SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3325-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3325-1 advisory. - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client...

openSUSE 15 Security Update : rabbitmq-server (openSUSE-SU-2021:3325-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3325-1 advisory. - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the...

CVE-2021-33903

In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. However, changing the password of the root user via LANconfig does change the password of the root user for...

CVE-2021-32762

An integer overflow issue leading to heap buffer overflow was found in the hiredis library. The "redis-cli" command-line tool and "redis-sentinel" service may be vulnerable to this flaw when parsing specially crafted, large multi-bulk network replies. This flaw allows a remote attacker to corrupt...

CVE-2021-41092

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be...

DEBIAN-CVE-2021-41092

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be...

CVE-2021-41092

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be...

CVE-2021-41092

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be...

Path traversal

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be...

UBUNTU-CVE-2021-41092

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be...

CVE-2021-41092 Docker CLI leaks private registry credentials to registry-1.docker.io

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be...

CVE-2021-41092

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be...

CVE-2021-41092

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be...

CVE-2021-41092

CVE-2021-41092 describes a Docker CLI vulnerability where docker login against a misconfigured credentials store (credsStore/credHelpers) could cause credentials to be sent to registry-1.docker.io instead of a private registry. The issue affects the Docker CLI and was fixed in Docker CLI 20.10.9....

Redis Labs Redis 安全漏洞

Redis Labs Redis is an open source, ANSI C, web-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis Labs, Inc. that provides APIs in multiple languages. A security vulnerability exists in Redis, which stems from the command-line tools redis-cli and the...

redis -- multiple vulnerabilities

The Redis Team reports: CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on so...

Amazon Linux AMI : docker (ALAS-2021-1537)

The version of docker installed on the remote host is prior to 20.10.7-3.71. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1537 advisory. A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially- crafted containe...

Salesforce DX command line interface (CLI) does not adequately protect sfdxurl credentials

Overview The default security configuration in Salesforce allows an authenticated user with the Salesforce-CLI to create URL that will allow anyone, anywhere access to the Salesforce GUI with the same administrative credentials without a log trace of access or usage of the API. Description The...

in youzan/vant

✍️ Description The @vant/cli package is vulnerable to Regular Expression Denial of Service ReDoS. An attacker that is able to provide a crafted string as the input to the decamelize function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex...

SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3254-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3254-1 advisory. - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client...