NEWS & EVENTS

SERVICES

The service analyzes a DNS request log and detects if there are domain names which can be generated by a Domain...

The service shows a 3D representation of network traffic related to attacks on a honeypot in Pisa. In addition, the...

This service offers the possibility of searching public domain information related to known security hardware and...

This service analyses sets of email file in .eml format to identify the unsolicited ones (SPAM). Moreover, the service...

LATEST CVE

Published Description
CVE-2020-15132
05-08-2020 21:15:00
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that this user name does not exist. This enables attackers to retrieve valid usernames. Also, the response of the "Forgot Password" request returns the email address to which the email was sent, if the operation was successful. This information should not be exposed, as it can be used to gather email addresses. This problem was fixed in versions 1.6.35, 2.0.10 and 2.1.1.
CVE-2020-15113
05-08-2020 20:15:00
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700).
CVE-2020-16254
05-08-2020 20:15:00
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute).
CVE-2020-15112
05-08-2020 20:15:00
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.
CVE-2020-15106
05-08-2020 19:15:00
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.

Pages