Apple iOS 安全漏洞

Apple iOS is an operating system developed by Apple Inc. for mobile devices. A security vulnerability exists in Apple iOS, which stems from the ability of traditional cellular networks to automatically answer incoming calls when a call ends or is disconnected. The following products and versions...

Veeam Backup for Nutanix AHV possible backup corruption

Challenge Due to a known issue in rare cases Veeam Backup for Nutanix backups might get corrupted. Cause The issue appears on data read by libaio when memory is aligned by 512 bytes but not aligned by 4096 bytes. The issue can affect full backups as well as incremental ones. Solution The issue is...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. eLearning and online course solution WordPress plugin before 1.7.7 suffers from a SQL injection...

Veeam Service Provider Console v5 Patch 2

This patch has been superseded by Veeam Service Provider Console v5 Patch 3. Requirements Please confirm you are running version5.0.0.6726 or later before installing Patch 2. You can check this by logging in to the backup portal and navigating to the Configuration Support Information tab. After...

Question2Answer Q2A Ultimate SEO Cross-Site Scripting Vulnerability

Q2A Ultimate SEO is a component from the Q2A Projects team that provides search engine optimization functionality for Question2Answer. Question2Answer Q2A Ultimate SEO Version 1.3 suffers from a cross-site scripting vulnerability that leads to arbitrary remote code execution...

CentOS 8 : unbound (CESA-2020:1716)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:1716 advisory. - unbound: command injection with data coming from a specially crafted IPSECKEY answer CVE-2019-18934 Note that Nessus has not tested for this issue but has...

CVE-2019-25006

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer...

CVE-2019-25006

The CVE affects the Rust crate streebog prior to version 0.8.0 . The issue stems from an incorrect implementation of the internal update-sigma function, which can cause the Streebog hash function to produce an incorrect result (and, in some configurations, may trigger a panic). Mitigation: upgrad...

CVE-2020-29003

The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll...

UBUNTU-CVE-2020-29003

The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll...

Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the Call

Facebook has patched a bug in its widely installed Messenger app for Android that could have allowed a remote attacker to call unsuspecting targets and listen to them before even they picked up the audio call. The flaw was discovered and reported to Facebook by Natalie Silvanovich of Google's...

CVE-2020-7962

An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is...

CVE-2020-7962

An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is...

CVE-2017-9109

An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the...

CVE-2017-9109

An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the...

Heap overflow

An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the...

h1-ctf: [H1-2006 2020] CTF Writeup

Summary: Multiple Vulnerabilities leading to full account takeover and access to restricted functions 1. Information Disclosure 2. Login 2FA Bypass 3. SSRF 4. Hardcoded validation 5. Sensitive information disclosure 6. Privilege Escalation 7. Payments 2FA Bypass through SSRF Steps To Reproduce: 0...

DEBIAN-CVE-2020-12244

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation...

CVE-2020-12667

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

CVE-2020-12667

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...