Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : ca-certificates update (USN-4719-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4719-1 advisory. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the...

USN-4719-1 ca-certificates update

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.46 version of the Mozilla certificate authority bundle...

WordPress Super Forms Bundle premium plugin <= 4.9.700 - Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability

Arbitrary File Upload leading to Remote Code Execution RCE vulnerability found by ABDO10 in WordPress Super Forms Bundle premium plugin versions = 4.9.700. Solution Update the WordPress Super Forms Bundle premium plugin to the latest available version at least 4.9.703...

CVE-2020-14191

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4...

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66106)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in the Microsoft Windows/Windows Server bundle filter driver...

USN-4608-1 ca-certificates update

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.44 version of the Mozilla certificate authority bundle...

Low: Red Hat Security Advisory: OpenShift Virtualization 2.4.2 Images

Red Hat OpenShift Virtualization release 2.4.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a...

DEBIAN-CVE-2016-11086

lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information...

UBUNTU-CVE-2016-11086

lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information...

Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities

Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the...

OPENSUSE-SU-2020:1509-1 Recommended update for otrs

Otrs was updated to 5.0.42, fixing lots of bugs and security issues: https://community.otrs.com/otrs-community-edition-5s-patch-level-42/ - CVE-2020-1773 boo1168029 OSA-2020-10: Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset tokens,...

Report: Pandemic caused significant shift in buyer appetite in the dark web

Last year, credentials for PayPal, Facebook, and Airbnb were among the top goods on high demand in the dark web, aka the Internets underground market. But due to the COVID-19 outbreak, with most of the worldwide population sheltering, working, and studying indoors, many facets of life have made a...

OS Command Injection in adrieankhisbe/bundle-phobia-cli

Description BundlePhobia is a tool to help you find the cost of adding a npm package to your bundle. It enables you to query package sizes. The npm-utils.js has a unsanitized exec function which leads to Arbitrary code execution Proof-of-concept const util = require'./npm-utils.js'; let a =...

Sylius Injection Vulnerability (CNVD-2020-49008)

Sylius is a Polish company Sylius set of open source e-commerce platform based on the Symfony framework . An injection vulnerability exists in Sylius ResourceBundle, which stems from the program's failure to properly handle request parameters. An attacker can exploit the vulnerability to execute...

Remote Code Execution (RCE)

sylius/resource-bundle is vulnerable to remote code execution RCE. The vulnerability exists as it does not sanitize the value of $variable in ParametersParser.php...

Remote Code Execution (RCE)

sylius/resource-bundle is vulnerable to remote code execution RCE. The vulnerability exists as the value of $variable in OptionsParser.php is not sanitized...

TikTok Surreptitiously Collected Android User Data Using Google-Prohibited Tactic

TikTok has been collecting unique identifiers from millions of Android devices without their users’ knowledge using a tactic previously prohibited by Google because it violated people’s privacy, new research has found. Click to register! The app concealed the practice, which can track users onlin...

Learn Machine Learning and AI – Online Training Program @ 93% OFF

Within the next decade, artificial intelligence is likely to play a significant role in our everyday lives. Machine learning already powers image recognition, self-driving cars, and Netflix recommendations. For any aspiring developer, learning how to code smart software is a good move. These skil...

Intellian / Sea Tel / SAILOR VSAT / RedPort maritime Exploit Pack

ever wondered how can someone hack into a ship/vessel/carrier/yacht? well here is the bundle targeting 3 major companies specialized in maritime satellite networks. in this bundle you get Intellian 3 root backdoors seatel 1 DOS sailor 2 sensitive information disclosure redport 1 admin busybox RCE...

CompTIA Certification Prep Courses – Get Lifetime Access @ 98% Discount

In the world of professional IT, recruiters look for certificates as an important criterion for eligibility and assessing skills. Any IT professional with résumé that includes CompTIA certificates tends to rise up the pile. Of course, there are many different CompTIA exams you can choose from bas...