The vulnerability of the Intrusion Detection Service (IDS) of Junos operating system’s MX routers allows a intruder to block any arbitrary traffic.

The vulnerability of the Intrusion Detection Service IDS on Junos operating system’s MX routers is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to block any incoming traffic remotely...

Pi-hole cross-site scripting vulnerability (CNVD-2021-14160)

Pi-hole is a multi-platform, network-wide ad-blocking tool. A cross-site scripting vulnerability exists in Pi-hole 5.0, 5.1, 5.1.1. The vulnerability stems from insufficient validation of user-supplied data. An attacker can exploit this vulnerability to inject arbitrary web script or HTML via the...

ASUS RT-AX86U 安全漏洞

ASUS RT-AX86U is a wireless router from ASUS China. ASUS RT-AX86U router firmware is vulnerable to a buffer overflow in the blocking request.cgi function of the httpd module, which could be exploited by an attacker to construct malicious data leading to code execution...

PT-2021-11914 · Asus · Asus Rt-Ax86

Name of the Vulnerable Software and Affected Versions: ASUS RT-AX86U router firmware versions prior to 9.0.0.4 386 Description: The issue is related to a buffer overflow in the blocking request.cgi function of the httpd module. This can cause code execution when an attacker constructs malicious...

CVE-2020-7343

Missing Authorization vulnerability in McAfee Agent MA for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files...

PT-2021-12647 · Mcafee · Mcafee Agent

Name of the Vulnerable Software and Affected Versions: McAfee Agent MA for Windows versions prior to 5.7.1 Description: The issue allows local users to block product updates by manipulating a directory used for temporary files, resulting in the product continuing to function with out-of-date...

[SECURITY] Fedora 32 Update: nodejs-12.20.1-1.fc32

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

CVE-2021-0205

When the "Intrusion Detection Service" IDS feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the prefix as /32, causing the filter to block unexpected traffic. This issue affects only IPv6 prefixes...

The vulnerability of the fly-wm window manager, related to the bypassing of authentication due to a fundamental error, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the fly-wm window manager is related to the password prompt displayed during session blocking. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...

[SECURITY] Fedora 33 Update: nodejs-14.15.4-1.fc33

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

360 Security Browser suffers from dll hijacking vulnerability

360 Safe Browser adopts advanced malicious URL blocking technology, which can automatically block malicious URLs such as piracy, fraud, and Internet banking imitation. 360 Secure Browser has a dll hijacking vulnerability, which can be exploited by attackers to cause the user's computer to be...

GE Reason RT43X Clocks

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Reason RT43X Clocks Vulnerabilities: Code Injection, Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

Cross site request forgery (csrf)

The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

TikTok: Blocked user can see live video

A flaw had the potential to cause a user's live videos to be suggested to a blocked user. We thank @sandipgyawali for reporting this to our team and confirming the resolution...

SUSE-SU-2020:3932-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 20 bsc1180063,bsc1177943 CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 Class libraries: - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is...

OPENSUSE-SU-2020:2276-1 Security update for clamav

This update for clamav fixes the following issues: clamav was updated to the new major release 0.103.0. jscECO-3010,bsc1118459 Note that libclamav was changed incompatible, if you have a 3rd party application that uses libclamav, it needs to be rebuilt. Update to 0.103.0 clamd can now reload the...

SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2020:3790-1)

This update for clamav fixes the following issues : clamav was updated to the new major release 0.103.0. jscECO-3010,bsc1118459 Note that libclamav was changed incompatible, if you have a 3rd party application that uses libclamav, it needs to be rebuilt. Update to 0.103.0 clamd can now reload the...

Fedora: Security Advisory for nodejs (FEDORA-2020-43d5a372fc)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: nodejs-14.15.1-1.fc33

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Automattic: GET /api/v2/url_info endpoint is vulnerable to Blind SSRF

Summary: GET /api/v2/urlinfo endpoint is vulnerable to Blind SSRF. I am able to hit both Internal and External services via url parameter by replacing with internal and external url. Platforms Affected: https://www.tumblr.com/ Steps To Reproduce: 1. Login to https://www.tumblr.com/ 2. Follow any...