D-Link DAP-2610 Router login Incorrect Comparison Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the lack of proper...

DEBIAN-CVE-2020-7942

Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a...

Default credentials

Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a...

CVE-2020-7942

Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a...

CVE-2020-7942

CVE-2020-7942 concerns Puppet’s certificate-based access model. The issue arises when a node’s catalog can be retrieved for another node by altering facts during a run, potentially exposing information if a certificate is compromised. Affected are Puppet 6.x before 6.13.0, Puppet Agent 6.x before...

CVE-2020-4204

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960...

CVE-2020-4204

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960...

Buffer overflow

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960...

XenMobile LDAP Settings: Bad Request

When attempting to configure an LDAP server in XenMobile, "Bad Request" is shown in the web console. LDAP connection is attempted on port 389 plain text. Ping to the LDAP server is successful. Connection is successful. XenMobile Debug Logs show the following: 2018-05-18T13:09:08.526+0000 | | INFO...

puppet6 -- Arbitrary Catalog Retrieval

Puppetlabs reports: Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog ca...

openSUSE Security Update : ceph (openSUSE-2020-187)

This update for ceph fixes the following issues : - CVE-2020-1700: Fixed a denial of service against the RGW server via connection leakage bsc1161312. - CVE-2020-1699: Fixed a information disclosure by improper URL checking bsc1161074. This update was imported from the SUSE:SLE-15-SP1:Update upda...

FockCache - Minimalized Test Cache Poisoning

FockCache - Minimalized Test Cache Poisoning Detail For Cache Poisoning : https://portswigger.net/research/practical-web-cache-poisoning FockCache FockCache tries to make cache poisoning by trying X-Forwarded-Host and X-Forwarded-Scheme headers on web pages. After successful result, it gives you ...

Security update for ceph (moderate)

openSUSE Security Update: Security update for ceph Announcement ID: openSUSE-SU-2020:0187-1 Rating: moderate References: 1161074 1161312 Cross-References: CVE-2020-1699 CVE-2020-1700 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available. Description: This...

CVE-2020-5208

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged...

CVE-2020-5208

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged...

Security Bulletin: Permission checking vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1326)

Summary IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. Vulnerability Details CVEID: CVE-2017-1326 DESCRIPTION: IBM Sterling File...

clamav -- Denial-of-Service (DoS) vulnerability

Micah Snyder reports: A denial-of-service DoS condition may occur when using the optional credit card data-loss-prevention DLP feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash...

CVE-2011-4937

Joomla! 1.7.1 has core information disclosure due to inadequate error checking...

Information disclosure

Joomla! 1.7.1 has core information disclosure due to inadequate error checking...

CVE-2011-4937

Joomla! 1.7.1 has core information disclosure due to inadequate error checking...