📄 Craft CMS 5.0 Logic Flaw

A flaw in the Craft CMS image transform endpoint allows an unauthenticated attacker to trigger backend processing without prior authentication. While the original Metasploit module targeted remote code execution, this proof of concept does not execute code, does not write files, and does not inje...

DEBIAN-CVE-2018-7750

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as...