UBUNTU-CVE-2020-15474

In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c...

EulerOS Virtualization 3.0.6.0 : wpa_supplicant (EulerOS-SA-2020-1763)

According to the versions of the wpasupplicant package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable...

rubygems: Escape sequence injection vulnerability in errors

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...

rubygems: Escape sequence injection vulnerability in gem owner

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...

rubygems: Escape sequence injection vulnerability in verbose

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is possible...

rubygems: Escape sequence injection vulnerability in API response handling

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

CVE-2020-15334

Zyxel CloudCNM SecuManager is affected in versions 3.1.0–3.1.1 by an escape-sequence injection into the /var/log/axxmpp.log file. The issue relates to the API endpoint handling that log file; the exact vulnerable parameters are not specified in the documents. No explicit exploit details or in-the...

CVE-2020-15334

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file...

Cross site scripting

Cross-site Scripting XSS vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record o...

Malleable ECDSA Signature

jsrsasign uses a malleable ECDSA signature. The vulnerability exists as it does not check for overflows in the length of a sequence, and allows 0 characters appended or prepended to an integer to be verified as the same as without the extra 0 characters...

Updated ruby-RubyGems packages fix security vulnerability

Updated ruby-RubyGems package fixes security vulnerabilities The following vulnerabilities have been reported. CVE-2019-8320: Delete directory using symlink when decompressing tar CVE-2019-8321: Escape sequence injection vulnerability in verbose CVE-2019-8322: Escape sequence injection...

openSUSE Security Update : axel (openSUSE-2020-778)

This update for axel fixes the following issues : axel was updated to 2.17.8 : - CVE-2020-13614: SSL Certificate Hostnames were not verified boo1172159 - Replaced progressbar line clearing with terminal control sequence - Fixed parsing of Content-Disposition HTTP header - Fixed User-Agent HTTP...

CVE-2020-10061 Error handling invalid packet sequence

Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions...

CVE-2020-7662

websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

Design/Logic Flaw

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence

A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the...

kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence

A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the...

EulerOS 2.0 SP3 : screen (EulerOS-SA-2020-1433)

According to the version of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial o...

zeek -- Remote crash vulnerability

Jon Siwek of Corelight reports: This release fixes the following security issue: An attacker can crash Zeek remotely via crafted packet sequence...