Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-2136)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2019-4663 · Todd Miller +4 · Sudo +4

Name of the Vulnerable Software and Affected Versions: Sudo versions 1.8.29 and earlier Description: The issue is related to improper access control in Sudo, allowing an attacker with access to a Runas ALL sudoer account to impersonate any blocked user. This is because the fact that a user has be...

Hundreds of counterfeit online shoe stores injected with credit card skimmer

There's a well-worn saying in security: "If it's too good to be true, then it probably isn't." This can easily be applied to the myriad of online stores that sell counterfeit goods—and now attract secondary fraud in the form of a credit card skimmer. Allured by great deals on brand names, many...

EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-2410)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow...

OMRON CX-Supervisor Vulnerable Third-Party Component Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Teamviewer tha...

Fronius Solar Inverter Series Insecure Communication / Path Traversal

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilites product: Fronius Solar Inverter Series vulnerable version: SW Version =3.14.1 vuln 2: 3.12.5 - HM 1.10.5, see solution section below CVE number:...

CVE-2015-7542

A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates...

DEBIAN-CVE-2015-7542

A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates...

Design/Logic Flaw

A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates...

UBUNTU-CVE-2015-7542

A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates...

CVE-2015-7542

CVE-2015-7542 affects libgwenhywfar up to version 4.12.0, caused by the use of outdated bundled CA certificates. Multiple sources (NVD entry and downstream advisories) confirm the vulnerability exists due to trust store handling in the library. Exploitation details are not provided in the documen...

CVE-2015-7542

A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates...

Visual Studio 2008 - XML External Entity Injection

Visual Studio 2008 - XML External Entity Injection Exploit Title: Visual Studio 2008 - XML External Entity Injection Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.microsoft.com Software Link: Visual Studio 2008 Express IDE Tested Version: 2008 CVE: N/A + Credits: John Page aka...

Using JS libraries with known security vulnerabilities

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries Bootstrap, jquery, Knockout with known security vulnerabilities...

Hackers Breach ZoneAlarm's Forum Site — Outdated vBulletin to Blame

ZoneAlarm, an internet security software company owned by Israeli cybersecurity firm Check Point Technologies, has suffered a data breach exposing data of its discussion forum users, the company confirmed The Hacker News. With nearly 100 million downloads, ZoneAlarm offers antivirus software,...

Design/Logic Flaw

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component...

Design/Logic Flaw

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries Bootstrap, jquery, Knockout with known security vulnerabilities...

Schneider Electric Modicon M580 outdated firmware image FTP upgrade denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the FTP firmware update functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. An outdated firmware image can cause the device to enter a non-recoverable fault state,...

CVE-2019-12157

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands...

Outdated Static Dependency

Overview Versions of ses prior to 0.6.3 contain an Outdated Static Dependency. The package relies on realms-shim and has it loaded statically instead of as a dependency that can be updated. The version of realms-shim it has contains multiple critical Sandbox Breakout vulnerabilities. Recommendati...