6655 matches found
CVE-2021-25281
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master. Recent assessments: kevthehermit at February 26, 2021 5:08pm UTC reported: Vulnerability This...
CVE-2021-21309
Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for...
Integer overflow
Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for...
CVE-2021-24085
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-1730. Recent assessments: bwatters-r7 at March 03, 2021 1:51pm UTC reported: This attack is super useful to gain privileged access to an Exchange server. Given the ubiquity of the target, it’s remote nature, the...
Important: kernel-livepatch-4.14.209-160.335
Issue Overview: A flaw was found in the Linux kernel. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity ...
Mozilla Thunderbird Security Advisories (MFSA2021-06, MFSA2021-09) - Windows
Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...
Important: kernel-livepatch-4.14.209-160.339
Issue Overview: A flaw was found in the Linux kernel. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity ...
All Vulnerabilities for vajiramandravi.com Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| vajiramandravi.com ---|--- Open Bug...
Important: kernel-livepatch-4.14.209-160.339
Issue Overview: A flaw was found in the Linux kernel's implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to...
Important: kernel-livepatch-4.14.209-160.335
Issue Overview: A flaw was found in the Linux kernel's implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to...
Important: kernel-livepatch-4.14.203-156.332
Issue Overview: A flaw was found in the Linux kernel's implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to...
Hackers try to poison Florida City’s drinking water
The FBI, the Secret Service, and the Pinellas County Sheriffs Office are currently investigating an attempted poisoning of a city by an individual or group of hackers that occurred Friday last week. If it hadnt been caught in time, at least 15,000 people could have been affected. In a Monday pres...
PT-2021-8266 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.0-rc5-01361-ge3c1b78c8440-dirty Description: The issue is related to the radix set pte at function in the Linux kernel, which does not properly order the update of the Page Table Entry PTE with subsequent...
All Vulnerabilities for stevenfowler.me Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| stevenfowler.me ---|--- Open Bug Bounty...
SonicWall SNWLID-2021-0001 Zero-Day and SolarWinds’ 2021 CVE Trifecta: What You Need to Know
Not content with the beating it laid down in January, 2021 continues to deliver with an unpatched zero-day exposure in some SonicWall appliances and three moderate-to-critical CVEs in SolarWinds software. We dig into the details below. Urgent mitigations required for SonicWall SMA 100 Series...
Browser sync—what are the risks of turning it on?
Modern browsers include synchronization features like Google Chromes Sync so that all your browsers, on all your devices, share the same tabs, passwords, plugins, and other features. While this is certainly convenient, particularly when youre migrating to a new device, synchronizing browsers also...
Exploit for Off-by-one Error in Sudo_Project Sudo
CVE-2021-3156 checking CVE-2021-3156 vulnerability & patchi...
Exploit for Off-by-one Error in Sudo_Project Sudo
CVE-2021-3156 Note: These instructions are my own and not...
Exploit for Off-by-one Error in Sudo_Project Sudo
This simple bash script will patch the recently discovered s...
Code injection
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...