CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

CVE-2020-11979

CVE-2020-11979 affects Apache Ant 1.10.8. The mitigation for CVE-2020-1945 changed temp-file permissions, but the fixcrlf task deleted the temp file and recreated it without protection, enabling an attacker to inject modified source files during builds. Connected advisories confirm the issue and ...

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free

A flaw was found in the Linux kernel’s implementation of the SAS expander subsystem, where a race condition exists in the smptasktimedout and smptaskdone in drivers/scsi/libsas/sasexpander.c. An attacker could abuse this flaw to corrupt memory and escalate privileges...

task-alive.co.jp Cross Site Scripting vulnerability OBB-1370782

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Fedora: Security Advisory for ansible (FEDORA-2020-c3e6f30f53)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality.

...

Cisco IOS XR Authenticated User Privilege Escalation (cisco-sa-iosxr-cli-privescl-sDVEmhqv)

According to its self-reported version, Cisco IOS XR Software is affected by a privilege escalation vulnerability in task group assignment for a specific CLI command due to incorrect mapping of task groups assignments. An authenticated, local attacker with read permissions could exploit this...

Cisco IOS XR Software Authenticated User Privilege Escalation (cisco-sa-iosxr-LJtNFjeN)

According to its self-reported version, Cisco IOS XR Software is affected by a privilege escalation vulnerability in task group assignment for a specific CLI command due to incorrect mapping to task groups. An attacker could exploit this vulnerability by first authenticating to the local CLI shel...

Feds Hit with Successful Cyberattack, Data Stolen

A federal agency has suffered a successful espionage-related cyberattack that led to a backdoor and multistage malware being dropped on its network. The U.S. Cybersecurity and Infrastructure Security Agency CISA issued an alert on Thursday, not naming the agency but providing technical details of...

CVE-2020-6543

Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2020-6543

Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-6543

Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2020-6543

Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-6543

Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-6543

Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-25071

Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. Note: It has been argued that this is not reproducible. "The original issue was that the task would be created and an alert would be shown on the screen. Now the task would be...

PT-2020-15930 · Nifty · Nifty Project Management Web Application

Name of the Vulnerable Software and Affected Versions: Nifty Project Management Web Application affected versions not specified Description: The issue allows for XSS via the Add Task feature, which is rendered when visiting the Project Home. The original problem involved creating a task and...