ROS-2-1719

2.1719 Multiple vulnerabilities in Redis CVE-2021-29477,CVE-2021-29478 1. Vulnerability Description: A vulnerability exists due to an integer overflow in the STRALGO LCS command. A remote attacker could pass specially crafted data to an application, cause an integer overflow, and execute arbitrar...

PT-2021-7546 · Hirschmann · Hirschmann Bat-C2

Name of the Vulnerable Software and Affected Versions: Hirschmann BAT-C2 affected versions not specified Description: The issue exists due to the lack of measures to neutralize special elements used in the operating system command. It allows a remote attacker to execute arbitrary code by sending ...

Microsoft OMI Management Interface Authentication Bypass Exploit

By removing the authentication header, an attacker can issue an HTTP request to the OMI management endpoint that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September 8th 2021. This module requires Metasploi...

Microsoft Word Remote Code Execution Vulnerability

...

CVE-2021-39144 XStream is vulnerable to a Remote Command Execution attack

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

CVE-2021-30797

This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution...

CVE-2021-31580

The restricted shell provided by Akkadian Provisioning Manager Engine PME can be bypassed by switching the OpenSSH channel from shell to exec and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 and later, Akkadian Provisioning...

Debian DLA-2650-1 : exim4 security update

The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution. Details can be found in the Qualys advisory at https://www.qualys.com/2021/05/04/21nails/21nails.txt For Debian 9 stretch, these...

CVE-2021-1871

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this...

Debian DLA-2368-1 : grunt security update

It was discovered that there was a arbitrary code execution vulnerability in grunt, a JavaScript task runner. This was possible due to the unsafe loading of YAML documents. For Debian 9 'Stretch', this problem has been fixed in version 1.0.1-5+deb9u1. We recommend that you upgrade your grunt...

XSS Vulnerability in Legacy System x IMM2 - Lenovo Support US

No description provided...

EUVD-2020-30464

Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution...

CVE-2020-1605 Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets and arbitrarily execute commands on the target device.

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon JDHCPD process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This...

MGASA-2019-0391 Updated libgit2 packages fix security vulnerabilities

libgit2 has been updated to version 0.28.4 to fix several security issues: A carefully constructed commit object with a very large number of parents may lead to potential out-of-bounds writes or potential denial of service. CVE-2019-1348: the fast-import stream command "feature export-marks=path"...

[SECURITY] [DLA 1979-1] italc security update

Package : italc Version : 1:2.0.2+dfsg1-2+deb8u1 CVE ID : CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 CVE-2016-9941 CVE-2016-9942 CVE-2018-6307 CVE-2018-7225 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023...

Gatekeeper Bug in MacOS Mojave Allows Malware to Execute

Researcher Filippo Cavallarin disclosed a bug in the macOS security feature Gatekeeper that allows malicious code execution on systems running the most recent version of Mojave 10.14.0. MacOS Gatekeeper is an Apple security feature that enforces code signing and verifies downloads and apps before...

CVE-2019-10068

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...

Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker...

Node.js third-party modules: [html-pages] Path Traversal in html-pages module allows to read any file from the server with curl

Hi, This report is about Directory Traversal vulnerability I found in html-pages module. Module: html-pages is a module which allows to browse directories and serve static files in the browser. The vulnerability exists in the latest available version 2.0.7 Link to npm page:...

MGASA-2017-0194 Updated libmwaw packages fix security vulnerability

It was discovered that a buffer overflow in libmwaw might result in the execution of arbitrary code if a malformed document is opened CVE-2017-9433...