Moderate: Red Hat Security Advisory: go-toolset-1.15 and go-toolset-1.15-golang security and bug fix update

An update for go-toolset-1.15 and go-toolset-1.15-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Gartner report recommends a smart approach to enterprises needing to incorporate data privacy capabilities to manage evolving regulatory guidelines

In a recent Gartner report The State of Privacy and Personal Data Protection, 2020-2022, the authors assume that “through 2022, privacy-driven spending on compliance tooling will increase to more than US$8 billion worldwide. By 2023, 65 percent of the world’s population will have its personal...

GSD-2021-1000800 ice: track AF_XDP ZC enabled queues in bitmap

ice: track AFXDP ZC enabled queues in bitmap This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.10 by commit...

A New Spyware is Targeting Telegram and Psiphon VPN Users in Iran

Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan RAT capable of stealing sensitive information from targets' devices since at least 2015. Russian cybersecurity firm Kaspersky,...

UBUNTU-CVE-2021-22116

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugi...

VulnCheck KEV: CVE-2021-21985

VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution...

DRUPAL-CONTRIB-2021-013

This module lets you craft and expose a GraphQL web service API. The module does not sufficiently protect arbitrary exception and error messages thereby exposing an information disclosure vulnerability. This vulnerability is mitigated by the fact that a GraphQL server must be enabled and a data...

DRUPAL-CONTRIB-2021-011

Open Social is a Drupal distribution for online communities. The included social\magic\login module doesn't sufficiently validate magic login URLs for user accounts. The lack of validation makes it possible for an adversary to forge valid login URLs and login to such an account. This vulnerabilit...

sudo security and bug fix update

1.8.29-7 - RHEL 8.4 ERRATUM - CVE-2021-3156 Resolves: rhbz1917734 - CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit Resolves: rhzb1916434 - CVE-2021-23240 sudo: symbolic link attack in SELinux-enabled sudoedit Resolves: rhbz1917038 - updated upstream url...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WP Customer Reviews WordPress plugin before 3.5.6, which can ...

CVE-2021-27925

An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can depending on a race condition cause an internal user with administrator privileges, @nsserver, to have its credentials leaked in cleartext in the...

Couchbase Server 竞争条件问题漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server 6.5.x and 6.6.x through 6.6.1, which stems from a crash condition...

corosync bug fix and enhancement update

An update is available for corosync. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The corosync packages provide the Corosync Cluster Engine and C APIs for Roc...

OPENSUSE-SU-2021:0751-1 Security update for prosody

This update for prosody fixes the following issues: prosody was updated to 0.11.9: Security: modlimits, prosody.cfg.lua: Enable rate limits by default certmanager: Disable renegotiation by default modproxy65: Restrict access to local c2s connections by default util.startup: Set more aggressive...

PT-2024-11099 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A null dereference error occurs in the Linux kernel when resuming after suspend, even when the interface was not previously enabled. This is caused by the driver queuing work via...

SUSE SLES12 Security Update : bind (SUSE-SU-2021:1469-1)

This update for bind fixes the following issues : CVE-2021-25214: Fixed a broken inbound incremental zone update IXFR which could have caused named to terminate unexpectedly bsc1185345. CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that...

SUSE-SU-2021:1469-1 Security update for bind

This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update IXFR which could have caused named to terminate unexpectedly bsc1185345. - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records...

SUSE-SU-2021:1468-1 Security update for bind

This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update IXFR which could have caused named to terminate unexpectedly bsc1185345. - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records...

PT-2021-18239 · Hedgedoc · Hedgedoc

Name of the Vulnerable Software and Affected Versions: HedgeDoc versions prior to 1.5.0 Description: The issue affects HedgeDoc, an open-source collaborative markdown editor, where an attacker can receive arbitrary files from the file system when exporting a note to PDF. This exploit requires the...

CVE-2021-0249 Junos OS: SRX Series: A remote attacker may be able to cause a PFE buffer overflow to arbitrarily remotely execute code or commands on the target device with UTM enabled.

On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code or commands on the target to take over or otherwise impact the device by sending crafted packets to...