GHSL-2020-056: Double free in OpenSSL client
The GitHub Security Labs team has identified a security issue in OpenSSL in which an attacker can force a client into freeing the same memory twice.
Agustin GianniGHSL-2020-027: Server-Side Template Injection in Netflix Conductor
A Server-Side Template Injection was identified in Netflix Conductor enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vulnerability.
Alvaro MuñozGHSL-2020-028: Server-Side Template Injection in Netflix Titus
A Server-Side Template Injection was identified in Netflix Titus enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vulnerability.
Alvaro MuñozGHSL-2020-001: Off-by-one heap overflow in Bftpd
Under certain circumstances, an off-by-one heap overflow can occur in the command_retr function.
Antonio MoralesGHSL-2020-002: out-of-bounds (OOB) read in ProFTPD
An out-of-bounds (OOB) read vulnerability detected in mod_cap.
Antonio MoralesGHSL-2020-025: OOB read and DoS in PureFTPd
An uninitialized pointer vulnerability in PureFTPd results in Out-of-Bounds reads and Denial of Service.
Antonio MoralesGHSL-2020-026: Person in the middle attacks with lua-openssl
Several security issues have been found in the way X509 certificate validation functions are exposed to LUA. Clients using certain functions in lua-openssl are exposed to person-in-the-middle attacks.
Agustin GianniGHSL-2020-032: out-of-bounds (OOB) read vulnerability in PureFTPd
An out-of-bounds (OOB) read vulnerability has been detected in PureFTPd's pure_strcmp function.
Antonio MoralesGHSL-2020-003, GHSL-2020-004, GHSL-2020-005: Person in the middle attack on openfortivpn clients
Several security issues have been found in the way openfortivpn deals with TLS. These issues can lead to situations in which an attacker can perform a person-in-the-middle attack on clients.
Agustin Gianni