SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2020:3368-1)

This update for go1.15 fixes the following issues : go1.15.5 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected into c...

openSUSE Security Update : go1.15 (openSUSE-2020-2139)

This update for go1.15 fixes the following issues : - go1.15.5 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected into...

Security update for go1.15 (moderate)

openSUSE Security Update: Security update for go1.15 Announcement ID: openSUSE-SU-2020:2139-1 Rating: moderate References: 1175132 1178750 1178752 1178753 Cross-References: CVE-2020-28362 CVE-2020-28366 CVE-2020-28367 Affected Products: openSUSE Leap 15.2 An update that solves three vulnerabiliti...

openSUSE Security Update : go1.14 (openSUSE-2020-2047)

This update for go1.14 fixes the following issues : - go1.14.12 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected int...

openSUSE Security Update : go1.14 (openSUSE-2020-2067)

This update for go1.14 fixes the following issues : - go1.14.12 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected int...

Security update for go1.14 (moderate)

openSUSE Security Update: Security update for go1.14 Announcement ID: openSUSE-SU-2020:2067-1 Rating: moderate References: 1164903 1178750 1178752 1178753 Cross-References: CVE-2020-28362 CVE-2020-28366 CVE-2020-28367 Affected Products: openSUSE Leap 15.2 An update that solves three vulnerabiliti...

OPENSUSE-SU-2020:2047-1 Security update for go1.14

This update for go1.14 fixes the following issues: - go1.14.12 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 go42560 cmd/go: arbitrary code can be injected into cgo...

Security update for go1.14 (moderate)

openSUSE Security Update: Security update for go1.14 Announcement ID: openSUSE-SU-2020:2047-1 Rating: moderate References: 1164903 1178750 1178752 1178753 Cross-References: CVE-2020-28362 CVE-2020-28366 CVE-2020-28367 Affected Products: openSUSE Leap 15.1 An update that solves three vulnerabiliti...

Remote Code Execution (RCE)

enpeem is vulnerable to remote code execution. An attacker is able to inject malicious code inside a cmd command due to an unsanitized user input...

Oracle WebLogic Server Administration Console Handle RCE

This module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic's Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are known to be affected. Tested against 12.2.1.3.0...

SaltStack Salt REST API Arbitrary Command Execution Exploit

This Metasploit module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8,...

new module: perl:5.30

An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...

Exploit for CVE-2020-16898

CVE-2020-16898 CVE-2020-16898: Windows TCP/IP remote code exe...

Exploit for CVE-2020-16898

CVE-2020-16898 CVE-2020-16898: Windows TCP/IP remote code ex...

gluster-block: information disclosure through world-readable gluster-block log files

An information-disclosure flaw was found in the way that gluster-block logs the output from gluster-block CLI operations. This includes recording passwords to the cmdhistory.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The...

Huawei EulerOS: Security Advisory for perl-IPC-Cmd (EulerOS-SA-2020-2026)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.6.0 : perl-IPC-Cmd (EulerOS-SA-2020-2026)

According to the version of the perl-IPC-Cmd package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was found that perl can load modules from the current directory if not found in the module directories, via the...

openSUSE Security Update : go1.14 (openSUSE-2020-1407)

This update for go1.14 fixes the following issues : - go1.14 was updated to version 1.14.7 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs bsc1174977. - go1.14.6 released 2020-07-16 includes fixes to the go command, the compiler, the linker, vet...

ca.cmd.vwr.com Cross Site Scripting vulnerability OBB-1330562

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2020-2044

CVE-2020-2044 is an information-exposure issue in PAN-OS where an administrator password or other sensitive data can be logged in cleartext in opcmdhistory.log. Affected PAN-OS versions: 8.1.x before 8.1.16; 9.0.x before 9.0.10; 9.1.x before 9.1.3. The log file design change moves command history...