Huawei EulerOS: Security Advisory for iSulad-kit (EulerOS-SA-2020-1290)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

proglottis/gpgme: Use-after-free in GPGME bindings during container image pull

A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...

GHSA-3HW5-Q855-G6CW Prototype Pollution in Dojox

The Dojox jQuery wrapper jqMix mixin method is vulnerable to Prototype Pollution. Affected Area: //https://github.com/dojo/dojox/blob/master/jq.jsL442 var tobj = ; forvar x in props // the "tobj" condition avoid copying properties in "props" // inherited from Object.prototype. For example, if obj...

proglottis/gpgme: Use-after-free in GPGME bindings during container image pull

A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...

Aduket - Straight-forward HTTP Client Testing, Assertions Included

Straight-forward HTTP client testing, assertions included! Simple httptest.Server wrapper with a little request recorder spice on it. No special DSL, no complex API to learn. Just create a server and fire your request like an Hadouken then assert them. TODO Add example usages Add docs Add respons...

DEBIAN-CVE-2020-8945

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification...

CVE-2020-8945

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification...

CVE-2020-8945

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification...

Design/Logic Flaw

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification...

CVE-2020-8945

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification...

CVE-2020-8945

CVE-2020-8945 affects the proglottis/gpgme Go wrapper (before 0.1.1) used for GPGME during container image pulls by Docker or CRI-O. The described issue is a use-after-free in the GPGME bindings, which can lead to a crash or potential code execution during GPG signature verification. The descript...

CVE-2020-8945

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification...

PT-2020-20383 · Proglottis +3 · Proglottis Go Wrapper +3

Name of the Vulnerable Software and Affected Versions: proglottis Go wrapper versions prior to 0.1.1 Description: The issue is related to a use-after-free problem, which can cause a crash or potentially allow code execution during GPG signature verification. This is due to improper memory...

Command Injection

Overview promise-probe is a FFprobe wrapper. Affected versions of this package are vulnerable to Command Injection via the ffprobefile and createMuteOggoutputFile, options functions. file,outputFile,options can be controlled by users without any sanitization PoC by JHU System Security Lab js var...

[SECURITY] Fedora 31 Update: python-pillow-6.2.2-1.fc31

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...

Apache Solr < 7.1.0 Remote Code Execution

Remote code execution occurs in Apache Solr versions 7.1.0 with Apache Lucene 7.1.0 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. This can be exploited to upload malicious data to the /upload request handler or as Blind XX...

HPSBGN03632 rev. 1 - HP SoftPaq Installer Vulnerability

Potential Security Impact Execution of Arbitrary Code, Escalation of Privilege. Source: HP, HP Product Security Response Team PSRT Reported by: Pierre-Alexandre Braeken; Eran Shimony VULNERABILITY SUMMARY A potential security vulnerability has been identified with a version of the HP Softpaq...

CVE-2020-6958

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper YAJSW 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service...

Xxe

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper YAJSW 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service...

Yet Another Java Service Wrapper Code Issue Vulnerability

NSA Ghidra is an open source reverse engineering tool from the National Security Agency NSA. A code issue vulnerability exists in JnlpSupport in Yet Another Java Service Wrapper YAJSW version 12.14 used in NSA Ghidra and other products. A remote attacker could exploit this vulnerability to obtain...