734 matches found
CVE-2021-25411
Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory...
Django < 2.2.24, 3.0 < 3.1.12, 3.2 < 3.2.4 Multiple Vulnerabilities - Linux
Django is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
PT-2021-4521 · Django +4 · Django +4
Name of the Vulnerable Software and Affected Versions: Django versions 2.2 before 2.2.24 Django versions 3.x before 3.1.12 Django versions 3.2 before 3.2.4 Description: The issue is related to the URLValidator, validate ipv4 address, and validate ipv46 address functions in Django, which do not...
Arbitrary Code Execution
python3 is vulnerable to arbitrary code execution. IP address octets are left stripped instead of evaluated as valid IP addresses due to improper input validation of octal strings in the stdlib ipaddress allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks o...
PT-2021-6816 · Unknown +2 · Kubernetes +1
Name of the Vulnerable Software and Affected Versions: Kubernetes affected versions not specified Description: A security issue in Kubernetes allows a remote attacker to redirect pod traffic to private networks on a Node, potentially accessing confidential data and compromising its integrity. The...
USN-4919-1 openslp-dfsg vulnerability
It was discovered that OpenSLP did not properly validate URLs. A remote attacker could use this issue to cause OpenSLP to crash or possibly execute arbitrary code...
SUSE: Security Advisory (SUSE-SU-2018:0438-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Nextcloud 注入漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in the Nextcloud Desktop client, which stems from insufficient validation of input provided to a user passed through a URL....
PT-2021-7695 · Unknown +1 · Net::Netmask +1
Name of the Vulnerable Software and Affected Versions: Net::Netmask versions prior to 2.0000 Description: The issue is related to the improper handling of extraneous zero characters at the beginning of an IP address string, which can allow attackers to bypass access control based on IP addresses...
PT-2021-7694 · Unknown +1 · Data::Validate::Ip +1
Name of the Vulnerable Software and Affected Versions: Data::Validate::IP versions 0.29 and earlier Description: The issue is related to improper authorization in the Data::Validate::IP module. It allows a remote attacker to impact data integrity by bypassing access control based on IP addresses...
DEBIAN-CVE-2021-21187
Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name...
CVE-2021-25339
Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory...
CVE-2021-25339
Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory...
CVE-2021-25339
Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory...
CVE-2021-25339
The CVE-2021-25339 entry relates to Samsung mobile devices with an improper address validation in HArx. Root cause stated: incorrect address validation can allow memory corruption in EL2 when the kernel is compromised. Affected scope is Samsung mobile devices prior to SMR Mar-2021 Release 1; expl...
Qualcomm WIN TZ FW Security Vulnerability
Qualcomm WIN TZ FW is a Qualcomm Incorporated USA support firmware for use on processors. A security vulnerability exists in Qualcomm WIN TZ FW, which arises from an image address being dereferenced prior to validation of its scope, and affects the following products and versions: AR7420, AR9580,...
The vulnerability of the spam protection mechanism in the Cisco AsyncOS operating system of the Cisco Email Security Appliance (ESA) allows a hacker to bypass the URL filtering.
The vulnerability of the spam protection mechanism in Cisco’s operating system, Cisco AsyncOS, within Cisco Email Security Appliance ESA, is related to errors during the validation of incoming URL addresses. Exploiting this vulnerability could allow a malicious actor to bypass the URL filtering...
Ubuntu 16.04 LTS / 18.04 LTS : netqmail vulnerabilities (USN-4621-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4621-1 advisory. It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause...
CVE-2020-3578
A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked...
mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes
An open redirect flaw was discovered in modauthopenidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would...