The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
ee98f650f028819cfeda786d7e85dcadb74d827d4585f332ca03b217d4d82fb7
udisks and the Linux kernel have an issue where udisks permits users to mount romfs and romfs leaks uninitialized memory to userspace.
35a3fb65f205fc4d18eb799a00a5f48e0f59e4554d59a19758e3936768b1b633
SevOne Network Management System version 5.7.2.22 suffers from command injection, CSV formula injection, and remote SQL injection vulnerabilities.
24e87adbd89e7edce3cf95cf9e71c78997abb8447a837d4e46b32402d1147531
Platinum Mobile version 1.0.4.850 has a broken access control. The mobile application connects to the company-specific server, which does not properly restrict the access to confidential data. Thus, an authenticated attacker can disclose the company's payroll, personal information of other employees without having appropriate privileges to do so.
ef616be2199ef7ca952b57851fb6f735192ec9301a566f2f186d4adaf12d70a8
MailDepot version 2032 SP2 (2.2.1242) suffers from an improper authorization vulnerability. The REDDOXX MailDepot web service does not correctly verify whether a user has the proper rights to access specified mailboxes in a corresponding web service request. The web service request will only be processed if it contains a valid authentication token (usual REST web service), but the names of the mailboxes to be accessed are given within a JSON object which is not validated properly regarding user access permissions. Thus, any authenticated user can access mailboxes of other users due to improper authorization checks.
32ab4f6645b5760f2cd58298371554aeca5c3729abaf3ad7500e4ee9b6054b7e
Unauthenticated users can send forged messages to the FusionAuth to bypass authentication, impersonate other users or gain arbitrary roles. The SAML message can be send to the application without a signature even if this is required. The impact depends on individual applications that implement fusionauth-samlv2. Version 0.2.3 is vulnerable.
c0bc810aed6db58661b8cd13a1ebf5d20fed6fdb9c77567debaa3ab0cf809833
Checkmk version 1.6.0p16 suffers from a local privilege escalation vulnerability.
41cd3d163f2b1dd4d07d8fd2298825fb4ce75d3e7d473bbc6a6eb549e3eec3aa
Ubuntu Security Notice 4563-1 - It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An attacker could use this vulnerability to cause a denial of service.
d87cf389866a7ac3a59e3adbf8699f85052c8684e103f3158dc16c3897080a52
Red Hat Security Advisory 2020-4162-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.
59e3e15ebbb5e0e63993331beff22ce1d413e39d2794afbb1994f1c67a5104c2
Red Hat Security Advisory 2020-4163-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
bd5f1ba103b5c7cbeb45e5c8af66bfc2ce3a92c33e0510d5c09a5d474d62f984
Photo Share Website version 1.0 suffers from a persistent cross site scripting vulnerability.
be14abcc47d015f97239bd39ea54992e32721357646e58a671c88befab970bc4
MedDream PACS Server versions 6.8.3.751 suffers from an unauthenticated remote code execution vulnerability. This finding has been updated as it was originally believed to required authentication.
5adb3dbf769be512c98b33fa27e9a7ba541b7e7517472634f0d21eba9f5b4c01
This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
f83cb6b91b197a079e3bfbb484b1d652a62b381e1175cf46a6f305177af13bd1