MGASA-2021-0591 Updated eclipse packages fix security vulnerability

Authenticate active help requests to the local help web server CVE-2020-27225...

DRUPAL-CONTRIB-2021-047

This modules enables users to login via email address. This module does not sufficiently check user status when authenticating...

PT-2021-14826 · Lantronix · Lantronix Premierwave 2050

Name of the Vulnerable Software and Affected Versions: Lantronix PremierWave 2050 version 8.9.0.0R4 Description: A directory traversal issue exists in the Web Manager FsBrowseClean functionality, allowing an attacker to make a specially crafted HTTP request that can lead to arbitrary file deletio...

Information Disclosure

opencast-common is vulnerable to Information Disclosure. The attack is possible because the library does not restrict the file access and authenticate against external services listed in a media package, leading to disclose the global system user's credentials to the outside cluster...

SUSE-SU-2021:3747-1 Security update for samba

This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos bsc1014440. - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members bsc1192284...

CVE-2020-23058

An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data...

CVE-2020-23058

An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data...

PT-2021-10831 · Unknown · Nong Ge File Explorer

Name of the Vulnerable Software and Affected Versions: Nong Ge File Explorer version 1.4 Description: The issue is related to the authentication mechanism, allowing unauthenticated access to sensitive data. Recommendations: For Nong Ge File Explorer version 1.4, update to a newer version that...

CVE-2021-31350

An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit JET API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the...

MGASA-2021-0462 Updated opendmarc packages fix security vulnerability

OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field CVE-2019-20790. OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication...

CVE-2021-41120

CVE-2021-41120 affects the Sylius PayPal plugin. In affected versions, the payment-page URL used after checkout was predictable due to an autoincremented payment id in the path (/pay-with-paypal/{id}). The credit card form prefilled the cardholder name with the customer’s first and last name and ...

多款Qualcomm产品授权问题漏洞

Qualcomm SDX55 and others are products of Qualcomm Incorporated Qualcomm.SDX55 is a modem.IPQ6018 is a central processing unit CPU product.QCA6390 is a central processing unit CPU product. Multiple Qualcomm Products WLAN An authorization issue vulnerability exists in that the vulnerability stems...

OTRS 授权问题漏洞

A security vulnerability exists in OTRS, a German OTRS application, a service management software, due to a problem in the development and implementation of the lost password feature. A malicious attacker could exploit this vulnerability to be able to perform a valid user login via the "lost...

Huawei HarmonyOS 授权问题漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. A security vulnerability exists in Huawei HarmonyOS, which stems from a component of the product that does not effectively authenticate users. An attacker could...

CVE-2021-30908

An authentication issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1. A local attacker may be able to view the previous logged-in user’s desktop from the fast user switching screen...

Apple macOS Big Sur 后置链接漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. A security vulnerability exists in various Apple products that originates from an authentication issue in the handling of symbolic links. The application can be exploited to access restricted files. The issue is fixed in Catalina, iO...

CVE-2021-31337

The CVE-2021-31337 issue concerns the Telnet service of the SIMATIC HMI Comfort Panels component. The Telnet service does not require authentication, potentially allowing a remote attacker to gain access if the service is enabled. Affected products/versions include SINAMICS SL150 (all versions), ...

Rockstar Games: Social Club Account Takeover Via RGL And Steam/Epic Linked Account

In this report, the researcher discovered and demonstrated a method to hijack access to a Social Club account via a previously-linked Epic Games or Steam account. To perform the attack, the attacker first needed access to a Steam or Epic Games account with entitlement to a game with Social Club...

Design/Logic Flaw

A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this...

Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now!

VMware has rolled out patches to address a critical security vulnerability in vCenter Server that could be leveraged by an adversary to execute arbitrary code on the server. Tracked as CVE-2021-21985 CVSS score 9.8, the issue stems from a lack of input validation in the Virtual SAN vSAN Health...