wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...

PT-2020-12191 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.8.x through 12.8.5 Description: The issue allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address when sign-up is enabled. Recommendations: For GitLab...

CVE-2019-19282

A vulnerability has been identified in OpenPCS 7 V8.1 All versions, OpenPCS 7 V8.2 All versions, OpenPCS 7 V9.0 All versions V9.0 Upd3, SIMATIC BATCH V8.1 All versions, SIMATIC BATCH V8.2 All versions V8.2 Upd12, SIMATIC BATCH V9.0 All versions V9.0 SP1 Upd5, SIMATIC NET PC Software V14 All...

Improper access control

Compromised reset handler may bypass access control due to AC config is being reset if debug path is enabled to collect secure or non-secure ram dumps in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

PT-2020-19795

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite ZCS versions prior to 8.8.15 Patch 7 Description The software is susceptible to a Server-Side Request Forgery SSRF attack when the WebEx zimlet is installed and the zimlet JSP is enabled. A recent surge in the...

sudo: Stack based buffer overflow when pwfeedback is enabled

A flaw was found in the Sudo application when the ’pwfeedback' option is set to true on the sudoers file. An authenticated user can use this vulnerability to trigger a stack-based buffer overflow under certain conditions even without Sudo privileges. The buffer overflow may allow an attacker to...

Exploit for Out-of-bounds Write in Sudo_Project Sudo

CVE-2019-18634 :warning: This code has only been tested on...

[SECURITY] Fedora 30 Update: nss-3.49.0-1.fc30

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

UBUNTU-CVE-2019-18634

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist on...

DEBIAN-CVE-2019-18634

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist on...

CVE-2019-5145

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open t...

ThinkPHP Arbitrary File Creation and Deletion Vulnerability

ThinkPHP is a lightweight homegrown PHP development framework created to simplify enterprise-level application development and agile WEB application development. ThinkPHP has an arbitrary file creation and deletion vulnerability, which can be exploited by attackers to create arbitrary files and...

Fedora Update for knot-resolver FEDORA-2019-866dc03603

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

UBUNTU-CVE-2019-13465

An issue was discovered in the ROS communications-related packages aka roscomm or ros-melodic-ros-comm through 1.14.3. ROSASSERTMSG only works when ROSASSERTENABLED is defined. This leads to a problem in the remove function in clients/roscpp/src/libros/spinner.cpp. When ROSASSERTENABLED is not...

CVE-2019-19983

In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocityminfiles action...

The vulnerability of the xpack.security.audit.enabled component of the Kibana data visualization service allows a perpetrator to execute arbitrary commands.

The vulnerability of the xpack.security.audit.enabled component of the Kibana data visualization service is related to insufficient validation of arguments passed to commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

CVE-2017-18107

Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery CSRF vulnerability. Please be aware that the Demo application is not enabled by default...

[SECURITY] Fedora 30 Update: knot-resolver-4.3.0-1.fc30

The Knot Resolver is a DNSSEC-enabled caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is...

[SECURITY] Fedora 31 Update: knot-resolver-4.3.0-1.fc31

The Knot Resolver is a DNSSEC-enabled caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is...

[SECURITY] Fedora 31 Update: nss-3.47.1-1.fc31

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...