4367 matches found
Sensitive Data Exposure
Overview Affected versions of npm-registry-fetch are vulnerable to an information exposure vulnerability through log files. The package supports URLs like ://:@::/. The password value is not redacted and is printed to stdout and also to any generated log files. Recommendation Upgrade to version...
Sensitive information exposure through logs in npm-registry-fetch
Affected versions of npm-registry-fetch are vulnerable to an information exposure vulnerability through log files. The cli supports URLs like ://:@::/. The password value is not redacted and is printed to stdout and also to any generated log files...
GHSA-JMQM-F2GX-4FJV Sensitive information exposure through logs in npm-registry-fetch
Affected versions of npm-registry-fetch are vulnerable to an information exposure vulnerability through log files. The cli supports URLs like ://:@::/. The password value is not redacted and is printed to stdout and also to any generated log files...
CVE-2020-5909
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface UI to fetch the agent installer, the server TLS certificate is not verified...
CVE-2020-14056
Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services...
Server side request forgery (ssrf)
Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services...
CVE-2020-14056
Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services...
CVE-2020-14056
Monsta FTP 2.10.1 or earlier versions are affected by CVE-2020-14056, a server-side request forgery (SSRF) vulnerability stemming from insufficient restrictions on the web fetch functionality. This allows an attacker to read arbitrary local files and interact with arbitrary third-party services. ...
CentOS 6 : bind (RHSA-2020:2383)
The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2383 advisory. - A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can,...
DEBIAN-CVE-2020-10703
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools li...
MGASA-2020-0217 Updated ansible packages fix security vulnerabilities
Updated ansible package fixes security vulnerabilities: A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with...
CVE-2020-8616
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral...
USN-4365-1 bind9 vulnerabilities
Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. CVE-2020-8616 Tobias...
The vulnerabilities of the functions Version.fetch_binary() and Version.fetch_source() in the python-apt package installation module allow a attacker to compromise data integrity.
The vulnerability of the Version.fetchbinary and Version.fetchsource functions in the python-apt package installation module is related to the improper verification of the MD5 hash sum only for the uploaded files. Exploiting this vulnerability could allow a remote attacker to compromise data...
The vulnerabilities of the functions Version.fetch_binary() and Version.fetch_source() in the python-apt package installation module allow a attacker to compromise data integrity.
The vulnerability of the Version.fetchbinary and Version.fetchsource functions in the python-apt package installation module is related to an error in downloading files from repositories that do not have a signature. Exploiting this vulnerability could allow a remote attacker to compromise data...
CVE-2020-12652
The mptctlioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security...
DEBIAN-CVE-2020-12652
The mptctlioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security...
CVE-2020-12652
The mptctlioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security...
UBUNTU-CVE-2020-12652
The mptctlioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security...
Race condition
The mptctlioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security...