SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2021:0754-1)

This update for openssl-11 fixes the following issues : CVE-2021-23840: Fixed an Integer overflow in CipherUpdate bsc1182333 CVE-2021-23841: Fixed a NULL pointer dereference in X509issuerandserialhash bsc1182331 Fixed unresolved error codes in FIPS bsc1182959. Note that Tenable Network Security h...

SUSE-SU-2021:0754-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate bsc1182333 - CVE-2021-23841: Fixed a Null pointer dereference in X509issuerandserialhash bsc1182331 - Fixed unresolved error codes in FIPS bsc1182959...

Cross-site Scripting(XSS)

node-ansi-up:sid is vulnerable to cross-site scripting XSS. ANSI escape codes can be used to create HTML hyperlinks due to insufficient URL sanitization...

DEBIAN-CVE-2021-3377

The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...

CVE-2021-3377

The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...

CVE-2021-3377

The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...

ansi_up 跨站脚本漏洞

Dru Nelson ansiup is a Dru Nelson open source application. Ansiup is an open source application Dru Nelson that converts text containing ANSI color escapes to HTML. A security vulnerability exists in ansiup v4, which can be exploited to create HTML hyperlinks from ansi escape code...

CVE-2021-27509

In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code...

CVE-2021-27203

In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHODNEITHER results in arbitrary memory dereferencing...

Memory corruption

In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHODNEITHER results in arbitrary memory dereferencing...

CVE-2021-27203

In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHODNEITHER results in arbitrary memory dereferencing...

CVE-2021-27203

CVE-2021-27203 affects Dekart Private Disk 2.15, where invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER leads to arbitrary memory dereferencing. The description notes a memory corruption type vulnerability with local impact (attack vector likely local). The Connected docu...

Ukrainian Police Arrest Author of World's Largest Phishing Service U-Admin

Law enforcement officials in Ukraine, in coordination with authorities from the U.S. and Australia, last week shut down one of the world's largest phishing services that were used to attack financial institutions in 11 countries, causing tens of millions of dollars in losses. The Ukrainian attorn...

CVE-2020-9014

In Epson iProjection v2.30, the driver file EMPNSAU.sys allows local users to cause a denial of service BSOD via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \Device\EMPNSAUIO and \DosDevices\EMPNSAU are similarly affected...

CVE-2020-10234

The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic aka BSOD follows. The IOCTL codes can be found in the dispatch function:...

CVE-2020-10234

The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic aka BSOD follows. The IOCTL codes can be found in the dispatch function:...

PT-2021-12854 · Epson · Epson Iprojection

Name of the Vulnerable Software and Affected Versions: Epson iProjection version 2.30 Description: The driver file EMP MPAU.sys in Epson iProjection allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl...

Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)

Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation 2 Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintcheckdirsparc2.c - Solaris/SPARC FMT LPE...

Huawei Data Communication: Command Injection Vulnerability in Some Huawei Products (huawei-sa-20201111-02-injection)

Some Huawei products have a command injection vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

Courier: Rate limit function bypass can leads to occur huge critical problem into website.

Hello team, I have found a technique that can easily bypass rate limit system of website and with this bug we attacker can easily attack into login panel, Sent unlimited number of huge notification to victim, bypass OTP codes and takeover accounts etc. Basically i have added a header...