TIBCO Security Advisory: January 12, 2021 - TIBCO EBXAdd-ons

TIBCO EBX EXML External Entity Original release date: January 12, 2021 Last revised: CVE-2020-27148 Source: TIBCO SoftwareInc. TIBCO EBX EXML External Entity Original release date: January 12, 2021 Last revised: --- Source: TIBCO Software Inc. Systems Affected TIBCO EBX Add-ons versions 4.4.2 and...

TIBCO Security Advisory: January 12, 2021 - TIBCO EBXAdd-ons

TIBCO EBX EXML External Entity Original release date: January 12, 2021 Last revised: CVE-2020-27148 Source: TIBCO SoftwareInc. TIBCO EBX EXML External Entity Original release date: January 12, 2021 Last revised: --- Source: TIBCO Software Inc. Systems Affected TIBCO EBX Add-ons versions 4.4.2 and...

Medium: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with networ...

thrift: Endless loop when feed with specific input data

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

...

DEBIAN-CVE-2020-8169

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS servers...

ALPINE-CVE-2020-8169

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS servers...

CVE-2020-8169

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS servers...

Limit Login Attempts Reloaded < 2.16.0 - Authenticated Reflected Cross-Site Scripting

The plugin does not properly sanitise user input in its options page, which could allow attackers to perform XSS attacks against logged in administrator by making them open a malicious URL The issue was partially fixed in 2.15.1, and fully remediated in 2.16.0 PoC...

PT-2020-17111 · Unknown · Car Rental Management System

Name of the Vulnerable Software and Affected Versions: Car Rental Management System version 1.0 Description: An issue was discovered in the Car Rental Management System where an unauthenticated user can perform a file inclusion attack against the "/index.php" file with a partial filename in the...

ALPINE-CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

Format string

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

UBUNTU-CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

Broken Authentication Protocol

tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation...

Huawei FusionCompute Encryption Issue Vulnerability

Huawei FusionCompute is a software for virtualization support from Huawei, a Chinese company. The software is a virtualization engine that provides virtualization support for cloud hosts. A security vulnerability exists in FusionCompute version 8.0.0, which can be exploited by an attacker with...

DEBIAN-CVE-2020-25658

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA...

CVE-2020-25658

A flaw was found in python-rsa, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality...

Unspecified Vulnerability in Oracle Hyperion Analytic Provider Services Smart View Provider

Oracle Hyperion Analytic Provider Services is a set of financial modeling applications from Oracle Oracle. The software provides financial settlement, report production and other functions. A security vulnerability exists in Oracle Hyperion Analytic Provider Services Smart View Provider version...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).

...