Monthly Archive: July 2020

cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media...

IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616. Date published : 2020-07-28 https://www.ibm.com/support/pages/node/1125885 https://exchange.xforce.ibmcloud.com/vulnerabilities/172616

This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue....

An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. A specially crafted Diameter request can trigger a memory corruption resulting in denial-of-service. An attacker can send a malicious packet...

Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. Date published : 2020-07-28 https://jvn.jp/en/jp/JVN48194211/index.html https://kujirahand.com/konawiki/

Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL. Date published : 2020-07-28 https://jvn.jp/en/jp/JVN48194211/index.html https://kujirahand.com/konawiki/

Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL. Date published : 2020-07-28 https://jvn.jp/en/jp/JVN48194211/index.html https://kujirahand.com/konawiki/

Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal...

IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A...

IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an...

IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak...

IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web...

IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web...

In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree. Date published : 2020-07-28 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNJIXYDMSXYDII4ERMQ4EEKZX64U3QR4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBLHUG2UCXVABAGN5FVTD3AB3YKE5NN/