Mattermost: DoS via large console messages

Summary: When server console logging is enabled, it's possible to cause a complete denial of service to the server by submitting large text 64KB that gets output in the console log. This causes the server to become unavailable for all users. Steps To Reproduce: I set up my environment following t...

Akamai Provides Prolexic DDoS Service Impact Update (Status: Resolved)

Akamai experienced an outage for one of its Prolexic DDoS services Routed 3.0 starting at 4:20 AM UTC. We detected the issue immediately, and impacted customers received an error alert within seconds. The impact was limited to Akamai customers using version 3.0 of the Routed service. Many of the...

SUSE: Security Advisory (SUSE-SU-2021:1006-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:14707-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : curl (SUSE-SU-2021:1786-1)

This update for curl fixes the following issues: CVE-2021-22898: TELNET stack contents disclosure bsc1186114 CVE-2021-22876: The automatic referer leaks credentials bsc1183933 CVE-2020-8286: Inferior OCSP verification bsc1179593 CVE-2020-8285: FTP wildcard stack overflow bsc1179399 CVE-2020-8284:...

Bucky - An Automatic S3 Bucket Discovery Tool

Bucky is an automatic tool designed to discover S3 bucket misconfiguration, Bucky consists up of two modules Bucky firefox addon and Bucky backend engine. Bucky addon reads the source code of the webpages and uses Regular ExpressionRegex to match the S3 bucket used as Content Delivery NetworkCDN...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.6 (tripleo-ansible) security update

An update for tripleo-ansible is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

maltrail

This is a Python-based malicious traffic detection system called Maltrail. It is designed to identify and block malicious traffic by utilizing publicly available blacklists and custom user-defined lists. The system can be used to detect various types of malicious activity, including malware,...

SSON/Passthrough authentication not working with Edge browser

User tries to logon to MS Edge browser via SSON User is prompted to enter username and password instead of getting logged in automatically with SSON as expected...

Design/Logic Flaw

DISPUTED Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script...

CVE-2019-25031

Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...

CVE-2019-25031

Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...

Update mechanism Passwordstate compromised

Click Studios, the manufacturer of Passwordstate, has announced announced that its automatic update mechanism has been abused to offer malicious files for download. If you meet these criteria: - you are currently using version 9.1 build 9117, - Passwordstate applies updates automatically, - and t...

[SECURITY] Fedora 34 Update: clamav-0.103.2-1.fc34

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

PT-2021-19425 · Mediawiki +1 · Abusefilter Extension +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 AbuseFilter extension for MediaWiki versions through 1.35.2 Description: An issue in the AbuseFilter extension for MediaWiki improperly handled account blocks for certain automatically created MediaWiki user...

Cross-site scripting in papermerge

Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...

Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Overview Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...

FreeBSD : curl -- Automatic referer leaks credentials (b1194286-958e-11eb-9c34-080027f515ea)

Daniel Stenberg reports : libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. libcurl...

Security Updates for Microsoft Excel Products (April 2021)

The Microsoft Excel Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - Microsoft Office Remote Code Execution Vulnerability CVE-2021-28449 - Microsoft Excel Remote Code Execution Vulnerability CVE-2021-28451, CVE-2021-28454, CVE-2021-28456 Note that...

The vulnerability of the automatic email decompression mechanism of Apple Mail on Apple Mac OS operating systems allows a hacker to write arbitrary files.

The vulnerability of the Apple Mail client’s automatic decompression mechanism in Apple Mac OS operating systems is related to incorrect handling of logical operations. Exploiting this vulnerability allows a malicious actor to write arbitrary files to the /Library/Mail directory and $TMPDIR...