CVE-2020-11204

CVE-2020-11204 affects Qualcomm closed‑source components within Snapdragon Auto/Compute/Connectivity/IoT families. The root cause is a lack of validation and boundary checks for parameters read from shared MSG RAM in multiple sub-systems, causing potential memory corruption and information leakag...

bloofoxCMS 0.5.2.1 - CSRF (Add user)

Title: bloofoxCMS 0.5.2.1 - CSRF Add user Exploit Author: LiPeiYi Date: 2020-12-18 Vendor Homepage: https://www.bloofox.com/ Software Link: https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1 Version: 0.5.1.0 -.5.2.1 Tested on: windows 10 Desc: The application interface allows users to...

STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)

Exploit Title: STVS ProVision 5.9.10 - Cross-Site Request Forgery Add Admin Date: 19.01.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.stvs.ch STVS ProVision 5.9.10 Cross-Site Request Forgery Add Admin Vendor: STVS SA Product web page: http://www.stvs.ch Platform: Ruby Affected...

Improper Certificate Validation

keycloak-services does not properly validate certificates. Lack of validation on the certificate timestamp validity allows an expired certificate to be accepted by Keycloak's direct-grant authenticator...

Fedora 33 : rpki-client (2020-f30b30c2d8)

rpki-client 6.8p1 ================= This is the second release based on OpenBSD 6.8. It includes the following changes to the previous release : - Incorporate OpenBSD 6.8 errata 006 of November 10, 2020: rpki-client incorrectly checks the manifest validity interval. In the portable version : - Ad...

GaussDB Kernel: Configuring the Validity Period of User Roles

During role creation, the keyword VALID BEGIN is used to set the role validity start time and VALID UNTIL to set the end time. If these two keywords are not set, roles are permanently valid. The role expiration time on each node in the GaussDB Kernel cluster depends on the OS clock on each node...

openGauss: Configuring the Validity Period of User Roles

When creating a role, you can use the keyword VALID BEGIN to set the start time of the role validity period and use VALID UNTIL to set the end time. If these two keywords are not set, roles are permanently valid. The role expiration time on each node in openGauss depends on the OS clock on each...

CVE-2020-12485

The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device...

Kerberos KDC Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in the way Key Distribution Center KDC determines if a service ticket can be used for delegation via Kerberos Constrained Delegation KCD. To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service...

ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.

...

CVE-2020-15270

Parse Server npm package parse-server broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not...

CVE-2020-15270

Parse Server npm package parse-server broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not...

Insecure Error Handling

github.com/ory/fosite does not securely handle errors from the server. The TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid and may lead to unexpected behaviors in the server...

PT-2020-13446 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered in GitLab where project invitation links were not invalidated upon removing a user from a project...

AIX 7.2 TL 3 : bind (IJ25926)

https://vulners.com/cve/CVE-2020-8616 https://vulners.com/cve/CVE-2020-8616 ISC BIND is vulnerable to a denial of service, caused by the failure to limit the number of fetches performed when processing referrals. By using specially crafted referrals, a remote attacker could exploit this...

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

RHEL 6 : bind (RHSA-2020:3378)

"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3378 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named C...

Debian DLA-2303-1 : libssh security update

The code in src/sftpserver.c did not verify the validity of certain pointers and expected them to be valid. A NULL pointer dereference could have been occurred that typically causes a crash and thus a denial of service. For Debian 9 stretch, this problem has been fixed in version 0.7.3-2+deb9u3. ...

RHEL 7 : bind (RHSA-2020:2893)

"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2893 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named C Tenable, Inc...

Improper uniqueness verification of signature threshold

The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a minimum...