Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1935)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1907)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-24972

The Kleopatra component before 3.1.12 and before 20.07.80 for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL...

PT-2020-15872 · Gnupg +1 · Gnupg Kleopatra +1

Name of the Vulnerable Software and Affected Versions: GnuPG Kleopatra versions prior to 3.1.12 GnuPG Kleopatra versions prior to 20.07.80 Description: The issue allows remote attackers to execute arbitrary code due to the unsafe handling of command-line options when supporting openpgp4fpr: URLs...

Medium: curl

Issue Overview: This issue only affects the 'curl' command line utility. Additionally, this is only an issue when using the '-J' with the '-O' option and '-i' command line options combined. In most cases, there is nothing to gain for a local attacker here: the curl command line utility is likely...

openSUSE Security Update : nasm (openSUSE-2020-954)

This update for nasm fixes the following issues : nasm was updated to version 2.14.02. This allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes and improvements. - Fix crash due to multiple errors or warnings during the code generation pass if a list file i...

CVE-2020-8177

A flaw was found in curl. Overwriting local files is possible when using a certain combination of command line options. Requesting content from a malicious server could lead to overwriting local files with compromised files leading to unknown effects. The highest threat from this vulnerability is...

Security Bulletin: Information disclosure vulnerability in WebSphere Application Server which is shipped with Jazz for Service Management (CVE-2019-4477)

Summary There is an information disclosure in WebSphere Application Server when using Security Auditing. Vulnerability Details CVEID: CVE-2019-4477 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information,...

CVE-2020-5210

In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence...

UBUNTU-CVE-2020-5209

In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line...

CVE-2020-5209

In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2018-1377)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2019:14215-1 Security update for tar

This update for tar to version 1.27.1 fixes the following issues: tar 1.27.1 brings following changes jscECO-339 Sparse files with large data No backticks in quoting --owner and --group names and numbers Support for POSIX ACLs, extended attributes and SELinux context. Passing command line argumen...

Tachyon - Fast HTTP Dead File Finder

Tachyon is a fast web application security reconnaissance tool. It is specifically meant to crawl web application and look for left over or non-indexed files with the addition of reporting pages or scripts leaking internal data. User Requirements Linux Python 3.5.2 User Installation Install: $...

ScoutSuite - Multi-Cloud Security Auditing Tool

Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of...

CVE-2019-4477

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997...

CVE-2019-4477

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997...

Design/Logic Flaw

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997...

CVE-2019-4477

CVE-2019-4477 affects IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0. The described vulnerability is information disclosure caused by improper handling of command line options, enabling a user with audit-log access to obtain sensitive information. Connected IBM bulletins confirm the vuln...

PT-2019-17100 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 7.0 through 9.0 Description: The issue allows a user with access to audit logs to obtain sensitive information due to improper handling of command line options. Recommendations: For IBM WebSphere...