SUSE SLES12 Security Update : bind (SUSE-SU-2021:1469-1)

This update for bind fixes the following issues : CVE-2021-25214: Fixed a broken inbound incremental zone update IXFR which could have caused named to terminate unexpectedly bsc1185345. CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that...

SUSE-SU-2021:1469-1 Security update for bind

This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update IXFR which could have caused named to terminate unexpectedly bsc1185345. - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records...

SUSE-SU-2021:1468-1 Security update for bind

This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update IXFR which could have caused named to terminate unexpectedly bsc1185345. - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records...

PT-2021-18239 · Hedgedoc · Hedgedoc

Name of the Vulnerable Software and Affected Versions: HedgeDoc versions prior to 1.5.0 Description: The issue affects HedgeDoc, an open-source collaborative markdown editor, where an attacker can receive arbitrary files from the file system when exporting a note to PDF. This exploit requires the...

CVE-2021-0249 Junos OS: SRX Series: A remote attacker may be able to cause a PFE buffer overflow to arbitrarily remotely execute code or commands on the target device with UTM enabled.

On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code or commands on the target to take over or otherwise impact the device by sending crafted packets to...

OESA-2021-1147 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation...

Vulnerability Spotlight: Remote code execution vulnerabilities in Cosori smart air fryer

Dave McDaniel of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two code execution vulnerabilities in the Cosori smart air fryer. The Cosori Smart Air Fryer is a WiFi-enabled kitchen appliance that cooks food with a variety of... This is only the...

D-Link DIR-802 操作系统命令注入漏洞

The D-Link DIR-802 is a wireless router from AUO D-Link in Taiwan, China. A command injection vulnerability exists in the D-Link DIR-802 A1 1.00b05 and earlier versions, which stems from the system default of enabling Universal Plug and Play on port 1900. An attacker can exploit this vulnerabilit...

VulnCheck KEV: CVE-2019-9879

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation...

PT-2021-18192 · D Link · D-Link Dir-802 A1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-802 A1 versions 1.00b05 and earlier Description: An issue was discovered where Universal Plug and Play UPnP is enabled by default on port 1900, allowing an attacker to perform command injection by injecting a payload into the Searc...

OPENSUSE-SU-2021:0535-1 Security update for bcc

This update for bcc fixes the following issues: - Enabled PIE for bcc-lua if lua support is enabled bsc1183399 This update was imported from the SUSE:SLE-15-SP2:Update update project...

GHSA-P62G-JHG6-V3RQ Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.11, and 2.9.7 respectively, when using ansiblefacts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansiblefacts after the clean. An attacker could take...

CVE-2021-26071

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery CS...

CVE-2021-29646

A flaw buffer overflow in the Linux kernel TIPC protocol functionality was found in the way user uses protocol with encryption enabled. A local user could use this flaw to crash the system...

CVE-2021-23004

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, Multipath TCP MPTCP forwarding flows may be created on standard virtual servers without MPTCP enabled in the applied TCP profile...

DEBIAN-CVE-2021-29264

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are...

[SECURITY] Fedora 34 Update: gnome-shell-extensions-40.0~rc-1.fc34

GNOME Shell Extensions is a collection of extensions providing additional a nd optional functionality to GNOME Shell. Enabled extensions: apps-menu auto-move-windows drive-menu launch-new-instance native-window-placement places-menu screenshot-window-sizer user-theme window-list windowsNavigator...

Shopify: xss is triggered on your web

I don't know where my xsshunter script is, but my script is enabled on your web. is on your web 1. https://devicemanager.shopifycloud.com/admin Impact xss is triggered...

Netgear NETGEAR JGS516PE 安全漏洞

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A firmware update vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. The vulnerability stems from the TFTP server being active by default. An attacker could exploit this vulnerability to update the...

CVE-2021-21335

In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...