KLA12448 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, bypass security restrictions, perform cross-site scripting attack, spoof user interface. Below is a complete list of...

ROS-2-1719

2.1719 Multiple vulnerabilities in Redis CVE-2021-29477,CVE-2021-29478 1. Vulnerability Description: A vulnerability exists due to an integer overflow in the STRALGO LCS command. A remote attacker could pass specially crafted data to an application, cause an integer overflow, and execute arbitrar...

CVE-2021-30797

This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution...

CVE-2021-31580

The restricted shell provided by Akkadian Provisioning Manager Engine PME can be bypassed by switching the OpenSSH channel from shell to exec and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 and later, Akkadian Provisioning...

Debian DLA-2650-1 : exim4 security update

The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution. Details can be found in the Qualys advisory at https://www.qualys.com/2021/05/04/21nails/21nails.txt For Debian 9 stretch, these...

CVE-2021-1871

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this...

Debian DLA-2368-1 : grunt security update

It was discovered that there was a arbitrary code execution vulnerability in grunt, a JavaScript task runner. This was possible due to the unsafe loading of YAML documents. For Debian 9 'Stretch', this problem has been fixed in version 1.0.1-5+deb9u1. We recommend that you upgrade your grunt...

XSS Vulnerability in Legacy System x IMM2 - Lenovo Support US

No description provided...

EUVD-2020-30464

Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution...

[SECURITY] [DLA 1979-1] italc security update

Package : italc Version : 1:2.0.2+dfsg1-2+deb8u1 CVE ID : CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 CVE-2016-9941 CVE-2016-9942 CVE-2018-6307 CVE-2018-7225 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023...

CVE-2019-10068

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...

Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker...

Node.js third-party modules: [html-pages] Path Traversal in html-pages module allows to read any file from the server with curl

Hi, This report is about Directory Traversal vulnerability I found in html-pages module. Module: html-pages is a module which allows to browse directories and serve static files in the browser. The vulnerability exists in the latest available version 2.0.7 Link to npm page:...

MGASA-2017-0194 Updated libmwaw packages fix security vulnerability

It was discovered that a buffer overflow in libmwaw might result in the execution of arbitrary code if a malformed document is opened CVE-2017-9433...

FreeBSD : irssi -- use-after-free potential code execution (06f931c0-0be0-11e7-b4bf-5404a68ad561)

The irssi project reports : Use after free while producing list of netjoins CWE-416. This issue was found and reported to us by APic. This issue usually leads to segmentation faults. Targeted code execution should be difficult. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

Haraka 2.8.9 - Remote Command Execution

Haraka 2.8.9 - Remote Command Execution !/usr/bin/python Exploit Title: Harakiri ShortDescription: Haraka comes with a plugin for processing attachments. Versions before 2.8.9 can be vulnerable to command injection Exploit Author: xychix xychix at hotmail.com / mark at outflank.nl Date: 26 Januar...

MS11-030: Vulnerability in DNS Resolution could allow remote code execution: April 12, 2011

MS11-030: Vulnerability in DNS Resolution could allow remote code execution: April 12, 2011 INTRODUCTION Microsoft has released security bulletin MS11-030. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...

KLA10879 Multiple vulnerabilities in Adobe Flash Player

Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security restrictions. Below is a complete list of vulnerabilities 1. Type confusion, use-after-free and memory corruption vulnerabilities...

Metasploit Web UI Static secret_key_base Value

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule NullSerializer @serializer = options:serializer || Marshal end def encryptandsignvalue...

Microsoft Visio Remote Code Execution Vulnerability (3124585)

This host is missing a critical security update according to Microsoft Bulletin MS16-004 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...