Klar - Integration Of Clair And Docker Registry

Integration of Clair and Docker Registry supports both Clair API v1 and v3 Klar is a simple tool to analyze images stored in a private or public Docker registry for security vulnerabilities using Clair https://github.com/coreos/clair. Klar is designed to be used as an integration tool so it relie...

kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS)

Memory leaks in drivers/net/wireless/ath/ath9k/htchst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service memory consumption by triggering waitforcompletiontimeout failures. This affects the htcconfigpipecredits function, the htcsetupcomplete function, and the...

CVE-2020-10714

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

CVE-2020-11795

In JetBrains Space through 2020-04-22, the session timeout period was configured improperly...

CVE-2020-11795

In JetBrains Space through 2020-04-22, the session timeout period was configured improperly...

Code injection

In JetBrains Space through 2020-04-22, the session timeout period was configured improperly...

CVE-2020-11795

JetBrains Space (through 2020-04-22) has a session timeout misconfiguration affecting the Space component, per CVE-2020-11795. Connected sources confirm Space’s session timeout issue existed in versions up to 2020-04-22, described as an improper session timeout configuration. The JetBrains Q1-202...

CVE-2020-11795

In JetBrains Space through 2020-04-22, the session timeout period was configured improperly...

Description of the Office Web Apps Server update: March 12, 2013

Description of the Office Web Apps Server update: March 12, 2013 INTRODUCTION Microsoft has released an update for Microsoft Office Web Apps Server. This update provides the latest fixes for Office Web Apps Server. Additionally, this update contains stability and performance improvements. Known...

CVE-2020-3651

Active command timeout since WM status change cmd is not removed from active queue if peer sends multiple deauth frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...

Command injection

Active command timeout since WM status change cmd is not removed from active queue if peer sends multiple deauth frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...

CVE-2020-3651

CVE-2020-3651 describes an active command timeout in WLAN handling where WM status change command remains queued when a peer sends multiple deauth frames. Publicly documented impact appears under Qualcomm components (WLAN) and affects Snapdragon platforms (e.g., Snapdragon Auto/Compute/Consumer d...

CVE-2020-3651

Active command timeout since WM status change cmd is not removed from active queue if peer sends multiple deauth frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...

ThinkPHP 5.0.23 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ThinkPHP Multiple PHP Injection RCEs', 'Description' = %q This module exploits one of two PHP injection vulnerabilities in the ThinkPHP web...

Denial Of Service (DoS)

The kernel package is vulnerable to denial of service DoS. The possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause a denial of service kernel panic...

Denial Of Service (DoS)

php is vulnerable to denial of service. When unserializing untrusted data on 64-bit platforms, the zendhashinit function could be forced into an infinite loop, consuming CPU resources for a limited time, until the script timeout alarm aborted execution of the script...

System Center Operations Manager, version 1807

System Center Operations Manager, version 1807 Applies to: System Center Operations Manager, version 1807 Introduction This article describes the issues that are fixed and the improvements that are included in System Center Operations Manager, version 1807. This article also contains the...

CSRF Token Information Disclosure in MC

Summary The Management Center MC web UI is susceptible to a CSRF token disclosure vulnerability. A remote attacker, who has access to an authenticated MC user's web browser history or a network device that intercepts/logs traffic to MC, can obtain CSRF tokens and use them to perform CSRF attacks...

Update Rollup 6 for System Center 2012 R2 Operations Manager

Update Rollup 6 for System Center 2012 R2 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 6 for Microsoft System Center 2012 R2 Operations Manager. Additionally, this article contains the installation instructions for Update Rollup 6 for System...

System fails back to a host copy instead of an array copy or storages go down after LUN reset in Windows Server 2012 R2

System fails back to a host copy instead of an array copy or storages go down after LUN reset in Windows Server 2012 R2 This article describes issues in which a storage system fails back to a host copy instead of an array copy or storage systems go down after a LUN reset in Windows Server 2012 R2...