cmb Enchant: - Fixed bug...

Exploit for Deserialization of Untrusted Data in Oracle Access_Manager

CVE-2020-2555 Weblogic com.tangosol.util.extractor.ReflectionE...

Updated php packages fix bugs and security vulnerabilities

Updated php packages fix bugs and security vulnerabilities: Core: - Fixed bug 71876 Memory corruption htmlspecialchars: charset ' not supported. - Fixed bug 79146 cscript can fail to run on some systems. - Fixed bug 78323 Code 0 is returned on invalid options. - Fixed bug 76047 Use-after-free...

infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

Fedora 31 : php (2020-32f9a2b308)

PHP version 7.3.15 20 Feb 2020 Core: - Fixed bug php71876 Memory corruption htmlspecialchars: charset ' not supported. Nikita - Fixed bug php79146 cscript can fail to run on some systems. clarodeus - Fixed bug php78323 Code 0 is returned on invalid options. Ivan Mikheykin - Fixed bug php76047...

New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users

A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for paid subscriptions on their behalf. The impersonation attack —...

Command injection

An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attack...

Command injection

An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can...

jenkins: UDP multicast/broadcast service amplification reflection attack

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848...

DDoS attacks in Q4 2019

News overview In the past quarter, DDoS organizers continued to harness non-standard protocols for amplification attacks. In the wake of WS-Discovery, which we covered in the previous report, cybercriminals turned to Apple Remote Management Service ARMS, part of the Apple Remote Desktop ARD...

GitHub Security Lab: Dynamic reflection class

This bug was reported directly to GitHub Security Lab...

Jenkins < 2.219, < 2.204.2 LTS Multiple Vulnerabilities - Linux

Jenkins is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-2100

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848...

FreeBSD : jenkins -- multiple vulnerabilities (a250539d-d1d4-4591-afd3-c8bdfac335d8)

Jenkins Security Advisory : DescriptionHigh SECURITY-1682 / CVE-2020-2099 Inbound TCP Agent Protocol/3 authentication bypass Medium SECURITY-1641 / CVE-2020-2100 Jenkins vulnerable to UDP amplification reflection attack Medium SECURITY-1659 / CVE-2020-2101 Non-constant time comparison of inbound...

CVE-2020-2100

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848...