Kubernetes: KOPS documentation references domains which were not registered

Summary: While researching the kubernetes documentation, I found that the KOPS project's Route53 configuration references dangling DNS servers. I was able to register 3 / 4 of these domain names. I was also able to verify that some companies have been using this configuration, making them...

Police Arrest 21 WeLeakInfo Customers Who Bought Breached Personal Data

21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo.com, a now-defunct online service that had been previously selling access to data hacked from other websites. The suspects used stolen personal credentials to commit further cyber...

Minecraft Apps on Google Play Fleece Players Out of Big Money

Fans of the popular Minecraft video game are in the crosshairs of cybercriminals, who have loaded up Google Play with scam apps bent on fleecing players out of cash. According to researchers, the mobile apps for Android fool users into spending hundreds of dollars per month, by offering skins,...

CVE-2020-13346

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API...

CVE-2020-13346

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API...

UBUNTU-CVE-2020-13346

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API...

CVE-2020-13346

Removed by vendor...

CVE-2020-13346

CVE-2020-13346 affects GitLab versions prior to 13.2.10, 13.3.7, and 13.4.2, where membership changes are not reflected in ToDo subscriptions. This allows guest users to access confidential issues via the API. The provided documents confirm the affected versions and behavior but do not include a ...

CVE-2020-13346

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API...

PT-2020-13487 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.2.10 GitLab versions prior to 13.3.7 GitLab versions prior to 13.4.2 Description: Membership changes are not reflected in ToDo subscriptions, allowing guest users to access confidential issues through the API...

CVE-2020-12643

OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address...

Design/Logic Flaw

OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address...

CVE-2020-12643

CVE-2020-12643 affects OX App Suite 7.10.3 and earlier. The flaw is an incorrect access control in the /api/subscriptions path that can disclose the email address contained in a snippet when requested from another user, due to an improper permission check. Impact is exposure of email addresses; n...

CVE-2020-3447

A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance ESA and Cisco AsyncOS for Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive...

IBM Cognos Analytics Elevation of Privilege Vulnerability

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A security vulnerability exists...

WordPress WooCommerce Subscriptions Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WooCommerce Subscriptions is a subscription plugin used in it. A cross-site scripting vulnerability exists in WordPress...

CVE-2019-4589

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449...

WordPress Email Subscribers & Newsletters Cross-Site Request Forgery Vulnerability (CNVD-2020-44908)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Email Subscribers & Newsletters is an email subscription and newsletter plugin used in it. A cross-site request forgery vulnerability...

WordPress WooCommerce Subscriptions Plugin < 2.6.3 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113732";...

WordPress WooCommerce Subscriptions premium plugin <= 2.6.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability found by PRECURSOR SECURITY in WordPress WooCommerce Subscriptions premium plugin versions = 2.6.2. Solution Update the WordPress WooCommerce Subscriptions premium plugin to the latest available version at least 2.6.3...