269 matches found
Design/Logic Flaw
IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476...
Security Bulletin: The PowerVM Platform KeyStore functionality can be compromised if an attacker gains service access to the FSP
Summary An attacker that gains service access to the FSP can locate and through a series of service procedures decrypt data contained in the Platform KeyStore Vulnerability Details CVEID: CVE-2021-29765 DESCRIPTION: IBM PowerVM Hypervisor could allow an attacker to obtain sensitive information if...
SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2021:1854-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1854-1 advisory. - Mozilla Thunderbird 78.10.2 - CVE-2021-29957: Fixed partial protection of inline OpenPGP message not indicated bsc1186198. -...
SUSE-SU-2021:1854-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.10.2 - CVE-2021-29957: Fixed partial protection of inline OpenPGP message not indicated bsc1186198. - CVE-2021-29956: Fixed Thunderbird stored OpenPGP secret keys without master password protection bsc1186199....
CVE-2021-32541 SysJust CTS Web - Broken Access Control
The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services...
Security Vulnerabilities fixed in Firefox ESR 78.10.1 — Mozilla
The Mozilla Maintenance Service granted SERVICESTART access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating if an attacker spammed the 'Stop' command; but also...
Cisco Firepower Management Center 安全漏洞
Cisco Firepower Management Center FMC is the next generation firewall management center software from Cisco. A security vulnerability exists in Cisco Firepower Management Center that stems from insufficient enforcement of access controls in the affected software. An attacker could use this...
CVE-2021-27291
A denial of service attack was discovered against pygments. Some of the regular expressions used to tokenise source code for highlighting have exponential complexity. A specially crafted input file could cause pygments to take effectively infinite time to parse, consuming CPU resources and denyin...
AZL-7375 CVE-2021-20230 affecting package stunnel for versions less than 5.70-1
A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to...
CVE-2020-8554
A flaw was found in kubernetes. If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods or nodes in the cluster. Mitigation ExternalIP addresses ranges can be configured as described below. OCP 4 is secure by default, though...
CVE-2020-16163
An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent...
systemd: services with DynamicUser can get new privileges and create SGID binaries
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow a cooperating process to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to...
PT-2019-14629 · Rpyc +1 · Rpyc +1
Name of the Vulnerable Software and Affected Versions: RPyC versions 4.1.x through 4.1.1 Description: A remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings. Recommendations: For RP...
PT-2021-5793
Name of the Vulnerable Software and Affected Versions FFmpeg version 4.2 Description A heap-based Buffer Overflow issue exists in FFmpeg, specifically at libavfilter/vf floodfill.c, which may lead to memory corruption and other potential consequences. This issue is related to a buffer overflow...
CVE-2019-13069
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service...
Design/Logic Flaw
Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and to disclose database names via a crafted request...
SUSE SLED15 / SLES15 Security Update : cf-cli (SUSE-SU-2019:1220-1)
"This update for cf-cli fixes the following issues : cf-cli was updated: to version 6.43.0 bsc1132242 Enhancements : cf curl supports a new --fail flag primarily for scripting purposes which returns exit code 22 for server errors story Improves cf delete-orphaned-routes such that it uses a...
CVE-2019-10712
The Web-GUI on WAGO Series 750-88x 750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889 and Series 750-87x 750-830, 750-849, 750-871, 750-872, 750-873 devices has undocumented service access...
Design/Logic Flaw
The Web-GUI on WAGO Series 750-88x 750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889 and Series 750-87x 750-830, 750-849, 750-871, 750-872, 750-873 devices has undocumented service access...
CVE-2019-10712
CVE-2019-10712 (WAGO 750-88x/750-87x): The issue is due to a vulnerability in the Web-GUI where undocumented service access exists, enabling use of hard-coded/default credentials to access web management interfaces. Affected devices include WAGO Series 750-88x (models such as 750-330, 750-352, 75...