Consensus Halt

github.com/cosmos/cosmos-sdk encounters a consensus halt. An attacker with the ability to send transactions on any chain with the authz module enabled can halt that chain using many Grants, with different but close expiration times as it uses non-deterministic behaviour in a ValidateBasic method ...

The vulnerability of the component of the Blink module for browsers Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.

The vulnerability of the Blink module component of Google Chrome and Microsoft Edge browsers is related to data type conversion errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page...

Oracle MySQL Cluster 输入验证错误漏洞

MySQL Cluster is a write-scalable, real-time, ACID-compatible transactional database. A security vulnerability exists in the Cluster: JS module component in Oracle MySQL Cluster 8.0.25 and earlier. An attacker can exploit this vulnerability to cause a denial of service...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-48502)

CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...

CVE-2021-21473

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRMRFCSUBMITREPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver AB...

CVE-2021-21473

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRMRFCSUBMITREPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver AB...

The vulnerability of the central module for managing engineering data and the product’s life cycle in the “LOCMAN Client” system, a system for managing engineering data and the product’s life cycle, arises from the possibility of unlimited loading of dangerous type files, allowing attackers to execute arbitrary codes.

The vulnerability of the central module responsible for managing engineering data and the product’s lifecycle in the LOCsMAN Engineering Data and Product Lifecycle Management system is related to the possibility of unlimited loading of dangerous files. Exploiting this vulnerability could allow...

Schneider Electric IGSS 缓冲区错误漏洞

The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. An out-of-bounds write vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed multiple vulnerabilities in Visual Studio and Visual Studio Code. The vulnerabilities allow a malicious person able to execute arbitrary code under the privileges of the user. The vulnerability with reference CVE-2021-21300 has been classified by Microsoft rated "Critical" the...

Linux kernel 安全漏洞

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. An arbitrary code execution vulnerability exists in mwifiexcmd80211adhocstart in...

Odoo Cross-Site Scripting Vulnerability (CNVD-2020-74057)

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python language, PostgreSQL as the database, and includes modules for sales management, inventory management, financial management and so on. A cross-site...

Red Discord Bot Elevation of Privilege Vulnerability

Red Discord Bot is a modular robot written in Python by an individual developer. The bot software can be configured to accomplish different functions depending on the module. A security vulnerability exists in Red Discord Bot versions prior to 3.4.1 that stems from an unauthorized privilege...

USN-4534-1 libdbi-perl vulnerability

It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information...

CVE-2020-14529

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering component: Investor Module. Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network...

SUSE-SU-2020:1819-1 Security update for unbound

This update for unbound fixes the following issues: - CVE-2020-12662: Fixed an issue where unbound could have been tricked into amplifying an incoming query into a large number of queries directed to a target bsc1171889. - CVE-2020-12663: Fixed an issue where malformed answers from upstream name...

SUSE-SU-2020:1772-1 Security update for unbound

This update for unbound fixes the following issues: - CVE-2020-12662: Fixed an issue where unbound could have been tricked into amplifying an incoming query into a large number of queries directed to a target bsc1171889. - CVE-2020-12663: Fixed an issue where malformed answers from upstream name...

SQL Injection Vulnerability in Learning Module ti*** Parameters of 120 Emergency Command Center Web Service System

120 Emergency Command Center Web Service System is a set of web application services for 120 Emergency Command Center, including internal training, learning and assessment functions. SQL injection vulnerability exists in the learning module ti parameter of the 120 Emergency Command Center Web...

Code Injection in courajs/node-svn

Description The svn module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var SVN = require'svn'; var svn = new SVN'./workingcopy'; svn.info"test; touch...

pam-krb5 buffer overflow vulnerability

pam-krb5 is a PAM module for Kerberos authentication. A buffer overflow vulnerability exists in pam-krb5 versions prior to 4.9, which stems from an incorrect boundary check. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system with the help of a special...

NVIDIA Virtual GPU Manager Denial of Service Vulnerability

NVIDIA Virtual GPU Manager is an NVIDIA virtual GPU management software from NVIDIA. A security vulnerability exists in the kernel module nvidia.ko in NVIDIA Virtual GPU Manager. An attacker could exploit this vulnerability to cause a denial of service...