BenTasker.co.uk

Home
Blog
Whitepapers
Documentation
Videos
Shop
Photography

Home / Blog

Latest Posts

Cynet 360 Uses Insecure Control Channels
Writing (and backdooring) a ChaCha20 based CSPRNG
The Pitfalls of Building an Elasticsearch backed Search Engine
Building a Raspberry Pi Based Music Kiosk
Recovering files from SD Cards and How to protect yourself

This site should work without Javascript enabled. If you find something doesn't, please Contact Me.

Security

Tips on Good Password Management	30 November 2010
Update on the Fisher Hargreaves Proctor Security Breach	30 November 2010
Fisher Hargreaves Proctor Suffer Security Breach	28 November 2010
Republished: Tips for fighting password theft	16 January 2010
Republished: It's a Dangerous World	19 September 2009
Republished: Why you should never share Login Details	16 August 2009
Republished: Basic Malware Detector For Linux	16 July 2009
Email and Captcha Generation Scripts	15 March 2009
Republished: Hacking the Computrend Powergrid 902 Powerline Adaptor	11 February 2009

Page 3 of 3

Start
Prev
1
2
3
Next
End

Recent CVEs

CVE-2019-20806 (linux_kernel)
CVE-2019-20807 (vim)
CVE-2019-6342
CVE-2020-10719
CVE-2020-10737
CVE-2020-10751
CVE-2020-10936 (sympa)
CVE-2020-10945 (centreon, widget-host-monitoring)
CVE-2020-10946 (centreon_host-monitoring_widget, centreon_service-monitoring_widget, centreon_tactical-overview_widget)
CVE-2020-11059

Return to listing

CVE-2019-20806 (linux_kernel)

An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.

CVE-2019-20807 (vim)

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

CVE-2019-6342

An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.

CVE-2020-10719

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

CVE-2020-10737

A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.

CVE-2020-10751

A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.

CVE-2020-10936 (sympa)

Sympa before 6.2.56 allows privilege escalation.

CVE-2020-10945 (centreon, widget-host-monitoring)

Centreon before 19.10.7 exposes Session IDs in server responses.

CVE-2020-10946 (centreon_host-monitoring_widget, centreon_service-monitoring_widget, centreon_tactical-overview_widget)

Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget.

CVE-2020-11059

In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.

Latest Posts

Cynet 360 Uses Insecure Control Channels
Writing (and backdooring) a ChaCha20 based CSPRNG
The Pitfalls of Building an Elasticsearch backed Search Engine
Building a Raspberry Pi Based Music Kiosk
Recovering files from SD Cards and How to protect yourself

License Details
Privacy Policy
Cookies
Stored Data
Sitemap

Donations BTC: 14hJYqCNLi7yJH8QkUqB2VEg3jx4pXBN5X / https://paypal.me/BTasker

Based on a template by JoomSpirit, customised by B Tasker

JoomSpirit

About this template