GitLab Insecure Direct Object Reference Vulnerability

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An insecure direct object reference vulnerability exists in GitLab versions prior to 12.1.2, 12.0.4...

CVE-2019-5469

An IDOR vulnerability exists in GitLab v12.1.2, v12.0.4, and v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets...

The FCC's Push to Purge Huawei From US Networks

The rural carriers who rely on Huawei are wary of a costly “rip and replace” effort...

Description of the security update for Excel 2016: December 10, 2019

Description of the security update for Excel 2016: December 10, 2019 Summary This security update resolves an information disclosure vulnerability that exists if Microsoft Excel incorrectly discloses the contents of its memory. To learn more about the vulnerability, see Microsoft Common...

DEBIAN-CVE-2019-19076

A memory leak in the nfpabmu32knodereplace function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service memory consumption, aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit...

Linux kernel memory leak vulnerability (CNVD-2019-41269)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory disclosure vulnerability exists in the nfpabmu32knodereplace function in...

Smartweares HOME easy Information Disclosure Vulnerability

Smartweares HOME easy is prone to an information disclosure vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Design/Logic Flaw

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

CVE-2019-15053

The CVE-2019-15053 issue affects the HTML Include and replace macro plugin for Confluence Server (pre-1.5.0). A bypass of the includeScripts=false XSS protection via an IFRAME vector is documented, enabling cross-site scripting. Connected sources show a public exploit draft and vendor advisories ...

CVE-2019-15053

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

CVE-2019-14362

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value...

PT-2019-16921 · Ibm · Ibm Spectrum Protect +1

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Storage Manager Server IBM Spectrum Protect versions 7.1 through 8.1 Description: The issue allows a local user to replace existing databases by restoring old data. Recommendations: For versions 7.1 through 8.1, update to a version...

libvirt security update

0.10.2-64.0.1 - Replace docs/et.png in tarball with blank image 0.10.2-64.el610.2 - api: disallow virDomainSaveImageGetXMLDesc on read-only connections CVE-2019-10161...

Buffer overflow

radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c...

Information Disclosure

ansible is vulnerable to Information Disclosure. An unsafe template evaluation of returned module data exists, allowing an attacker to read and replace files...

Three Common Questions (and Answers) About Next-Gen AV

Most organizations with traditional, or legacy, antivirus AV solutions are well aware that they are no longer protected from the more advanced tactics and threats of attackers today. Signatures just can’t keep up with emerging threats. But that doesn’t mean that everyone is ready to dive head fir...

NREL BEopt <= 2.8.0.0 RCE Vulnerability

NREL BEopt is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nrel:beopt"; if...

GHSA-VVWP-3F54-XC39 Downloads Resources over HTTP in broccoli-closure

Affected versions of broccoli-closure insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

GHSA-G785-775G-F2G8 Downloads Resources over HTTP in haxe

Affected versions of haxe insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

CVE-2018-15465

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, but unprivileged levels 0 and 1, remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of...