PT-2021-21582 · Hashicorp · Hashicorp Nomad +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions prior to 1.0.10 HashiCorp Nomad and Nomad Enterprise versions prior to 1.1.4 Description: The issue allows non-server agents with a valid certificate signed by the same CA to access server-only...

Protect

A debug functionality in FortiGate may allow a privileged user to execute unauthorized code or commands via specific chains of print str and cmd mem cli commands to, respectively, read and write hexadecimal values to any memory address...

EulerOS 2.0 SP5 : rpm (EulerOS-SA-2021-2346)

According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to...

CVE-2021-3759

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from th...

Cross site scripting

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205528...

CVE-2021-3759

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from th...

CVE-2021-39164

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...

Cross site scripting

A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox Version – 2.2.0 & below. The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the...

CVE-2020-35635

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in NefS2/SNCioparser.h SNCioparser::readsface storesmboundaryitem Sloopof OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead t...

consul -- rpc: authorize raft requests

Hashicorp reports: HashiCorp Consul Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation...

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-82985)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-82984)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description In this application there is weak CSRF protection on backup functionality. therefore according to below POC.html when a logged in user visits attacker website then an unintentional backup request sends to application. 🕵️‍♂️ Proof of Concept //PoC.html history.pushState'', '', '/'...

GHSA-7889-RM5J-HPGG Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality

Affected packages The vulnerability has been discovered in clipboard plugin. All plugins with clipboard plugin dependency are affected: clipboard pastetext pastetools widget uploadwidget autolink tableselection Impact A potential vulnerability has been discovered in CKEditor 4 Clipboard package...

MicroCopy <= 1.1.0 - Authenticated SQL Injection

The edit functionality in the plugin makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. PoC GET...

WordPress Page Contact <= 1.0 - Authenticated (editor+) SQL Injection

The Orders functionality in the plugin has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors PoC POST /wp-admin/admin.php?page=wpagecontact-plugin...

Cross-Site Scripting (XSS)

ckeditor is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the paste functionality...

OPENSUSE-SU-2021:2788-1 Security update for go1.16

This update for go1.16 fixes the following issues: Update to go1.16.7: - go47473 net/http: panic due to racy read of persistConn after handler panic CVE-2021-36221 bsc1189162 - go47348 cmd/go: 'go list -f '.Stale'' stack overflow with cyclic imports - go47332 time: Timer reset broken under heavy...

[SECURITY] Fedora 33 Update: libtpms-0.8.4-2.20210624gita594c4692a.fc33

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-64077)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...