kubernetes kubeadm-ha-setup kubernetes-cni kubernetes-cni-plugins security update

kubernetes 1.12.10-1.0.12 - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in kube-controller-manager kubeadm-ha-setup 0.0.2-1.0.70 - Enhance image tag read to depend on kubeadm-registry.sh for CVE release...

CVE-2020-5362

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup...

CVE-2020-9462

An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further...

CVE-2020-9462

An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further...

GitMonitor - A Github Scanning System To Look For Leaked Sensitive Information Based On Rules

GitMonitor is a Github scanning system to look for leaked sensitive information based on rules. I know that there are a lot of very good other tools for finding sensitive information leaked on Github right now, I myself currently still use some of them. However, I think they still lack some...

Ligolo - Reverse Tunneling Made Easy For Pentesters, By Pentesters

Ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety TLS certificate with elliptical curve. It is comparable to Meterpreter with Autoroute + Socks4a , but more stable and faster. Use case You compromised a Windows / Linux / Ma...

trivy-action

Trivy Action GitHub Actionhttps://github.com/features/ac...

CVE-2020-4018

The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...

CVE-2020-4018

The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...

CVE-2020-4018

The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...

The vulnerability of the DBI Setup component of the Oracle E-Business Intelligence software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the DBI Setup component of the Oracle E-Business Intelligence software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP network protocol...

April 25, 2019—KB4493437 (OS Build 17134.753)

April 25, 2019—KB4493437 OS Build 17134.753 Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1803. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change pleas...

May 3, 2019—KB4495667 (OS Build 17763.475)

May 3, 2019—KB4495667 OS Build 17763.475 Improvements and fixes This update includes quality improvements. Key changes include: Allows the built-in Administrator account to run Microsoft Office setup after downloading the installer in Microsoft Edge. Addresses an issue that causes Internet Explor...

The vulnerability of the Setup component in mobile applications of Oracle CRM Gateway for Mobile Devices allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Setup component in mobile applications of the Oracle CRM Gateway for Mobile Devices relates to the lack of protection for sensitive data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using th...

The vulnerability of the Setup and Admin components of the Oracle Knowledge Management application allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Setup and Admin components of the Oracle Knowledge Management application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP network...

Pi-hole 4.4.0 - Remote Code Execution (Authenticated)

Exploit Title: Pi-hole 4.4.0 - Remote Code Execution Authenticated Date: 2020-05-22 Exploit Author: Photubias Vendor Advisory: 1 https://github.com/pi-hole/AdminLTE Version: Pi-hole . Based and improved on: https://github.com/Frichetten/CVE-2020-11108-PoC/blob/master/cve-2020-11108-rce.py File na...

UBUNTU-CVE-2020-13240

The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS...

SUSE-SU-2020:1301-1 Security update for mailman

This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12108: Fixed a content injection bug bsc1171363. - CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion bsc1170558. Non-security issue fixed: - Fixed rights and ownership on...

CVE-2020-12834

eQ-3 Homematic Central Control Unit CCU2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup or factory...

The vulnerability of the Attribute Admin Setup sub-component of the Oracle Partner Management component in the Oracle E-Business Suite system allows a malicious actor to gain access to and modify data.

The vulnerability of the Attribute Admin Setup sub-component of the Oracle Partner Management component in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or...