SUSE-SU-2020:2718-1 Security update for pdns

This update for pdns fixes the following issues: - CVE-2020-17482: Fixed an issue where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory bsc1176535...

CVE-2020-14319

A flaw was found in the AMQ Online console, where it is vulnerable to a Cross-Site Request Forgery attack CSRF, which is exploitable in cases where preflight checks are not instigated or bypassed. This flaw allows an attacker to target authorized users using an older browser with Adobe Flash. The...

Design/Logic Flaw

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

RHEL 7 / 8 : OpenShift Container Platform 4.5 (RHSA-2020:2413)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2413 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

kubernetes: Denial of service in API server via crafted YAML payloads by authorized users

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

kubernetes: Denial of service in API server via crafted YAML payloads by authorized users

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

CVE-2020-8555 Kubernetes kube-controller-manager SSRF

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

Verizon Data Breach Report: DoS Skyrockets, Espionage Dips

Denial-of-service DoS attacks have spiked over the past year, while cyber-espionage campaigns have spiraled downwards. That’s according to Verizon’s 2020 Data Breach Investigations Report DBIR released Tuesday, which analyzed 32,002 security incidents and 3,950 data breaches across 16 industry...

UBUNTU-CVE-2019-11254

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Subrion CMS 4.0.5 - Cross-Site Request Forgery Add Admin Exploit Author: Ismail Tasdelen Vendor Homepage: https://intelliants.com/ Software Link : https://github.com/intelliants/subrion/releases/tag/v4.0.5 Software : Subrion CMS...

Design/Logic Flaw

In CloudVision Portal CVP for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which a...

RISE Ultimate Project Manager Cross-Site Request Forgery Vulnerability

RISE Ultimate Project Manager is used to manage projects, clients and team members. A cross-site request forgery vulnerability exists in index.php/teammembers/addteammember in RISE Ultimate Project Manager 2.3, which can be exploited by an attacker to add authorized users...

CVE-2019-18884

index.php/teammembers/addteammember in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users...

Cross site request forgery (csrf)

index.php/teammembers/addteammember in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users...

CVE-2019-18884

index.php/teammembers/addteammember in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users...

Philips IntelliSpace Perinatal CVE-2019-13546 Local Security Bypass Vulnerability

Description Philips IntelliSpace Perinatal is prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Philips IntelliSpace Perinatal versions K and prior are...