Apple Safari Login AutoFill Component Logic Flaw Vulnerability

Apple Safari is a web browser from Apple, Inc. and is the default browser that comes with the Mac OS X and iOS operating systems. A security vulnerability exists in the Safari Login AutoFill component in Apple Safari versions prior to 13.1.2, iOS versions prior to 13.6, and iPadOS versions prior ...

CVE-2020-15091

TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing chainID. A malicious block proposer even with a minimal amount of...

CVE-2004-0657

Integer overflow in the NTP daemon NTPd before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time...

CVE-2020-8167

A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...

CVE-2020-8167

A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...

UBUNTU-CVE-2020-8167

A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...

CVE-2020-8167

A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...

Cross-Site Request Forgery (CSRF)

A CSRF vulnerability exists in rails rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...

CVE-2020-6270

SAP NetWeaver AS ABAP Banking Services, versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user...

CVE-2020-6270

SAP NetWeaver AS ABAP Banking Services, versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user...

CVE-2020-8167

A flaw was found in rubygem-actionview. A regression of CVE-2015-1840 causes Rails-ujs to send CSRF tokens to wrong domains. The highest threat from this vulnerability is to data integrity...

php: File rename across filesystems may allow unwanted access during processing

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...

Updated git packages fix security vulnerability

Updated git packages fix security vulnerability: Malicious URLs can still cause Git to send a stored credential to the wrong server CvE-2020-111008. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential...

CVE-2020-6827

When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. Note: This issue only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ESR...

USN-4334-1 git vulnerability

Carlo Arenas discovered that Git incorrectly handled certain URLs containing newlines, empty hosts, or lacking a scheme. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host...

CVE-2020-5260 malicious URLs may cause Git to present stored credentials to the wrong server

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...

USN-4329-1 git vulnerability

Felix Wilhelm discovered that Git incorrectly handled certain URLs that included newlines. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. In certain code paths, sctpsfviolationparamlen could be called with a wrong parameter data type. This could lead to a possible denial of service...

CVE-2020-7066

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...

Slack: Tricking the "Create snippet" feature into displaying the wrong filetype can lead to RCE on Slack users

An issue in Slack's Create snippet feature results in filetypes being displayed incorrectly. This can lead to RCE if a Slack user downloads an executable file thinking that it is a CSV or other benign file type. https://www.youtube.com/watch?v=cIlGfnn4iG8...