PT-2021-8030 · Mitsubishi · Melsec Iq-R Series Safety Cpu Modules R08/16/32/120Sfcpu +1

Name of the Vulnerable Software and Affected Versions: MELSEC iQ-R Series Safety CPU modules R08/16/32/120SFCPU firmware versions prior to 26 MELSEC iQ-R Series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions prior to 11 Description: The issue is related to the exposure of sensitiv...

Several Malware Families Targeting IIS Web Servers With Malicious Modules

A systematic analysis of attacks against Microsoft's Internet Information Services IIS servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight...

Denial of service

An uncontrolled resource consumption denial of service vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via...

HCC Embedded InterNiche 安全特征问题漏洞

The SENTRON 3WA COM190 is an accessory module for 3WA circuit breakers providing connectivity via PROFINET IO and Modbus TCP.The SENTRON 3WL COM35 is an accessory module for 3WL circuit breakers providing connectivity via PROFINET IO and Modbus TCP.The SENTRON 7KM PAC The Switched Ethernet PROFIN...

Xen / ARM Boot Modules Are Not Scrubbed Information Exposure (XSA-372)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an information disclosure vulnerability as boot modules are not scrubbed. The bootloader will load boot modules e.g. kernel, initramfs... in a temporary area before they are copied by Xen...

Update of perl-Pod-Simple, perl-IO-Compress-Bzip2, perl-Log-Message, perl-CPANPLUS, perl-Parse-CPAN-Meta, perl-Archive-Tar, perl-Locale-Maketext-Simple, perl-Compress-Raw-Zlib, perl-ExtUtils-MakeMaker, perl-version, perl-Params-Check, perl-Module-CoreList, perl-parent, perl-Log-Message-Simple, perl-IO-Compress-Base, perl-Archive-Extract, perl-Test-Harness, perl-Module-Load, perl-Compress-Zlib, perl-Module-Pluggable, perl-Pod-Escapes, perl-Module-Build, perl-Module-Loaded, perl-Test-Simple, perl-Term-UI, perl-Package-Constants, perl-Object-Accessor, perl-Digest-SHA, perl-ExtUtils-ParseXS, perl-File-Fetch, perl-Time-HiRes, perl-Compress-Raw-Bzip2, perl-Time-Piece, perl-CGI, perl-ExtUtils-CBuilder, perl-IO-Zlib, perl-Module-Load-Conditional, perl-IO-Compress-Zlib, perl-ExtUtils-Embed, perl-IPC-Cmd, perl-CPAN

...

org.apereo.cas:cas-server-support-gauth (>=6.0.0 <=6.1.7.1), org.apereo.cas:cas-server-support-gauth-core (>=6.0.0 <=6.1.7.1) +8 more potentially affected by CVE-2020-27178 via org.apereo.cas:cas-server-support-otp-mfa-core (>=6.0.0 <=6.1.7.1)

org.apereo.cas:cas-server-support-otp-mfa-core MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.1.0, =6.0.0, =6.0.0, =6.1.0, =6.1.7.1 Source cves: CVE-2020-27178 Source advisory: OSV:GHSA-Q39C-5VH5-VW2P...

org.apereo.cas:cas-server-support-gauth (>=6.2.0 <=6.2.3), org.apereo.cas:cas-server-support-gauth-core (>=6.2.0 <=6.2.3) +9 more potentially affected by CVE-2020-27178 via org.apereo.cas:cas-server-support-otp-mfa-core (>=6.2.0 <=6.2.3)

org.apereo.cas:cas-server-support-otp-mfa-core MAVEN version =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.3 Source cves: CVE-2020-27178 Source advisory: OSV:GHSA-Q39C-5VH5-VW2P...

shadowbroker

This repository, zhangyouren/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a README file that lists the contents of the repository, which includes various exploit modules, payloads...

Default configuration

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

Update of perl-Pod-Simple, perl-Log-Message-Simple, perl-Object-Accessor, perl-IPC-Cmd, perl-ExtUtils-MakeMaker, perl-Compress-Raw-Zlib, perl-CPAN, perl-CGI, perl-Digest-SHA, perl-Module-Loaded, perl-parent, perl-Module-CoreList, perl-Compress-Raw-Bzip2, perl-File-Fetch, perl-version, perl-ExtUtils-Embed, perl-Locale-Maketext-Simple, perl-Time-HiRes, perl-Module-Load-Conditional, perl-IO-Compress-Bzip2, perl-ExtUtils-CBuilder, perl-Term-UI, perl-Module-Build, perl-Pod-Escapes, perl-IO-Compress-Base, perl-Parse-CPAN-Meta, perl-Time-Piece, perl-Params-Check, perl-Module-Pluggable, perl-Archive-Tar, perl-IO-Compress-Zlib, perl-Package-Constants, perl-Test-Simple, perl-Test-Harness, perl-IO-Zlib, perl-ExtUtils-ParseXS, perl-Archive-Extract, perl-CPANPLUS, perl-Log-Message, perl-Module-Load, perl-Compress-Zlib

...

CVE-2020-21808

SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php...

Fedora: Security Advisory for varnish-modules (FEDORA-2021-cf7585f0ca)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: varnish-modules-0.17.1-2.fc34

This is a collection of modules "vmods" extending Varnish VCL used for describing HTTP request/response policies with additional capabilities. This collection contains the following vmods: bodyaccess, header, saintmode, tcp, var, vsthrottle, xkey...

ansible: multiple modules expose secured values

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

ansible: multiple modules expose secured values

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

Amazon Linux AMI : containerd (ALAS-2021-1523)

The version of containerd installed on the remote host is prior to 1.4.6-2.7. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1523 advisory. A bug was discovered in containerd where pulling and extracting a specially-crafted container image can result in Unix file...

SUSE SLES12 Security Update : containerd (SUSE-SU-2021:2413-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:2413-1 advisory. - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted...

CVE-2021-32773

Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow...

CVE-2021-32773

Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow...