SUSE-SU-2021:3651-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to Extended Support Release 91.3.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2021-49 bsc1192250 CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets CVE-2021-38504:...

CVE-2021-3380

Insecure direct object reference IDOR vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality...

Design/Logic Flaw

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active...

Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding

This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code. This project is comprised of the following elements: Harness.exe: The "victim" application which i...

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

Description cross site request forgery vulnerability is present in delete functionality of doctor feature. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of delete the existing logs...

CVE-2021-43389

An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network ISDN functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of...

CVE-2021-43339

In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via filename in the export functionality. For example, a new admin user could be created...

Command injection

In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via filename in the export functionality. For example, a new admin user could be created...

CVE-2021-43339

In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via filename in the export functionality. For example, a new admin user could be created...

Siren Investigate code issue vulnerability

Siren Investigate is a front-end to the Siren platform from Siren Ireland, allowing the creation of dashboards, charts, link analysis, alerts, etc. A code issue vulnerability exists in Siren Investigate that stems from the product's failure to properly handle the product's cluster functionality. ...

CVE-2021-43267

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication TIPC functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSGCRYPTO message type...

Nvidia vGPU Software code issue vulnerability

Nvidia vGPU Software is a management software for providing GPU functionality to virtual machines from Nvidia, Inc. NVIDIA vGPU software is vulnerable to a code issue that could be exploited by an attacker to dereference NULL pointers and cause a denial of service...

This New Android Malware Can Gain Root Access to Your Smartphones

An unidentified threat actor has been linked to a new Android malware strain that features the ability to root smartphones and take complete control over infected smartphones while simultaneously taking steps to evade detection. The malware has been named "AbstractEmu" owing to its use of code...

Huawei HarmonyOS 代码问题漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, fully distributed operating system. The Huawei HarmonyOS component is vulnerable to null pointer dereference, which could be exploited by local attackers to cause system functionality to be...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2021-26084 Confluence remote code execution RCE...

EulerOS 2.0 SP3 : rpm (EulerOS-SA-2021-2613)

According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to...

CVE-2021-42540

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality...

Code injection

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality...

CVE-2021-3896

An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network ISDN functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of...

CVE-2021-39352

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with...