CVE-2021-27495

CVE-2021-27495 affects Ypsomed mylife Cloud and mylife App: the system reflects the user password during login after redirecting from HTTPS to HTTP. Affected versions are mylife Cloud all versions before 1.7.2 and mylife App all versions before 1.7.5. The issue is due to improper handling of cred...

Microsoft Windows EFSRPC NTLM Reflection Elevation of Privilege (PetitPotam) (Remote)

Binary data windowspetitpotam.nbin...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2421-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2421-1 advisory. - The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require th...

EulerOS Virtualization 3.0.2.2 : bind (EulerOS-SA-2021-2127)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Bind-utils contains a collection of utilities for querying DNS Domain Name System name servers to find out information about Intern...

Unspecified vulnerability in Ypsomed mylife App (CNVD-2021-69617)

Ypsomed mylife App is an application of Ypsomed AG. To optimize communication between people with diabetes and healthcare professionals, mylife Therapy Management is an easy-to-use, easy-to-share solution for diabetes therapy data. mylife App by Ypsomed has a security vulnerability that reflects...

VMware vCenter Server Virtual SAN Health Check Remote Code Execution Exploit

This Metasploit module exploits Java unsafe reflection and SSRF in the VMware vCenter Server Virtual SAN Health Check plugin's ProxygenController class to execute code as the vsphere-ui user. See the vendor advisory for affected and patched versions. Tested against VMware vCenter Server 6.7 Updat...

UBUNTU-CVE-2020-26558

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...

Exploit for Unsafe Reflection in Vmware Vcenter_Server

No d...

CVE-2021-30179

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...

CVE-2021-30179

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...

Deserialization of untrusted data

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...

CTS Web transaction system 跨站脚本漏洞

The CTS Web transaction system is a CTS Web transaction system from Taiwan's Cascade Information Corporation. A cross-site scripting vulnerability exists in the CTS Web transaction system, which stems from the fact that the specific functional parameters of the transaction system do not filter...

DEBIAN-CVE-2020-26558

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...

WordPress 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress Membership & Learning Management System Plugin for WordPress plugin prior to version 4.21.1, which stems from the plugin generating...

Zope 跨站脚本漏洞

Zope is a set of object-oriented, open source web application servers written in the Python language from the Zope ZOPE community. A cross-site scripting vulnerability exists in Zope Products.CMFCore before 2.5.1 and PluggableAuthService before 2.6.2, which stems from allowing reflection of XSS...

New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers

Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System DNS resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers. The flaw, called 'TsuNAME,' was discovered by researche...

SUSE: Security Advisory (SUSE-SU-2019:1181-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple vulnerabilities in Bouncy Castle affects Apache Solr shipped with IBM Operations Analytics - Log Analysis

Summary There is various type of vulnerabilities in Bouncy Castle that affect Apache Solr. The list can be found at Vulnerability Details section. Vulnerability Details CVEID: CVE-2018-1000613 DESCRIPTION: Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute...

“Huge upsurge” in DDoS attacks during pandemic

Researchers at Netscout have released a report analyzing the malicious internet traffic of 2020 and comparing it to the years before. Some of the results were as expected: Brute-forcing credentials and more targeting towards internet-connected devices were foreseeable and have been discussed at...

Security fix for the ALT Linux 9 package glpi version 9.5.4-alt1

9.5.4-alt1 built April 14, 2021 Pavel Zilke in task 269862 March 31, 2021 Pavel Zilke - New version 9.5.4 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-21326 : Horizontal Privilege Escalation + CVE-2021-21255 : entities switch IDOR + CVE-2021-21258 : XSS...