CVE-2020-28949

CVE-2020-28949 affects PEAR Archive_Tar (v1.4.10 and earlier). The issue is that Archive_Tar’s filename sanitization only addressed phar attacks; other stream-wrapper attacks (e.g., file://) can overwrite files, enabling potential arbitrary file writes. Affected ecosystem includes PHP-pear compon...

CVE-2020-28949

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed. Recent assessments: gwillcox-r7 at January 15, 2021 8:42pm UTC reported: Original advisory and PoC can be found at...

PT-2020-16660 · Eclecticiq +2 · Opentaxii +2

Name of the Vulnerable Software and Affected Versions: TAXII libtaxii versions 1.1.117 and earlier EclecticIQ OpenTAXII versions 0.2.0 and earlier Description: The issue allows SSRF via an initial http:// substring to the parse method, even when the no network setting is used for the XML parser...

Three Cloud-First Akamai Initiatives to Support Your Cloud Journey

61% of organizations plan to focus on cloud migration this year. 93% have a multi-cloud strategy.1 This means that on average your organization is using 2.2 public clouds, multiplying your complexity and your costs. While the cloud has delivered on a lot of promises, it isn't getting simpler or...

Preparing the Edge for a Big Year in Live Streaming

Next year is shaping up to be a big one for live streaming. Typically characteristic of even years, when many major international sporting events take place, 2021 looks like it could defy the trend. Akamai is predicting an unprecedented surge in live streaming that will start in late 2020 and...

DEBIAN-CVE-2020-26932

debian/sympa.postinst for the Debian Sympa package before 6.2.40dfsg-7 uses mode 4755 for sympanewaliases-wrapper, whereas the intended permissions are mode 4750 for access by the sympa group...

UBUNTU-CVE-2020-26932

debian/sympa.postinst for the Debian Sympa package before 6.2.40dfsg-7 uses mode 4755 for sympanewaliases-wrapper, whereas the intended permissions are mode 4750 for access by the sympa group...

DEBIAN-CVE-2020-26880

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...

Design/Logic Flaw

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...

UBUNTU-CVE-2020-26880

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...

Enum4Linux - A Linux Alternative To Enum.Exe For Enumerating Data From Windows And Samba Hosts

A Linux alternative to enum.exe for enumerating data from Windows and Samba hosts. Enum4linux is a tool for enumerating information from Windows and Samba systems. It attempts to offer similar functionality to enum.exe formerly available from www.bindview.com. It is written in Perl and is basical...

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists the security wrapper does not deny access to some exposed properties using the deprecated exposedProps mechanism on proxy objects...

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:2143-1)

This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...

proglottis/gpgme: Use-after-free in GPGME bindings during container image pull

A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...

[SECURITY] Fedora 32 Update: python-pillow-7.0.0-4.fc32

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...

CVE-2020-4043

phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution discovered, tested, and confirmed by myself, so the risk factor should be regarded as very high...

Code injection

phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution discovered, tested, and confirmed by myself, so the risk factor should be regarded as very high...

CVE-2020-4043

CVE-2020-4043 affects phpMussel versions 1.0.0 to

CVE-2020-4043 Phar unserialization vulnerability in phpMussel

phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution discovered, tested, and confirmed by myself, so the risk factor should be regarded as very high...

FreeBSD : sympa - Security flaws in setuid wrappers (61bc44ce-9f5a-11ea-aff3-f8b156c2bfe9)

A vulnerability has been discovered in Sympa web interface by which attacker can execute arbitrary code with root privileges. Sympa uses two sorts of setuid wrappers : - FastCGI wrappers - newaliases wrapper The FastCGI wrappers wwsympa-wrapper.fcgi and sympasoapserver-wrapper.fcgi were used to...