Oracle Linux 8 : vim (ELSA-2020-4453)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4453 advisory. - 1842755 - CVE-2019-20807 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not test...

CVE-2020-27693

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 stores administrative passwords using a hash that is considered outdated...

CVE-2020-27693

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 stores administrative passwords using a hash that is considered outdated...

Design/Logic Flaw

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 stores administrative passwords using a hash that is considered outdated...

Ubuntu: Security Advisory (USN-4608-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

npm: sensitive information exposure through logs

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...

Default configuration

Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration...

CVE-2020-2286

Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration...

CVE-2020-2286

Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration...

PT-2020-15516 · Jenkins · Jenkins Role-Based Authorization Strategy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Role-based Authorization Strategy Plugin versions 3.0 and earlier Description: The issue arises from the improper invalidation of a permission cache when the configuration is changed, resulting in permissions being granted based on an...

Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack

Boom! Mobile’s U.S. website recently fell victim to an e-commerce attack, putting online shoppers in danger of payment-card theft, researchers said. Boom! is a wireless provider that resells mobile phone plans from Verizon, AT&T and T-Mobile USA, under its own brand and with its own perks the...

PT-2020-6456 · Pulse · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R8.2 Description: The issue is related to the Pulse Connect Secure admin web interface, where an authenticated attacker could potentially upload a custom template to execute arbitrary code. This is du...

GHSA-VP9C-FPXX-744V personnummer/ruby vulnerable to Improper Input Validation

This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity. Impact This vulnerability impacts...

CVE-2020-13284

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token...

CVE-2020-13284

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token...

UBUNTU-CVE-2020-13284

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token...

Authorization

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token...

CVE-2020-13284

GitLab CVE-2020-13284 affects GitLab versions prior to 13.1.10, 13.2.8, and 13.3.4, where API authorization could be compromised via an outdated CI job token. The connected sources confirm the affected branches and the specific vulnerable component (CI/job token handling) but do not provide attac...

CVE-2020-13284

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token...

OPENSUSE-SU-2020:1354-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the pharparsezipfile function bsc1175223. - Do not install outdated README.SUSE bsc1174010. - Added tmpfiles.d for php-fpm to provide a base for a socket bsc1173786. This update was imported from the...