GO-2026-4821 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token in github.com/pinchtab/pinchtab

PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token in github.com/pinchtab/pinchtab...

CVE-2018-4645

Rejected reason: This candidate is unused by its CNA...

Surveillance camera insecurities argument comes to one inevitable conclusion: Always update

Chinese-made surveillance cameras find themselves in a spot of controversy, after a BBC investigation uncovered flaws in devices during several brand tests. Surveillance and webcam vulnerabilities are common, and weve covered them many times on our blog. Whats interesting with this story is that...

kernel: use-after-free due to race condition in qdisc_graft()

A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected...

Xerox Versalink Denial Of Service Vulnerability

Xerox Versalink printers suffer from a remote denial of service vulnerability using a specially crafted TIFF payload. + Credits: Mahmoud Al-Qudsi + Website: https://neosmart.net/ + Source: https://neosmart.net/blog/?p=4865 + Media: https://twitter.com/mqudsi and https://twitter.com/neosmart Vendo...

Improper Restriction of XML External Entity Reference in Plone

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

XML External Entity (XXE)

plonesupermodel is vulnerable to XML external entity XXE attacks. The vulnerability exists due to an unapplied permission which would allow an attacker with Manager role to perform XXE attacks and submit requests on behalf of the server and access restricted internal or local resources...

CVE-2020-28736

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

Design/Logic Flaw

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

PYSEC-2020-248

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

PYSEC-2020-248

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

Moderate: cyrus-sasl security and bug fix update

2.1.19-14 - Related: bz250732 Fixed a conflict with an earlier test patch 2.1.19-13 - Related: bz250732 Fixed uninitialized stack variable causing segfault 2.1.19-12 - Resolves: bz250732 sasl-sample-server crashes with null realm 2.1.19-11 - Resolves: bz243910 krb5-libs are not thread-safe -...