Security Vulnerabilities fixed in Firefox 97 — Mozilla

A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Firefox on Windows. Other operating systems are unaffected. If a user...

CVE-2021-27660

An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs...

CVE-2021-27660

An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs...

Design/Logic Flaw

An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs...

CVE-2021-27660

CVE-2021-27660 affects Johnson Controls C-CURE 9000. The vulnerability arises from an insecure client auto-update feature (improper input validation CWE-20) that can enable remote execution of lower-privileged Windows programs. Impact is high (C/H/I/H/A/H) with network vector and low attack compl...

Johnson Controls C-CURE 输入验证错误漏洞

Johnson Controls C-CURE is a site server from Johnson Controls, Inc. It is a cost-effective access control solution for small sites requiring up to 64 card readers. An input validation error vulnerability exists in the Johnson Controls C-CURE 9000, which stems from the auto-update feature of the...

Sensormatic Electronics C-CURE 9000 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Equipment: C-CURE 9000 Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

Inkdrop vulnerable to OS command injection

Overview Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains an OS command injection vulnerability CWE-78. Eiji Mori of Flatt Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

JVN#29949691: Inkdrop vulnerable to OS command injection

Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains an OS command injection vulnerability CWE-78. Impact If a file or code snippet containing an invalid iframe is loaded into Inkdrop, an arbitrary OS command may be executed on the system where it runs. Solution Update the...

SUSE: Security Advisory (SUSE-SU-2020:3378-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...

openSUSE Security Update : podman (openSUSE-2020-2039)

This update for podman fixes the following issues : Security issue fixed : - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed : - add dependency to timezone package or podman...

openSUSE Security Update : podman (openSUSE-2020-2063)

This update for podman fixes the following issues : Security issue fixed : - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed : - add dependency to timezone package or podman...

Security update for podman (moderate)

openSUSE Security Update: Security update for podman Announcement ID: openSUSE-SU-2020:2063-1 Rating: moderate References: 1176804 1178122 1178392 Cross-References: CVE-2020-14370 Affected Products: openSUSE Leap 15.2 An update that solves one vulnerability and has two fixes is now available...

OPENSUSE-SU-2020:2039-1 Security update for podman

This update for podman fixes the following issues: Security issue fixed: - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed: - add dependency to timezone package or podman...

CVE-2020-17091

Microsoft Teams Remote Code Execution Vulnerability Recent assessments: jheysel-r7 at December 22, 2020 8:33pm UTC reported: Reasoning for low attacker value: The web app is always up to date. The desktop client updates itself automatically. Teams checks for updates every few hours behind the...

Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched

Cisco has disclosed a zero-day vulnerability – for which there is not yet a patch – in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client Software. While Cisco said it is not aware of any exploits in the wild for the vulnerability, it said Proof-of-Concept PoC exploit...

Vulnerabilities fixed in Cisco AnyConnect Secure Mobility Client

Cisco has fixed vulnerabilities in AnyConnect Secure Mobility Client. The vulnerabilities allow a locally authenticated malicious party to execute arbitrary code under the victim's privileges and to obtain sensitive information obtain. For the vulnerability with attribute CVE-2020-5336, Cisco...

WordPress Pushes Out Multiple Flawed Security Updates

The day after WordPress pushed out a critical 5.5.2 security update, patching a remote code execution bug and nine additional flaws, it was forced push out a second update and then a third 5.5.3 update. The hiccup is tied to the WordPress auto-update feature that accidentally started sending 455...

InterPlanetary Storm Botnet Infects 13K Mac, Android Devices

A new variant of the InterPlanetary Storm malware has been discovered, which comes with fresh detection-evasion tactics and now targets Mac and Android devices in addition to Windows and Linux, which were targeted by previous variants of the malware. Researchers say, the malware is building a...