Privilege Escalation

ansible-tower is vulnerable to privilege escalation. The vulnerability exists due to application credentials exposed to playbook job runs via environment variables...

CVE-2021-34201

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600DIR-2640. Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes...

Buffer overflow

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600DIR-2640. Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes...

CVE-2021-34201

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600DIR-2640. Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes...

MGASA-2021-0248 Updated docker-containerd packages fix security vulnerability

In containerd an industry-standard container runtime before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service that share the same image may receive incorrect...

SUSE SLES15 Security Update : containerd, docker, runc (SUSE-SU-2021:1954-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1954-1 advisory. - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapp...

DEBIAN-CVE-2021-22898

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

AZL-6359 CVE-2021-22898 affecting package curl for versions less than 7.76.0-5

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

Stack overflow

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

CVE-2021-22898

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

CVE-2021-22898

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

SUSE: Security Advisory (SUSE-SU-2019:3184-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[ASA-202106-20] inetutils: arbitrary code execution

Arch Linux Security Advisory ASA-202106-20 ========================================== Severity: High Date : 2021-06-09 CVE-ID : CVE-2019-0053 CVE-2020-10188 Package : inetutils Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1003 Summary ======= The package...

GHSA-FVX8-V524-8579 django-celery-results Stores Sensitive Information In Cleartext

django-celery-results prior to 2.4.0 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database. In version 2.4.0 this is no longer the default...

nodejs-lodash: command injection via template

A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables...

GSD-2021-1000010 temporary file creation (CWE-379) in fabric-samples version Prior to commit 6bccc138887b3dbd9dc920bad200068b11066ef7

In Hyperledger fabric-samples version Prior to commit 6bccc138887b3dbd9dc920bad200068b11066ef7 a temporary file creation CWE-379 exists in the digibank.sh and magnetocorp.sh that can be attacked via Local resulting in Information disclosure of all environmental variables...

CVE-2021-28559

Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global...

The randomIndex() can be determined

Handle s1m0 Vulnerability details Impact The function randomIndex is used to choose which id to mint theoretically randomly. The index can be computed with a smartContract by giving him through arguments the internal/private variables numTokens and nonce gotten with getStorageAt. Note there is al...

CVE-2021-29483 wikiconfig API leaked private config variables set through ManageWiki

ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. If you are...

Anyone can modify important state variables

Handle adelamo Vulnerability details Here you have more info: --- The text was updated successfully, but these errors were encountered: All reactions...