CVE-2019-6486

Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service CPU consumption or possibly conduct ECDH private key recovery attacks...

Horner Automation/APG Cscape Programming Software Detection (Windows SMB Login)

SMB login-based detection of Horner Automation formerly Horner APG Cscape Programming software. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Security Advisory 0039

Security Advisory 0039 PDF Date: January 16th, 2019 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | January 16th, 2019 | Initial Release The CVE-IDs tracking this issue are CVE-2018-16873, CVE-2018-16874 and CVE-2018-16875 Description This advisory is to document the impact of...

[SECURITY] Fedora 29 Update: golang-1.11.4-1.fc29

The Go Programming Language...

[SECURITY] Fedora 28 Update: golang-1.10.7-1.fc28

The Go Programming Language...

IBM API Connect Privilege Vulnerability

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. An elevation of privilege vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.4,...

Battelle V2I Hub SQL Injection Vulnerability

The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. A SQL injection vulnerability exists in Battelle V2I Hub version...

Go: Multiple vulnerabilities

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause arbitrar...

PT-2018-16792 · Veraport · Veraport G3

Name of the Vulnerable Software and Affected Versions: Veraport G3 ALL on MacOS affected versions not specified Description: A race condition exists when calling the Veraport API, allowing a remote attacker to cause arbitrary file download and execution, resulting in remote code execution...

Double Your Bitcoin Script Automatic - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Double Your Bitcoin Script Automatic 2018 for $50 - Authentication Bypass Exploit Author: Veyselxan Vendor Homepage: https://codeclerks.com/php-programming/1007/Double-Your-Bitcoin-Script-Automatic-2018 Version: v1 REQUIRED Test...

CVE-2018-19413

A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the...

CVE-2018-16873

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...

Double Your Bitcoin Script Automatic - Authentication Bypass

Double Your Bitcoin Script Automatic - Authentication Bypass Exploit Title: Double Your Bitcoin Script Automatic 2018 for $50 - Authentication Bypass Date: 2018-12-08 Exploit Author: Veyselxan Vendor Homepage: https://codeclerks.com/php-programming/1007/Double-Your-Bitcoin-Script-Automatic-2018...

jenkins: Reflected XSS vulnerability

A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins...

[SECURITY] Fedora 28 Update: perl-5.26.3-415.fc28

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

[SECURITY] Fedora 28 Update: hadoop-2.7.7-1.fc28

Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming model s. It is designed to scale up from single servers to thousands of machines, ea ch offering local computation and storage...

[SECURITY] Fedora 29 Update: perl-5.28.1-425.fc29

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

[SECURITY] Fedora 29 Update: python-notebook-5.7.2-1.fc29

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

Parrot Security 4.4 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot 4.4 is now available for download. This release provides security and stability updates and is the starting point for the plan to develop an LTS edition of Parrot. Parrot 4.4 Development Goals The Parrot 4.4 development process involved the ideas of many people in the community, and the go...

[SECURITY] [DLA 1591-1] libphp-phpmailer security update

Package : libphp-phpmailer Version : 5.2.9+dfsg-2+deb8u4 CVE IDs : CVE-2017-5223 CVE-2018-19296 It was discovered that there were two vulnerabilities libphp-phpmailer, an email library for the PHP programming language: CVE-2017-5223: Local file disclosure vulnerability via relative path HTML...