2678 matches found
Moddable SDK OS Code Issue Vulnerability
Moddable SDK is a software development kit SDK for IoT embedded software development from Moddable, Inc. in the United States. A security vulnerability exists in versions of Moddable SDK prior to OS200908, which results in a denial of service SEGV due to xObjectBindingFromExpression at...
bind: incorrect enforcement of update-policy rules of type "subdomain"
A flaw was found in bind. Updates to "Update-policy" rules of type "subdomain" are treated as if they were of type "zonesub" which allows updates to all parts of the zone along with the intended subdomain. The highest threat from this vulnerability is to data integrity...
Fedora: Security Advisory for python-PyMuPDF (FEDORA-2020-972ad7c8a8)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
jenkins-credentials-binding-plugin: improper masking of secrets
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...
jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps...
Release Information for Huawei Plug-In for Veeam Backup & Replication
Huawei Plug-In - End of Life The Huawei Plug-In for Veeam Backup & Replication reached End-of-Life on 2022-04-22 and is no longer available. Requirements Before installing Huawei Plug-In v1.0.23, ensure that you are running Veeam Backup & Replication 10.0.0.4461 or later. To check the version, op...
Google TensorFlow code issue vulnerability (CNVD-2020-54781)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Tensorflow versions prior to 2.2.1, and in version 2.3.1, which stems from the pybind11 bonding code that assumes that the arguments are tensors, which can be...
jenkins-credentials-binding-plugin: improper masking of secrets
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...
jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps...
CISA Releases Final Binding Operational Directive on Developing a Vulnerability Disclosure Policy
The Cybersecurity and Infrastructure Security Agency CISA has released Binding Operational Directive BOD 20-01, Develop and Publish a Vulnerability Disclosure Policy VDP. BOD 20-01 requires each federal agency to publish a VDP. Publication of agency VDPs will make it easier for users to report...
jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps...
jenkins-credentials-binding-plugin: improper masking of secrets
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...
SRC-2020-0024 : Microsoft SharePoint Server TOCTOU ControlParameter Binding Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the WebPartEditingSurfacePage class. The issue results from the lac...
October CMS Information Disclosure Vulnerability
October CMS is an open source content management system CMS based on PHP and Laravel web application framework. An information disclosure vulnerability exists in versions of October CMS prior to 1.0.468 that stems from the program not binding an encrypted cookie value to the cookie name of that...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps...
jenkins-credentials-binding-plugin: improper masking of secrets
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...
openSUSE Security Update : coturn (openSUSE-2020-937)
This update for coturn fixes the following issues : Version 4.5.1.3 : - Remove reference to SSLv3: ghcoturn/coturn566 - Ignore MD5 for BoringSSL: ghcoturn/coturn579 - STUN response buffer not initialized properly; he issue found and reported ghcoturn/coturn583 by Felix Drre all credits belongs to...
OPENSUSE-SU-2020:0937-1 Security update for coturn
This update for coturn fixes the following issues: Version 4.5.1.3: Remove reference to SSLv3: ghcoturn/coturn566 Ignore MD5 for BoringSSL: ghcoturn/coturn579 STUN response buffer not initialized properly; he issue found and reported ghcoturn/coturn583 by Felix D�rre all credits belongs to him...
Binding the certificate gives error "certificate is not a server certificate"
While binding the certificate you might get theerror "certificate is not a server certificate"...