167 matches found
Medium: bash
Issue Overview: rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell. CVE-2019-9924 Affected Packages: bash Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...
Eclipse Jetty Privilege Escalation Vulnerability - Linux
Eclipse Jetty is prone to a privilege escalation vulnerability through a local temp directory. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Discourse < 2.6.0.beta2 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
com.hotels.styx:styx-api-testsupport (>=0.0.1.beta6 <=v0.0.5), com.hotels.styx:styx-backend-provider (>=0.0.1.beta6 <=v0.0.5) +11 more potentially affected by CVE-2020-6858 via com.hotels.styx:styx-api (>=styx-1.0.0.beta2 <=0.7.9)
com.hotels.styx:styx-api MAVEN version =styx-1.0.0.beta2, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =0.0.1.beta6, =v0.0.5 Source cves: CVE-2020-6858 Source advisory:...
bootstrap: XSS in the data-target attribute
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...
ISC Kea DHCP Input Validation Error Vulnerability
ISC Kea DHCP is an open source DHCP Dynamic Host Configuration Protocol server from ISC. An input validation error vulnerability exists in ISC Kea DHCP versions 1.4.0 through 1.5.0, 1.6.0-beta1 and 1.6.0-beta2. The vulnerability arises from the network system or product not properly validating...
CVE-2019-6474
A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...
CVE-2019-6472
A packet containing a malformed DUID can cause the Kea DHCPv6 server process kea-dhcp6 to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...
DEBIAN-CVE-2019-6472
A packet containing a malformed DUID can cause the Kea DHCPv6 server process kea-dhcp6 to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...
ALPINE-CVE-2019-6473
An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process kea-dhcp4, causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...
Design/Logic Flaw
A packet containing a malformed DUID can cause the Kea DHCPv6 server process kea-dhcp6 to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...
CVE-2019-6474
A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...
CVE-2019-6473
CVE-2019-6473 affects the Kea DHCPv4 server (kea-dhcp4). The root cause is an invalid hostname option that triggers an assertion failure, causing the server process to exit. Affected versions are 1.4.0–1.5.0 and 1.6.0-beta1/beta2. Multiple connected advisories summarize this as a remote issue tha...
CVE-2019-6474
A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...
ISC Kea CVE-2019-6472 Denial of Service Vulnerability
Description ISC Kea is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Kea 1.4.0 through 1.5.0, 1.6.0-beta1, and 1.6.0-beta2 are vulnerable. Technologies Affected ISC Kea 1.4.0 ISC Kea 1.5.0 ISC Kea 1.6.0-beta1 ISC Kea...
UBUNTU-CVE-2019-6473
An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process kea-dhcp4, causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...
Discourse < 2.4.0.beta2 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities including XSS and SQL injection flaws. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
EulerOS 2.0 SP3 : bash (EulerOS-SA-2019-1564)
According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the...
Design/Logic Flaw
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell...
CVE-2019-9924
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell...