SUSE SLES15 Security Update : kernel (Live Patch 10 for SLE 15 SP2) (SUSE-SU-2022:0291-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0291-1 advisory. - A vulnerability was found in Linux Kernel where refcount leak in llcpsockbind causing use-after-free which might lead to privilege escalation...

SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP3) (SUSE-SU-2022:0293-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0293-1 advisory. - A vulnerability was found in Linux Kernel where refcount leak in llcpsockbind causing use-after-free which might lead to privilege escalation...

Blackhole for Bad Bots < 3.3.2 - Arbitrary IP Address Blocking via IP Spoofing

The plugin uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitimate/good search engine crawlers / bots. This could also be abuse...

Blackhole for Bad Bots < 3.3.2 - Arbitrary IP Address Blocking via IP Spoofing

The plugin uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitimate/good search engine crawlers / bots. This could also be abuse...

Fedora: Security Advisory for nodejs (FEDORA-2022-78090d2099)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: nodejs-16.13.2-1.fc35

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

[SECURITY] Fedora 34 Update: nodejs-14.18.3-1.fc34

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

PT-2022-15040 · Unknown +2 · Onionshare +2

Name of the Vulnerable Software and Affected Versions: OnionShare versions 2.4 Description: The receive mode in OnionShare limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered by a simple script. An adversary with access to the receive mo...

CVE-2021-45884

Brave Desktop versions 1.17–1.33.x prior to 1.33.106 are affected. When CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, DNS requests are issued outside the proxying extension using the system DNS settings, leading to information disclosure. Root cause described ...

Brave 信息泄露漏洞

Brave is a fast, private and secure web browser from Brave USA. Brave Desktop suffers from an information disclosure vulnerability that originates in Brave Desktop 1.17 through 1.33 prior to 1.33.106, when cname-based adblocking and proxy extensions with SOCKS fallback are enabled, that uses the...

Nodejs Command Injection Vulnerability

nodejs is a JavaScript runtime environment based on the ChromeV8 engine through the Chromev8 engine for the packaging and the use of event-driven and non-blocking IO applications so that the development of high-performance Javascript background applications has become possible . A command injecti...

Vpn Plugin replacing destination IP with 0.0.0.0 for the 172.16.0.0/16 subnet - Spoofed IP to original IP.

ADC - While using VPN Plugin to access intranet resources, addresses for the subnet 172.16.0.0/16 are replaced by spoofed IP with a message similar to this: "Replaced the spoofed ip 172.16.10.10to original IP 0.0.0.0 in ICMP packet" And the traffic never reaches the destination...

The vulnerability of the uri-block plugin for the Apache APISIX cloud API allows a hacker to bypass security restrictions.

The vulnerability of the uri-block plugin for the Apache APISIX cloud API is related to errors that occur when using the $requesturi variable. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions remotely...

GSD-2021-1002539 arm64: uaccess: avoid blocking within critical sections

arm64: uaccess: avoid blocking within critical sections This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.6 by commit...

CVE-2021-40171

The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BGU-ITR-F1-BDBL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the system...

CVE-2021-40171

The CVE-2021-40171 entry concerns the SecuritasHome Startpaket (HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117). Reported vulnerability: absence of notifications for ongoing RF jamming attacks, which can allow an attacker to block legitimate traffic without alerting the system owner. Public sour...

Log4j 0day mitigation update CVE-2021-44228

Wallarm has rolled out the update to detect and mitigate CVE-2021-44228. No additional actions are required from the customers Attempts at exploitation will be automatically blocked in a blocking mode When working in a monitoring mode, consider creating a virtual patch Log4Shell A 0-day exploit i...

CVE-2021-36720

PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=alert1 and stealing cookies...

Cybonet PineApp Mail Secure 跨站脚本漏洞

Cybonet PineApp Mail Secure from Cybonet Israel blocks most malicious email threats at the network perimeter while providing a range of additional options for comprehensive security and message control. Cybonet PineApp Mail Secure suffers from a cross-site scripting vulnerability that originates ...