PT-2021-4147

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions prior to the fixed version Description The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit...

Observable Response Discrepancy in Lost Password Service

Impact It is possible to enumerate usernames via the forgot password functionality Patches Update to version 10.1.3 or apply this patch manually: https://github.com/pimcore/pimcore/pull/10223.patch Workarounds Apply https://github.com/pimcore/pimcore/pull/10223.patch manually...

DEBIAN-CVE-2020-21605

libde265 v1.0.4 contains a segmentation fault in the applysaointernal function, which can be exploited via a crafted a file...

ALPINE-CVE-2020-21605

libde265 v1.0.4 contains a segmentation fault in the applysaointernal function, which can be exploited via a crafted a file...

UBUNTU-CVE-2020-21605

libde265 v1.0.4 contains a segmentation fault in the applysaointernal function, which can be exploited via a crafted a file...

CVE-2021-39189 Observable Response Discrepancy in Lost Password Service

Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually...

SAP Releases September 2021 Security Updates 

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for September 2021 and apply the...

DEBIAN-CVE-2021-38698

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2...

UBUNTU-CVE-2021-38698

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2...

Hashicorp HashiCorp Consul 安全漏洞

Hashicorp HashiCorp Consul is a suite of distributed, highly available data center-aware solutions from HashiCorp Hashicorp USA. The product is used to connect and provision applications across a dynamically distributed infrastructure. A security vulnerability exists in the HashiCorp Consul and...

PT-2021-22260 · Hashicorp +3 · Hashicorp Consul +4

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise version 1.10.1 Description: The Txn.Apply endpoint in HashiCorp Consul and Consul Enterprise allowed services to register proxies for other services, enabling access to service traffic. Recommendations:...

CVE-2021-28846

A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\...

CVE-2021-28844

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to applycgi via a dographauth action without a sessionid key...

CVE-2021-28841

Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to applycgi via an action pingtest without a pingipaddr key...

TRENDnet 多款产品 代码问题漏洞

TRENDnet TEW-755AP and others are a router from Trendnet, a US-based company. Several Trendnet products are vulnerable to null pointer dereference. A remote attacker could use the vulnerability to send POST requests to applycgi via the lang operation without a language key, resulting in a denial ...

 Cisco Releases Security Updates

Cisco has released security updates to address multiple vulnerabilities in Intersight Virtual Appliance. An attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA...

Mozilla Releases Security Updates for Firefox, Thunderbird

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 90...

 Adobe Releases Security Updates for Multiple Products 

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...

Apple Releases Security Updates for iOS 12.5.4

Apple has released security updates to address vulnerabilities in iOS 12.5.4. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security update and apply the necessary updates. This product is provid...