Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library

Summary The version used of Log4j, the library used for logging by PowerNukkit, is subject to a remote code execution vulnerability via the ldap JNDI parser. It's well detailed at CVE-2021-44228 and CVE-2021-45105https://github.com/advisories/GHSA-p6xc-xr62-6r2g. Impact Malicious client code coul...

EulerOS 2.0 SP8 : python2 (EulerOS-SA-2021-2812)

According to the versions of the python2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...

Ubuntu 18.04 LTS : Python vulnerabilities (USN-5199-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5199-1 advisory. It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially...

SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2021:4015-1)

The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4015-1 advisory. - There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user...

Buffer overflow

A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame...

Xiuno BBS 跨站脚本漏洞

Xiuno BBS is an open source forum program based on PHP and MySQL. Xiuno BBS suffers from a cross-site scripting vulnerability that originates from the failure of the product/admin/?setting-base.htm page to properly handle data in the sitebrief field. An attacker can exploit this vulnerability to...

Ubuntu 16.04 ESM : Python vulnerabilities (USN-5083-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5083-1 advisory. It was discovered that Python incorrectly handled certain RFCs. An attacker could possibly use this issue to cause a denial of service. This issue only...

GHSA-89V2-G37M-G3FF Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

Improper Verification of Cryptographic Signature in aws-encryption-sdk-java

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This update addresses an issue where certain invalid ECDSA signatures incorrectly passed validation. These signatures provide defense in depth...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ALSA-2021:1578 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Integer overflow in IntelR Graphics Drivers CVE-2020-12362 kernel: memory leak in sofsetgetlargectrldata function in sound/soc/sof/ipc.c CVE-2019-18811 kernel: use-after-free caused by a...

Ruby: imap: StartTLS stripping attack (CVE-2016-0772).

net/imap does not seem to raise an exception when the remote end imap server fails to respond with taggedresponse NO/BAD or OK to an explicit call of imap.starttls. This may allow a malicious MITM to perform a starttls stripping attack if the client code does not explicitly set usessl = true on...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 7 : kernel (RHSA-2021:0760)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0760 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: umask not applied on filesyste...

Atlassian Jira Server 和 Data Center 跨站脚本漏洞

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA. validation, an attacker could exploit the...

Scientific Linux Security Update : kernel on SL7.x x86_64 (2020:5437)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2020:5437-1 advisory. - kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt CVE-2020-14385 -...

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3503-1)

The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bug fixes. The following security bugs were fixed : CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote...

SUSE-SU-2020:3210-1 Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-12229 fixes several issues. The following security issues were fixed: - CVE-2020-14381: Fixed a use-after-free in the fast user mutex futex wait operation, which could have lead to memory corruption and possibly privilege escalation bsc1176011. -...

SUSE-SU-2020:3222-1 Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-12237 fixes several issues. The following security issues were fixed: - CVE-2020-14381: Fixed a use-after-free in the fast user mutex futex wait operation, which could have lead to memory corruption and possibly privilege escalation bsc1176011. -...

SUSE-SU-2020:3190-1 Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19748 fixes several issues. The following security issues were fixed: - CVE-2020-14381: Fixed a use-after-free in the fast user mutex futex wait operation, which could have lead to memory corruption and possibly privilege escalation bsc1176011. -...