GHSA-V2JQ-9475-R5G8 Cross-Site Scripting in bootstrap-tagsinput

All versions of bootstrap-tagsinput are vulnerable to cross-site scripting when user input is passed into the itemTitle parameter unmodified, as the package fails to properly sanitize or encode user input for that parameter. Recommendation This package is not actively maintained, and has not seen...

GHSA-82MG-X548-GQ3J LDAP Injection in ldapauth

Versions 2.2.4 and earlier of ldapauth-fork are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter. Recommendation ldapauth is not actively maintained, having not seen a publish since 2014. As a result, there i...

group-lunches (>=0.0.2 <=0.0.10), lets-chat-ldap (>=0.1.0 <=0.4.0) +5 more potentially affected by CVE-2015-7294 via ldapauth-fork (=2.2.19)

ldapauth-fork NPM version =2.2.19 is affected by a known vulnerability. The following packages have a transitive dependency on ldapauth-fork and may be impacted: - group-lunches =0.0.2, =0.1.0, =0.0.2, =0.1.0, =0.0.0, =0.0.1 Source cves: CVE-2015-7294 Source advisory: OSV:GHSA-82MG-X548-GQ3J...

LDAP Injection in ldapauth

Versions 2.2.4 and earlier of ldapauth-fork are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter. Recommendation ldapauth is not actively maintained, having not seen a publish since 2014. As a result, there i...

Linux CoW Incorrect Access Grant Exploit

A Linux copy-on-write issue can wrongly grant write access. Linux: CoW can wrongly grant write access because of pinned references or THP bug I've stumbled over two ways in which copy-on-write of anonymous memory after fork is currently broken: Page references through the page refcount and a bug ...

Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop

Summary There are multiple vulnerabilities in the OpenSSL library used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated...

OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Amazon Linux 2 : openssl11 (ALAS-2020-1456)

The version of openssl11 installed on the remote host is prior to 1.1.1c-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1456 advisory. In situations where an attacker receives automated notification of the success or failure of a decryption attempt an...

OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

RUSTSEC-2020-0168 mach is unmaintained

Last release was almost 4 years ago. Maintainers seem to be completely unreachable. Possible Alternatives These may or may not be suitable alternatives and have not been vetted in any way; - mach2 - direct fork...

[SECURITY] Fedora 32 Update: python-pillow-7.0.0-4.fc32

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...

CVE-2020-13270

Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API...

Design/Logic Flaw

Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API...

CVE-2020-13270

Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API...

UBUNTU-CVE-2020-13270

Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API...

CVE-2020-13270

CVE-2020-13270 affects GitLab Community and Enterprise Editions (CE/EE) from 11.3 up to 13.0.1, due to a missing permission check when creating fork relations. The underlying issue allows guest users to create fork relationships on restricted public projects via the API. The available sources con...

CVE-2020-13270

Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API...

CVE-2020-13270

Removed by vendor...

PT-2020-13411 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.3 through 13.0.1 Description: A missing permission check on fork relation creation in GitLab CE/EE allows guest users to create a fork relation on restricted public projects via the API. Recommendations: For GitLab...

USN-4376-1 openssl vulnerabilities

Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys...