OESA-2021-1309 gradle security update

Gradle is build automation evolved. Gradle can automate the building, testing, publishing, deployment and more of software packages or other types of projects such as generated static websites, generated documentation or indeed anything else. Gradle combines the power and flexibility of Ant with...

Unpatched Domain Controllers Remain Vulnerable to Netlogon Vulnerability, CVE-2020-1472

The Cybersecurity and Infrastructure Security Agency CISA is aware of active exploitation of CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers and obtain domain...

GNU GRUB2 Vulnerability

Free Software Foundation GNU Project's multiboot boot loader, GNU GRUB2, contains a vulnerability—CVE-2020-10713—that a local attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

CERT/CC Reports Vulnerability in Universal Plug and Play Protocol

The CERT Coordination Center CERT/CC has released information on a vulnerability—CVE-2020-12695—affecting versions of the Universal Plug and Play UPnP protocol released before April 17, 2020. UPnP protocol allows networked devices to discover and connect with each other. A remote attacker could...

Unpatched Microsoft Systems Vulnerable to CVE-2020-0796

The Cybersecurity and Infrastructure Security Agency CISA is aware of publicly available and functional proof-of-concept PoC code that exploits CVE-2020-0796 in unpatched systems. Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are...

elita (>=0.60.0 <=0.64.1) potentially affected by CVE-2020-11651 via salt (=2014.1.10)

salt PYPI version =2014.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - elita =0.60.0, =0.64.1 Source cves: CVE-2020-11651 Source advisory: OSV:PYSEC-2020-102...

Microsoft RCE Vulnerabilities Affecting Windows, Windows Server

Microsoft has released a security advisory to address remote code execution vulnerabilities in Adobe Type Manager Library affecting all currently supported versions of Windows and Windows Server operating systems. A remote attacker can exploit these vulnerabilities to take control of an affected...

ONAP DCAE Access Control Error Vulnerability

The ONAP DCAE is a data collection, analysis, and event subsystem within the ONAP Project's suite of ONAP network management platforms. An Access Control Error vulnerability exists in ONAP DCAE Dublin and prior versions that stems from an access control error in the program. An attacker could...

Microsoft Server Message Block RCE Vulnerability

Microsoft has released a security advisory to address a remote code execution vulnerability CVE-2020-0796 in Microsoft Server Message Block 3.1.1 SMBv3. A remote attacker can exploit this vulnerability to take control of an affected system. SMB is a network file-sharing protocol that allows clien...

CVE-2012-4525

creationtimestamp| type| source ---|---|--- 2019-12-03 15:39:47+00:00| seen| https://t.me/VulnerabilityNews/11051 2019-12-03 16:03:07+00:00| seen| https://t.me/cibsecurity/8455 2019-12-03 16:03:43+00:00| seen| https://t.me/cibsecurity/8456 2019-12-03 18:02:20+00:00| seen|...

BELL-CVE-2019-19221 CVE-2019-19221 does not affect BellSoft software

Bulletin has no description...

UBUNTU-CVE-2019-19065

A memory leak in the sdmainit function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service memory consumption by triggering rhashtableinit failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a vulnerability because...

ALPINE-CVE-2019-12904

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. The C implementation is used on platforms where an assembly-language implementation is unavailable. NOTE: the vendor's position is...

Marvell Avastar Wi-Fi Vulnerability

The CERT Coordination Center CERT/CC has released information on a vulnerability affecting Marvell Avastar wireless system on chip SoC models. An attacker could exploit this vulnerability to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC...

org.apache.syncope:syncope-core-upgrader (>=1.2.0 <=1.2.11), org.apache.syncope:syncope-standalone (>=1.1.0 <=1.1.8) potentially affected by CVE-2018-17184 via org.apache.syncope:syncope-core (>=1.1.0 <=1.2.9)

org.apache.syncope:syncope-core MAVEN version =1.1.0, =1.2.0, =1.1.0, =1.1.8 Source cves: CVE-2018-17184 Source advisory: OSV:GHSA-9H9C-F287-C6VP...

com.bluelock:camel-spring-amqp (>=1.5 <=1.6.3), com.github.jknack:mwa-camel (=0.4.0) +215 more potentially affected by CVE-2014-0003 via org.apache.camel:camel-core (>=2.11.0 <=2.11.3)

org.apache.camel:camel-core MAVEN version =2.11.0, =1.5, =1.5, =1.5, =1.5, =1.5, =1.0.0, =5.14, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.3 and more Source cves: CVE-2014-0003 Source advisory: OSV:GHSA-H6RP-8V4J-HWPH...

Ghostscript Vulnerability

NCCIC is aware of a Ghostscript vulnerability affecting various vendors. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Vulnerability Note VU332928, apply the necessary workarounds, and refer to vendors f...

fis-parser-sass-all (=0.2.3) potentially affected by CVE-2016-10686 via fis-sass-all (=0.2.0)

fis-sass-all NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on fis-sass-all and may be impacted: - fis-parser-sass-all =0.2.3 Source cves: CVE-2016-10686 Source advisory: OSV:GHSA-VCFP-PPQW-MF23...

Debug Exception May Cause Unexpected Behavior

CERT Coordination Center CERT/CC has released information for CVE-2018-8897 – unexpected behavior for debug exceptions. A local attacker could exploit this bug to obtain sensitive information. NCCIC encourages users and administrators to review CERT/CC’s Vulnerability Note VU 631579 for more...

PT-2018-5660 · Allen Bradley · Allen Bradley Micrologix 1400 Series B

Name of the Vulnerable Software and Affected Versions: Allen Bradley Micrologix 1400 Series B versions 21.2 and before Description: An issue exists in the data, program, and function file permissions functionality, allowing for access control bypass. A specially crafted packet can cause...