1390 matches found
March 8, 2022—KB5011495 (OS Build 14393.5006) - EXPIRED
March 8, 2022—KB5011495 OS Build 14393.5006 - EXPIRED EXPIRATION NOTICE As of 9/12/2023, KB5011495 is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. --- 11/19/20 For...
UBUNTU-CVE-2022-24565
Checkmk =2.0.0p19 Fixed in 2.0.0p20 and Checkmk =1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting XSS vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications...
CVE-2022-24565
Checkmk =2.0.0p19 Fixed in 2.0.0p20 and Checkmk =1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting XSS vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications...
PT-2022-16721 · Checkmk +1 · Checkmk +1
Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0p27 and earlier Checkmk versions 2.0.0p19 and earlier Description: The issue is related to a Cross Site Scripting XSS vulnerability. It occurs because the Alias of a site is not properly escaped when shown as a condition...
Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems
In 2021, a team of researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service DDS standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022...
[SECURITY] Fedora 35 Update: thefuck-3.32-1.fc35
This application corrects your previous console command. If you use BASH, you should add these lines to your .bashrc: alias fuck=3D'eval $thefuck $fc -ln -1; history -r' alias FUCK=3D'fuck' For other shells please check /usr/share/doc/thefuck/README.md...
PT-2025-8100
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A issue in the Linux kernel has been resolved, related to non-access data TLB cache flush faults on parisc architecture. When a page is not present, non-access data TLB faults occur from...
Design/Logic Flaw
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault...
HashiCorp Vault 安全漏洞
Hashicorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp USA. A security vulnerability exists in HashiCorp Vault and Vault Enterprise that stems from a software templated ACL policy that always matches the first entity alias created, which could lead to incorrect...
PT-2021-24000 · Hashicorp · Hashicorp Vault +1
Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.7.5 HashiCorp Vault and Vault Enterprise version 1.8.4 Description: The issue arises when templated ACL policies in HashiCorp Vault and Vault Enterprise match the first-created...
Privilege Escalation
glib2 is vulnerable to privilege escalation. The vulnerability exists due to the use of random charset alias and lack of sanitization of the authorization, leaking content from files owned by privileged users to unprivileged ones under the right condition...
glib2: Possible privilege escalation thourgh pkexec and aliases
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition...
VulnCheck KEV: CVE-2021-42013
Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CGI scripts are enabled. This CVE ID resolves an incomplete patch for...
UBUNTU-CVE-2021-3800
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition...
CVE-2021-41802
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4...
NIMax 5.3.1f0 - (VISA Alias) Denial of Service Exploit
Exploit Title: NIMax 5.3.1f0 - 'VISA Alias' Denial of Service PoC Exploit Author: LinxzSec Vulnerability: Local Denial of Service DoS Vendor Homepage: https://www.ni.com/en-gb.html Software Link: License Required - https://knowledge.ni.com/KnowledgeArticleDetails?id=kA03q000000YGQwCAO&l=en-GB...
NIMax 5.3.1f0 Denial Of Service
Exploit Title: NIMax 5.3.1 - 'Remote VISA System' Denial of Service PoC Date: 24/06/2021 Exploit Author: LinxzSec Vulnerability: Local Denial of Service DoS Vendor Homepage: https://www.ni.com/en-gb.html Software Link: License Required -...
NIMax 5.3.1f0 - 'VISA Alias' Denial of Service (PoC)
Exploit Title: NIMax 5.3.1f0 - 'VISA Alias' Denial of Service PoC Date: 24/06/2021 Exploit Author: LinxzSec Vulnerability: Local Denial of Service DoS Vendor Homepage: https://www.ni.com/en-gb.html Software Link: License Required -...
Hashicorp HashiCorp Vault has an unspecified vulnerability
HashiCorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp, U.S. A security vulnerability exists in HashiCorp Vault and Vault Enterprise, which stems from allowing a user with write access to an entity alias ID to share with another user load visitors to gain acces...
Updated apache packages fix security vulnerability
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...