openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2021:1367-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:1367-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.2.0 ESR. Firefox Extended Support Release 91.2.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2021-45 bsc1191332 CVE-2021-38496: Use-after-free in...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2021:1367-1 Rating: important References: 1188891 1189547 1190269 1190274 1190710 1191332 Cross-References: CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985...

SUSE-SU-2021:3446-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.2.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2021-45 bsc1191332 CVE-2021-38496: Use-after-free in MessageTask CVE-2021-38497: Validation message could have been overlaid on...

CVE-2021-38295 Privilege escalation vulnerability when using HTML attachments

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

Cross site scripting

In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4"...

Schneider Electric IGSS dc.exe Missing Authentication Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP traffic by the dc.exe process. The issue results...

FreakOut Botnet Turns DVRs Into Monero Cryptominers

Threat group FreakOut’s Necro botnet has developed a new trick: infecting Visual Tools DVRs with a Monero miner. Juniper Threat Labs researchers have issued a report detailing new activities from FreakOut, also known as Necro Python and Python.IRCBot. In late September, the team noticed that the...

CVE-2021-20124

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

CVE-2021-20123

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

CVE-2021-20123

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

Heap overflow

A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

Wire has unspecified vulnerabilities (CNVD-2022-10740)

Wire is a chat software from a personal developer. The software supports Web, WindowsiOS, Android, and OS X platforms, has group functionality, the ability to make voice calls, send photos, and its ingenious way of saying hello, PING. Wire has a security vulnerability that allows users of Wire by...

CVE-2021-42088

An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled...

CVE-2021-42088

An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled...

Cross site scripting

An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled...

CVE-2021-42088

An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled...

Design/Logic Flaw

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, China. A security vulnerability exists in a component of Huawei HarmonyOS, which provides a microkernel-based, fully-scoped distributed operating system. An attacker can exploit the vulnerability to cause abnormal system functionality...

CVE-2021-41596

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality...