4991 matches found
UBUNTU-CVE-2020-12275
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API...
The Safety Boat: Kubernetes and Rust
Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...
The Safety Boat: Kubernetes and Rust
Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...
PT-2020-13088 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 12.6 through 12.9 Description: The issue allows an external user to create a personal snippet through the API, resulting in a privilege escalation. Recommendations: For GitLab versions 12.6 through 12.9, update to a version th...
python27:2.7 security, bug fix, and enhancement update
An update is available for python-pymongo, python2-rpm-macros, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-docs, python-requests, python-mock, python-ipaddress, python-funcsigs, python-py, python-chardet,...
CVE-2020-5563
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API...
Command Execution Vulnerability in WideField2
WideField2 is a PLC programming software developed by Yokogawa Electric Group. WideField2 suffers from a command execution vulnerability that can be exploited by an attacker to gain server privileges...
CVE-2019-4751
IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311...
Banking.BR Android Trojan Emerges in Credential-Stealing Attacks
A recently uncovered banking trojan aims to steal Android victims’ online banking credentials and take over their bank accounts, using “elaborate” overlay attack capabilities. The malware, dubbed “Banker.BR” by researchers with IBM X-Force, was spotted in messages targeting users in countries tha...
Bitcoin Stealers Hide in 700+ Ruby Developer Libraries
About 760 malicious libraries, bent on stealing Bitcoin, have been identified so far in the open-source Ruby programming language code base. According to Tomislav Maljic, threat analyst at ReversingLabs, cybercriminals have been using simple typosquatting to carry out their plan – which is the...
[SECURITY] [DLA 2181-1] shiro security update
Package : shiro Version : 1.2.3-1+deb8u1 CVE ID : CVE-2020-1957 Debian Bug : 955018 It was discovered that there was a path-traversal issue in Apache Shiro, a security framework for the Java programming language. A specially-crafted request could cause an authentication bypass. For Debian 8...
Broadcom CA API Developer Portal Access Bypass Vulnerability
Broadcom CA API Developer Portal is an API developer portal product of Broadcom's complete API lifecycle management solution, which provides API release control, API performance monitoring and other functions. A security vulnerability exists in Broadcom CA API Developer Portal 4.3.1 and prior...
Cisco UCS Director and Cisco UCS Director Express for Big Data Input Validation Error Vulnerability (CNVD-2020-25346)
Cisco UCS Director and Cisco UCS Director Express for Big Data are both products from Cisco, Inc. Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS. Cisco UCS Director is a heterogeneous platform for private cloud infrastructure-as-a-service IaaS. A...
Broadcom CA API Developer Portal Information Disclosure Vulnerability (CNVD-2020-25821)
Broadcom CA API Developer Portal is an API developer portal product of Broadcom's complete API lifecycle management solution, which provides API release control, API performance monitoring and other functions. An information disclosure vulnerability exists in Broadcom CA API Developer Portal 4.3....
CVE-2020-5350
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords...
SAP NetWeaver AS ABAP Cross-Site Scripting Vulnerability
SAP NetWeaver AS ABAP Business Server is an application server for ABAP Advanced Business Application Programming from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver AS ABAP Business Server Pages application CRMBSPFRAME. The vulnerability stems from a lack of proper...
Domained - Multi Tool Subdomain Enumeration
A domain name enumeration tool The tools contained in domained requires Kali Linux preferred or Debian 7+ and Recon-ng domained uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting with categorized screenshots,...
PT-2020-2597
Name of the Vulnerable Software and Affected Versions Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241 Description The issue is related to insufficient input validation in the Lightweight HTTP Server component of Oracle Java SE and Java SE Embedded. This can be exploit...
PT-2020-2600
Name of the Vulnerable Software and Affected Versions Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241 Description The issue is related to insufficient input validation in the Concurrency component of Oracle Java SE and Java SE Embedded. This can be exploited by an...
Argo Information Disclosure Vulnerability
Argo is an open source container native workflow engine. A security vulnerability exists in versions prior to Argo 1.5.0-rc1. An attacker can exploit the vulnerability by submitting a request to invoke the API to retrieve information...