Security update for stunnel (moderate)

openSUSE Security Update: Security update for stunnel Announcement ID: openSUSE-SU-2021:0160-1 Rating: moderate References: 1177580 1178533 Affected Products: openSUSE Leap 15.2 An update that contains security fixes can now be installed. Description: This update for stunnel fixes the following...

Security update for viewvc (moderate)

openSUSE Security Update: Security update for viewvc Announcement ID: openSUSE-SU-2021:0145-1 Rating: moderate References: 1167974 Cross-References: CVE-2020-5283 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes one vulnerability is now available. Description: This update for...

VulnCheck KEV: CVE-2020-11022

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

Security update for viewvc (moderate)

openSUSE Security Update: Security update for viewvc Announcement ID: openSUSE-SU-2021:0123-1 Rating: moderate References: 1167974 Cross-References: CVE-2020-5283 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for viewvc fix...

Security update for rpmlint (moderate)

openSUSE Security Update: Security update for rpmlint Announcement ID: openSUSE-SU-2021:0045-1 Rating: moderate References: 1169614 Affected Products: openSUSE Leap 15.1 An update that contains security fixes can now be installed. Description: This update for rpmlint fixes the following issues: -...

iBall-Baton WRA150N File Disclosure

Exploit Title: iBall-Baton WRA150N Rom-0 Backup - File Disclosure Sensitive Information Date: 07/01/2021 Exploit Author: h4cks1n Vendor Homepage: iball.co.in Version: iBall-Baton WRA150N Tested on : Windows 7/8/8.1/10, Parrot Linux OS The iBall-Baton router version WRA150N is vulnerable to the...

Security update for openexr (moderate)

openSUSE Security Update: Security update for openexr Announcement ID: openSUSE-SU-2020:2349-1 Rating: moderate References: 1179879 Cross-References: CVE-2020-16587 CVE-2020-16588 CVE-2020-16589 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilities is now available...

Rocket.Chat: Pinning leaks message content

The message content could be improperly pinned, allowing the content to be leaked to an unauthorized client. Validation was lacking in the pinMessage method, which allowed arbitrary messages to be pinned regardless of the user's access. This permitted messages from private channels to be exposed ...

Security Bulletin: Authentication mechanism vulnerability affects IBM Connect:Direct for UNIX (CVE-2020-4747)

Summary IBM Connect:Direct for UNIX can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. Vulnerability Details CVEID: CVE-2020-4747 DESCRIPTION: IBM Connect:Direct for UNIX can allow a local or remote user to obtain an authenticated CLI...

Authentication flaw

IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. IBM X-Force ID: 188516...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2020:2229-1 Rating: important References: 1179576 Cross-References: CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042 Affected Products: openSUSE Backports SLE-15-SP1 An...

DEBIAN-CVE-2020-8908

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir. By default, on unix-like systems, the created directory i...

Information Disclosure in Apache Groovy

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the...

NewStart CGSL CORE 5.05 / MAIN 5.05 : python-twisted-web Multiple Vulnerabilities (NS-SA-2020-0118)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python-twisted-web packages installed that are affected by multiple vulnerabilities: - In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characte...

CVE-2020-17521

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the...

CVE-2020-17521

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the...

UBUNTU-CVE-2020-17521

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the...

Protect Yourself from Holiday Cyber Threats – Ask the Howlers, Episode 16 Highlights

In episode 16 of “Ask the Howlers,” host Stacia Tympanick, senior solution engineer, met up with Ryan Hendricks, staff architect and manager, to discuss the latest topics concerning cybersecurity impacting the online holiday shopping season. Check out some highlights from the discussion and gain...

Apache Groovy 安全漏洞

Apache Groovy is the United States Apache Apache Software Foundation of a Java-based platform for object-oriented programming language, which combines many powerful features of Python, Ruby and Smalltalk. A resource management error vulnerability exists in the Apache Groovy provides product that...

Security update for minidlna (moderate)

openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2194-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available. Description: This...