Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
Published at: June 15, 2020 at 01:15PM
View on website
Etiqueta: government
New vulnerability on the NVD: CVE-2019-20838
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
Published at: June 15, 2020 at 01:15PM
View on website
New vulnerability on the NVD: CVE-2017-18869
A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.
Published at: June 15, 2020 at 11:15AM
View on website
New vulnerability on the NVD: CVE-2018-16848
A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service.
Published at: June 15, 2020 at 11:15AM
View on website
New vulnerability on the NVD: CVE-2019-19109
The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF.
Published at: June 15, 2020 at 10:15AM
View on website
Educ Arte Económico 