Debian DLA-2779-1 : mediawiki - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2779 advisory. - In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a...

Debian: Security Advisory (DLA-2779-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2779-1] mediawiki security update

Debian LTS Advisory DLA-2779-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 09, 2021 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.27.7-1deb9u10 CVE ID : CVE-2021-35197 CVE-2021-41798 CVE-2021-41799 Multiple security issues were found in...

CVE-2021-34782

A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An...

Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. A security vulnerability exists in Cisco DNA Center that stems from improper access control to API endpoints. An attacker could exploit the vulnerability by sending specific API requests to the affected applicatio...

CVE-2021-39872

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...

Improper access control

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...

Debian DSA-4979-1 : mediawiki - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4979 advisory. Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service and ...

Cross-site Scripting in LibreNMS

In LibreNMS description variable. As a result, arbitrary Javascript code can get executed...

GHSA-2R2W-JRH2-P4GR Cross-site Scripting in LibreNMS

In LibreNMS description variable. As a result, arbitrary Javascript code can get executed...

Authentication flaw

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train...

CVE-2021-28495

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train...

LibreNMS Cross-Site Scripting Vulnerability (CNVD-2021-93896)

LibreNMS is a PHP/MYSQL/SNMP-based open source monitoring tool. a stored cross-site scripting vulnerability exists in API access pages in versions of LibreNMS prior to 21.3.0. The vulnerability stems from insufficient validation of the $api-description variable. An attacker could use this...

Cross site scripting

In LibreNMS description variable. As a result, arbitrary Javascript code can get executed...

CVE-2021-31274

In LibreNMS description variable. As a result, arbitrary Javascript code can get executed...

PT-2021-22030 · WordPress · The Gutenberg Template Library & Redux Framework

Name of the Vulnerable Software and Affected Versions: The Gutenberg Template Library & Redux Framework plugin versions prior to 4.2.12 Description: The issue concerns an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route. Specifically, t...

Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms

New vulnerabilities have been discovered in Fortress S03 Wi-Fi Home Security System that could be potentially abused by a malicious party to gain unauthorized access with an aim to alter system behavior, including disarming the devices without the victim's knowledge. The two unpatched issues,...

CVE-2021-3927[67]: Fortress S03 WiFi Home Security System Vulnerabilities

!CVE-2021-3927\67: Fortress S03 WiFi Home Security System Vulnerabilitieshttps://blog.rapid7.com/content/images/2021/08/fortress-vuln.jpg Rapid7 researcher Arvind Vishwakarma discovered multiple vulnerabilities in the Fortress S03 WiFi Home Security System. These vulnerabilities could result in...

CVE-2021-22025

The vRealize Operations Manager API 8.x prior to 8.5 contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster...

CVE-2021-22025

The vRealize Operations Manager API 8.x prior to 8.5 contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster...