golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

[SECURITY] Fedora 33 Update: golang-1.15.5-1.fc33

The Go Programming Language...

Cisco IoT Field Network Director File Overwrite Vulnerability

Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. A file overwrite vulnerability exists in Cisco IoT Field Network Director versions prior to 4.6.1. The vulnerability stems from inadequate file system protection. An attacker can exploit the...

Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability

Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. A SOAP API authorization bypass vulnerability exists in Cisco IoT Field Network Director versions prior to 4.6.1. The vulnerability stems from insufficient authorization of the SOAP API. An attack...

Cisco IoT Field Network Director Access Control Error Vulnerability

Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. An access control error vulnerability exists in Cisco IoT Field Network Director versions prior to 4.6.1. An attacker could exploit this vulnerability by sending an API request that changes the...

CVE-2020-27126

A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface API within Cisco Webex Meetings. An attacker...

CVE-2020-26078

A vulnerability in the file system of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API request...

python, tkinter security update

CentOS Errata and Security Advisory CESA-2020:5009 An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2020-28362

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service...

Cisco IoT Field Network Director 访问控制错误漏洞

Cisco IoT Field Network Director IoT-FND is an end-to-end IoT management system from Cisco USA. The system features device management, asset tracking and smart metering. A security vulnerability exists in Cisco IoT Field Network Director FND that stems from affected software not properly validati...

CVE-2020-26552

An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access...

CVE-2020-27128

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by...

Cisco Integrated Management Controller Authorization Bypass Vulnerability

The Cisco Integrated Management Controller IMC is a baseboard management controller that provides embedded server management for Cisco UCS C-Series rackmount servers and Cisco S-Series storage servers. An authorization bypass vulnerability exists in the API endpoints of Cisco Integrated Managemen...

Cisco SD-WAN vManage Directory Traversal Vulnerability

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. A directory traversal vulnerability exists in the application data endpoint of Cisco SD-WAN vManage. The vulnerability stems from improper validation of directory traversal character...

Moderate: Red Hat Security Advisory: python38:3.8 security, bug fix, and enhancement update

An update for the python38:3.8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

PT-2020-4665 · Cisco · Cisco Integrated Management Controller

Name of the Vulnerable Software and Affected Versions: Cisco Integrated Management Controller affected versions not specified Description: A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take...

go-toolset:rhel8 bug fix and enhancement update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

python38:3.8 security, bug fix, and enhancement update

An update is available for python-psycopg2, python-urllib3, PyYAML, python-jinja2, python-requests, modwsgi, python-asn1crypto, python3x-pip, python-chardet, python-markupsafe, Cython, python-psutil, babel, python-wheel, python-pysocks, python-pycparser, python3x-setuptools, python-cffi, pytz,...

CVE-2020-16257

Winston 1.5.4 devices are vulnerable to command injection via the API...

Fedora: Security Advisory for ruby (FEDORA-2020-fe2a7d7390)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...