PT-2021-15206 · Schneider Electric · Powerlogic Egx100 +1

Name of the Vulnerable Software and Affected Versions: PowerLogic EGX100 versions 3.0.0 and newer PowerLogic EGX300 all versions Description: A vulnerability exists due to improper input validation, potentially causing denial of service or remote code execution via a specially crafted HTTP packet...

PT-2021-7758 · Libxml2 +2 · Libxml2 +2

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.0.10-31 Description: The issue is related to a NULL pointer dereference flaw in the ReadSVGImage function of the coders/svg.c component. This flaw is caused by not checking the return value from libxml2's...

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().

...

OESA-2021-1149 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the applyextra script sandbox, which...

Google Releases Security Updates for Chrome

Google has released Chrome version 90.0.4430.85 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Thi...

SAP Releases April 2021 Security Updates

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for April 2021 and apply the necessary...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary...

The vulnerability of the mpatch_apply function in the Mercuria version control software allows a attacker to compromise data integrity.

The vulnerability of the mpatchapply function in the Mercuria version control tool is related to the lack of a mechanism for checking input data. Exploiting this vulnerability allows an attacker to compromise the integrity of data...

Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities

Summary The Planning Analytics Workspace component of IBM Planning Analytics is affected by vulnerabilities . These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 61. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to...

CVE-2021-1070

NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the applybinaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an...

JVN#35906450: Multiple vulnerabilities in acmailer

acmailer provided by Seeds Co.,Ltd. contains multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20617 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5...

PT-2021-14646 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier Jenkins LTS versions 2.263.1 and earlier Description: The issue results from the failure to escape notification bar response contents, leading to a cross-site scripting XSS vulnerability. This vulnerability...

Microsoft Releases Security Updates for Edge

Microsoft has released a security update to address multiple vulnerabilities in Edge Chromium-based. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the latest entry for Microsoft Security Advisory...

PT-2020-5216 · Microsoft · Sharepoint Foundation +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Description: The issue is related to errors in...

Apple Releases Security Updates for iCloud for Windows

Apple has released security updates to address vulnerabilities in iCloud for Windows. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple...

PT-2022-19328

Name of the Vulnerable Software and Affected Versions Spip Web Framework versions v3.1.13 and earlier Description The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities are located at the "/ecrire" endpoint via the lier trad and where parameters. Recommendations For Spip...

PyYAML: command execution through python/object/apply constructor in FullLoader

A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. ...

Google Releases Security Updates for Chrome

Google has released Chrome version 86.0.4240.75 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Arbitrary Code Execution

Overview jsen is a JSON-Schema validator built for speed Affected versions of this package are vulnerable to Arbitrary Code Execution. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no...

PT-2020-4044 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in handling objects in memory by the win32k component of Windows operating systems. This could allow an attacker to elevate their privileges using a specially...