Fedora: Security Advisory for lua (FEDORA-2020-38e35de8aa)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: golang-1.15.1-1.fc33

The Go Programming Language...

[SECURITY] Fedora 33 Update: lua-5.4.0-7.fc33

Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...

Serverless at the Edge: Enabling Magical Unicorns

Before we dive straight into the magical unicorn from heaven that is serverless computing embedded within the CDN edge a direct customer quote that I want on a team T-shirt soon, let's first level-set on some basic concepts of computing. In the context of web experiences, IoT device messaging, an...

Heybbs SQL Injection Vulnerability

HEYBBS micro-community is a front-end based on bootstrap+jq+css, back-end php+mysql development of micro-community program. A SQL injection vulnerability exists in the login.php file of Heybbs version 1.2. A remote attacker can exploit this vulnerability to execute arbitrary code with the help of...

FreeBSD-SA-20:27.ure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:27.ure Security Advisory The FreeBSD Project Topic: ure device driver susceptible to packet-in-packet attack Category: core Module: ure Announced: 2020-09-15...

UBUNTU-CVE-2020-13297

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint...

mysql: C API unspecified vulnerability (CPU Jan 2021)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of thi...

mysql: C API unspecified vulnerability (CPU Jan 2020)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client...

Perl DBI: Multiple vulnerabilities

Background A database access module for the Perl programming language. Description Multiple vulnerabilities have been discovered in the Perl module DBI. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...

OPENSUSE-SU-2020:1407-1 Security update for go1.14

This update for go1.14 fixes the following issues: - go1.14 was updated to version 1.14.7 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs bsc1174977. - go1.14.6 released 2020-07-16 includes fixes to the go command, the compiler, the linker, vet,...

php: NULL pointer dereference in PHP session upload progress

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.uploadprogress.cleanup is set to 0 disabled, and the file upload fails, the upload procedure would try to clean up data that does...

Fedora: Security Advisory for golang (FEDORA-2020-a55f130272)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: golang-1.14.7-1.fc32

The Go Programming Language...

LY Corporation: Use of unreleased features in programming education service (https://entry.line.me)

LINE entry is a service that provides programming education for children https://entry.line.me. Sharing creations was a feature that was previously only available to admins, and the feature was still under development before creators users were allowed to use it. The vulnerability was a case in...

Hardcodes - Find Hardcoded Strings From Source Code

hardcodes is a utility for searching strings hardcoded by developers in programs. It uses a modular tokenizer that can handle comments, any number of backslashes & nearly any syntax you throw at it. Yes, it is designed to process any syntax and following languages are officially supported: ada,...

Fedora: Security Advisory for lua (FEDORA-2020-c83556709c)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

IBM API Connect Phishing Attack Vulnerability

IBM API Connect is a comprehensive end-to-end API lifecycle solution. A phishing attack vulnerability exists in IBM API Connect 2018.4.1.0 through 2018.4.1.12, which can be exploited by an attacker to conduct a phishing attack by tricking the server into generating a user registration email...

[SECURITY] Fedora 31 Update: lua-5.3.5-8.fc31

Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...

CVE-2020-24553

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...