Design/Logic Flaw

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization component: Gateway. The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global...

CVE-2021-2210

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite component: Quotes. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade...

[SECURITY] Fedora 33 Update: rpm-ostree-2021.4-1.fc33

rpm-ostree is a hybrid image/package system. It supports "composing" packages on a build server into an OSTree repository, which can then be replicated by client systems with atomic upgrades. Additionally, unlike many "pure" image systems, with rpm-ostree each client system can layer on additiona...

CVE-2021-23999

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

[SECURITY] Fedora 34 Update: gnome-shell-extensions-40.0~rc-1.fc34

GNOME Shell Extensions is a collection of extensions providing additional a nd optional functionality to GNOME Shell. Enabled extensions: apps-menu auto-move-windows drive-menu launch-new-instance native-window-placement places-menu screenshot-window-sizer user-theme window-list windowsNavigator...

[SECURITY] Fedora 34 Update: plasma-workspace-wallpapers-5.21.3-1.fc34

Additional wallpapers for Plasma workspace...

[SECURITY] Fedora 34 Update: kdeplasma-addons-5.21.3-1.fc34

Additional Plasmoids for Plasma 5...

CopperStealer Malware Targets Facebook and Instagram Business Accounts

A malware that until now has gone undocumented has been quietly hijacking online accounts of advertisers and users of Facebook, Apple, Amazon, Google and other web giants since July 2019 and then using them for nefarious activity, researchers have found. Dubbed CopperStealer, the malware acts...

made.com Cross Site Scripting vulnerability OBB-1958822

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| made.com ---|--- Open Bug Bounty...

[SECURITY] Fedora 32 Update: python3-3.8.7-2.fc32

Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...

CVE-2020-28487 Cross-site Scripting (XSS)

This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application...

CVE-2021-2046

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While t...

Design/Logic Flaw

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite component: Preferences. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CR...

CVE-2021-2089

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: Runtime Catalog. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore...

Oracle VM VirtualBox (Jan 2021 CPU)

The Prior to 6.1.18 versions of VM VirtualBox installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2021 CPU advisory. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected ...

Additional Analysis into the SUNBURST Backdoor | McAfee Blogs

ARCHIVED STORY Additional Analysis into the SUNBURST Backdoor Christiaan Beek · DEC 17, 2020 Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the broader campaign has resulted in detection against specific IoC...

CVE-2020-0464

In resolvcachelookup of rescache.cpp, there is a possible side channel information disclosure. This could lead to local information disclosure of accessed web resources with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

USN-4666-2: lxml vulnerability

USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides the corresponding additional patch in order to properly fix the vulnerability. Original advisory details: It was discovered that lxml incorrectly handled certain HTML. An attacker could...

USN-4666-2 lxml vulnerability

USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides the corresponding additional patch in order to properly fix the vulnerability. Original advisory details: It was discovered that lxml incorrectly handled certain HTML. An attacker could...

Code injection

An issue existed in the handling of incoming calls. The issue was addressed with additional state checks. This issue is fixed in iOS 14.2 and iPadOS 14.2. A user may answer two calls simultaneously without indication they have answered a second call...