CVE-2020-4778

IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156...

CVE-2017-15906

creationtimestamp| type| source ---|---|--- 2020-10-09 15:58:22+00:00| seen| MISP/babf4434-8d64-443a-82c2-48f271a78fec 2024-07-01 14:30:24+00:00| seen| Telegram/2G0LL9YDDO0dQKSo5p4zQWAL-pbipATIxiBPSKqKsYKP6RG0 2024-07-01 14:33:02+00:00| seen| Telegram/w0w9iKcyXi70OnNrtP96yLy6sw-7f3qLcDmBnN0l3Dtxq...

Server-side Request Forgery (SSRF)

phantomjs-seo is vulnerable to server-side request forgery SSRF. An attacker is able to submit requests on behalf of the PhantomJS instance...

PYSEC-2020-158

In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a .data suffix and which are accompanied by a JSON file with the .meta suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of...

kernel: use-after-free in sound/core/timer.c

A memory flaw was found in the ALSA subsystem of the Linux kernel. The struct sndtimerinstance function fails the timer-maxinstances check leading to an invalid address. This could lead to a use-after-free vulnerability...

kernel: use-after-free in sound/core/timer.c

A memory flaw was found in the ALSA subsystem of the Linux kernel. The struct sndtimerinstance function fails the timer-maxinstances check leading to an invalid address. This could lead to a use-after-free vulnerability...

Potential DoS with NumberFilter conversion to integer values.

Impact Automatically generated NumberFilter instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Patches Version 2.4.0+ applies a MaxValueValidator with a a default limitvalue of...

HTTP Request Smuggling

squid3 is vulnerable to HTTP request smuggling. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches between a client and Squid with attacker-controlled content ...

CVE-2020-0287

creationtimestamp| type| source ---|---|--- 2020-09-18 00:55:14+00:00| seen| https://t.me/cibsecurity/14748...

Security update for docker-distribution (moderate)

openSUSE Security Update: Security update for docker-distribution Announcement ID: openSUSE-SU-2020:1433-1 Rating: moderate References: 1033172 1049850 Cross-References: CVE-2017-11468 Affected Products: openSUSE Backports SLE-15-SP2 An update that solves one vulnerability and has one errata is n...

Vulnerability fixed in XWiki

The developers of XWiki have fixed a vulnerability. A malicious person with SCRIPT privileges could exploit the vulnerability to gain access to the server's Instance Manager and thereby create arbitrary Java objects. The developers have released updates to fix the vulnerability fix in XWiki 12.2....

openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML

An information disclosure flaw was found in the live migration feature of OpenStack Nova. A user may gain access to destination host devices with the same path as those on the source host. This flaw allows an attacker to perform a soft reboot of an instance that has previously undergone live...

Autovpn - Create On Demand Disposable OpenVPN Endpoints On AWS

Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done with a single command takes 3 minutes. It will create the proper security groups. It spins up a tagged ec2 instance and configures OpenVPN software. Once instance is configured an OpenVPN...

Design/Logic Flaw

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths ...

8x8: Default Creds Spring Boot Admin

An instance hosting Spring Boot Admin was left exposed with default credentials set...

Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28

Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted...

CVE-2020-14334

A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance...

kernel: use-after-free in sound/core/timer.c

A memory flaw was found in the ALSA subsystem of the Linux kernel. The struct sndtimerinstance function fails the timer-maxinstances check leading to an invalid address. This could lead to a use-after-free vulnerability...

CVE-2020-3442

The DuoConnect client enables users to establish SSH connections to hosts protected by a DNG instance. When a user initiates an SSH connection to a DNG-protected host for the first time using DuoConnect, the user’s browser is opened to a login screen in order to complete authentication determined...

Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry(CVE-2015-7548, CVE-2015-8749 CVE-2015-1850)

Summary IBM SmartClound Entry is vulnerable to several Openstack Nova vulerabilities, which could allow a local authenticated attacker or a remote attacker to obtain sensitive information Vulnerability Details CVEID: CVE-2015-8749 DESCRIPTION: OpenStack Nova could allow a remote attacker to obtai...