Leak Exposes Private Data of Genealogy Service Users

A server containing information of users of a genealogy service has exposed the data of 60,000 users, putting them at risk for fraud, phishing and other cybercriminal activity. Research led by Avishai Efrat at WizCase has discovered the leak, which affected an open and unencrypted ElasticSearch...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

NewStart CGSL MAIN 6.01 : sqlite Multiple Vulnerabilities (NS-SA-2020-0031)

The remote NewStart CGSL host, running version MAIN 6.01, has sqlite packages installed that are affected by multiple vulnerabilities: - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode function when handling invalid rtree tables. CVE-2019-8457 -...

EulerOS Virtualization 3.0.6.0 : sqlite (EulerOS-SA-2020-1764)

According to the versions of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - osunix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to...

CVE-2020-15317

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree...

CVE-2020-15319

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree...

CVE-2020-15315

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree...

PT-2020-6721 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was found in the Linux kernel, specifically in the ext4 filesystem, where a corrupted extent tree can cause a denial of service problem. This issue is related to an integer...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1698)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Directory Traversal

Overview marked-tree is a markdown viewer for viewing markdown within a development environment. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in the path provided at fs.readFile in index.js. PoC by JHU System Security Lab 1. Start the serv...

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

EulerOS 2.0 SP2 : sqlite (EulerOS-SA-2020-1624)

According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect...

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

RHEL 8 : kernel-rt (RHSA-2020:2428)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2428 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Securi...

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

Design/Logic Flaw

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

CVE-2020-13871

SQLite 3.32.2 is affected by a use-after-free in resetAccumulator (select.c) due to a late parse tree rewrite for window functions. Impact could include a crash or arbitrary code execution. Remediation: upgrade to SQLite 3.32.3 or later (fix upstream).