Fedora: Security Advisory for ksh (FEDORA-2020-d940aca772)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-8612

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...

Agente - Distributed Simple And Robust Release Management And Monitoring System

Distributed simple and robust release management and monitoring system. This project on going work. Road map Core system First worker agent Management dashboard Jenkins vs CI tool extensions Management dashboard First master agent All relevant third-party system integrations version control, CI,...

exploit-database

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains exploits, shellcodes, and papers for various vulnerabilities in different software and systems. The exploits are categorized by operating system, software, and vulnerability...

UBUNTU-CVE-2015-5741

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...

CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...

Iranian Hackers Target U.S. Gov. Vendor With Malware

Iran-linked threat actor APT34 has been observed sending targeted, malicious email attachments to customers and employees of a company that works closely with U.S. government agencies. The company in question is U.S.-based Westat, a professional services company that provides research services to...

UBUNTU-CVE-2020-7955

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3...

FreeBSD : pkg -- vulnerability in libfetch (2af10639-4299-11ea-aab1-98fa9bfec35a)

A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch3 buffers. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacqu...

bsdcpio, bsdtar, libarchive security update

CentOS Errata and Security Advisory CESA-2020:0203 An update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

pkg -- vulnerability in libfetch

A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch3 buffers...

FreeBSD -- libfetch buffer overflow

Problem Description: A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch3 buffers. Impact: An attacker in control of the URL to be fetched possibly via HTTP redirect may cause a heap buffer overflow, resulting in program...

CVE-2019-16029

A vulnerability in the application programming interface API of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service DoS condition of the web interface. The...

Design/Logic Flaw

A vulnerability in the out of band OOB management interface IP table rule programming for Cisco Application Policy Infrastructure Controller APIC could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB...

CVE-2020-3139 Cisco Application Policy Infrastructure Controller Out Of Band Management IP Tables Bypass Vulnerability

A vulnerability in the out of band OOB management interface IP table rule programming for Cisco Application Policy Infrastructure Controller APIC could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB...

CVE-2020-3139

Cisco APIC exposes a vulnerability in the OOB management IP tables where a programming logic error in specific IP-table entries causes certain IP ports to be permitted when they should be dropped. An unauthenticated, remote attacker can send traffic to the OOB interface to bypass configured deny ...

CVE-2019-16513

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. CSRF can be used to send API requests...

CVE-2019-16517

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative...

Debian DLA-2057-1 : pillow security update

It was discovered that there were three vulnerabilities in Pillow, an imaging library for the Python programming language : - CVE-2019-19911: Prevent a denial of service vulnerability caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is...

CVE-2019-12837

The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints...