Security
Headlines
HeadlinesLatestCVEs

Tag

#nginx

CVE-2020-27611: BigBlueButton : Privacy

BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.

CVE
#web#mac#google#js#git#perl#nginx#auth#docker
CVE-2020-24349: Control flow hijack in njs_value_property · Issue #324 · nginx/njs

njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.

CVE-2020-17367: GitHub - netblue30/firejail: Linux namespaces and seccomp-bpf sandbox

Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.

CVE-2020-11076: puma/History.md at master · puma/puma

In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.

CVE-2020-5867

In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages

CVE-2020-5865

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.

RHEA-2020:0283: Red Hat Enhancement Advisory: Red Hat OpenStack Platform 16.0 GA

Updated packages that fix several bugs and add various enhancements are now available for Red Hat OpenStack Platform 16.0 (Train) for RHEL 8.1.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2019-3866: An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information. * CVE-2019-19687: A disclosure vulnerability was found in openstack-keystone's credentials API. Users with a project role are able to list any credentials with the /v3/credentials API when enforce_scope is false. Information for time-based one time passwords (TOTP) may also be disclosed. Deploymen...

CVE-2019-19886: ModSecurity Denial of Service Details - CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.