GHSL-2020-056: Double free in OpenSSL client

The GitHub Security Labs team has identified a security issue in OpenSSL in which an attacker can force a client into freeing the same memory twice.

Agustin Gianni

GHSL-2020-027: Server-Side Template Injection in Netflix Conductor

A Server-Side Template Injection was identified in Netflix Conductor enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vulnerability.

Alvaro Muñoz

GHSL-2020-028: Server-Side Template Injection in Netflix Titus

A Server-Side Template Injection was identified in Netflix Titus enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vulnerability.

Alvaro Muñoz

GHSL-2020-001: Off-by-one heap overflow in Bftpd

Under certain circumstances, an off-by-one heap overflow can occur in the command_retr function.

Antonio Morales

GHSL-2020-002: out-of-bounds (OOB) read in ProFTPD

An out-of-bounds (OOB) read vulnerability detected in mod_cap.

Antonio Morales

GHSL-2020-025: OOB read and DoS in PureFTPd

An uninitialized pointer vulnerability in PureFTPd results in Out-of-Bounds reads and Denial of Service.

Antonio Morales

GHSL-2020-026: Person in the middle attacks with lua-openssl

Several security issues have been found in the way X509 certificate validation functions are exposed to LUA. Clients using certain functions in lua-openssl are exposed to person-in-the-middle attacks.

Agustin Gianni

GHSL-2020-032: out-of-bounds (OOB) read vulnerability in PureFTPd

An out-of-bounds (OOB) read vulnerability has been detected in PureFTPd's pure_strcmp function.

Antonio Morales

GHSL-2020-003, GHSL-2020-004, GHSL-2020-005: Person in the middle attack on openfortivpn clients

Several security issues have been found in the way openfortivpn deals with TLS. These issues can lead to situations in which an attacker can perform a person-in-the-middle attack on clients.

Agustin Gianni