The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.
Published at: July 23, 2020 at 11:15AM
View on website
Etiqueta: government
New vulnerability on the NVD: CVE-2020-11440
httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root.
Published at: July 23, 2020 at 10:15AM
View on website
New vulnerability on the NVD: CVE-2020-10917
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10007.
Published at: July 22, 2020 at 07:15PM
View on website
New vulnerability on the NVD: CVE-2014-1422
In Ubuntu’s trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.
Published at: July 22, 2020 at 02:15PM
View on website
New vulnerability on the NVD: CVE-2019-16244
OMERO.server before 5.6.1 allows attackers to bypass the security filters and access hidden objects via a crafted query.
Published at: July 22, 2020 at 12:15PM
View on website
Educ Arte Económico 