Joomla 2.5.x < 3.9.17 Multiple Vulnerabilities (5807-joomla-3-9-17)

According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.9.17. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of comusers allow...

Joomla! 2.5.0 - 3.9.16 Multiple Vulnerabilities

Joomla! is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla"; ifdescription...

CVE-2020-11890

An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration...

Malicious Package

Overview activerecord-database-validations is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid...

Malicious Package

Overview activerecord-strictvalidations is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid...

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists through missing validations of null-terminated string data structure elements in the doreplace, compatdoreplace, doiptgetctl, doip6tgetctl, and doarptgetctl functions could allow a local user who has the CAPNETADMIN capabili...

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists through missing validations of null-terminated string data structure elements in the doreplace, compatdoreplace, doiptgetctl, doip6tgetctl, and doarptgetctl functions could allow a local user who has the CAPNETADMIN capabili...

CVE-2019-19606

X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths or a leak of OS credentials to a remote system via crafted network packets. This could be used to execute arbitrary commands on the system...

[20200402] - Core - Missing checks for the root usergroup in usergroup table

Inproper input validations in the usergroup table class could lead to a broken ACL configuration...

CVE-2019-20455

Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations...

Updated kernel packages fix security vulnerabilities

This update is based on upstream 5.4.6 and fixes various potential security issues related to buffer overflows, double frees, NUll pointer dereferences, improper / missing input validations and so on. It also adds other bugfixes all over the kernel. Other fixes added in this update: - x86/MCE/AMD...

Updated squid packages fix security vulnerabilities

Potential remote code execution during URN processing CVE-2019-12526. Multiple improper validations in URI processing CVE-2019-12523, CVE-2019-18676. Cross-Site Request Forgery in HTTP Request processing CVE-2019-18677. Incorrect message parsing which could have led to HTTP request splitting issu...

openSUSE Security Update : squid (openSUSE-2019-2541)

This update for squid to version 4.9 fixes the following issues : Security issues fixed : - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi bsc1140738. - CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. -...

Bypass Form Validations - Critical - Unsupported - SA-CONTRIB-2019-079

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466procedure---own-project---unsupported...

Validation Bypass

patch is vulnerable to validation bypass. Strings beginning with the ! character are not blocked in the function doedscript in pch.c, potentially allowing bypass of string validations...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel (AWS) vulnerabilities (USN-4118-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4118-1 advisory. It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could...

Input validation

Newgen OmniFlow Intelligent Business Process Suite iBPS 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business...

Improper NULL Byte Parsing

libmspack parses NULL bytes in an insecure manner. The chmdreadheaders function in mspack/chmd.c accepts filenames that has \0 as its first or second character. This could allow attackers to bypass input validations or authorization controls...

CVE-2018-13896

XBLSEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at XBLSEC stage.. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

36-Year-Old SCP Clients' Implementation Flaws Discovered

A set of 36-year-old vulnerabilities has been uncovered in the Secure Copy Protocol SCP implementation of many client applications that can be exploited by malicious servers to overwrite arbitrary files in the SCP client target directory unauthorizedly. Session Control Protocol SCP, also known as...