Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload

The plugin does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images. v6.9.0 removed the unauthenticated hook, however, no capability and CSRF checks were implemented,...

CVE-2021-40099

An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution...

Chromium: CVE-2021-37968 Inappropriate implementation in Background Fetch API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2021-37967 Inappropriate implementation in Background Fetch API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2021-37965 Inappropriate implementation in Background Fetch API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

OESA-2021-1349 ansible security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

KLA12299 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. A use after free vulnerability in Tab...

Google Chrome Background Fetch API security bypass vulnerability

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in the Google Chrome Background Fetch API. An attacker could exploit this vulnerability to bypass security restrictions...

Google Chrome Background Fetch API Security Bypass Vulnerability (CNVD-2021-73418)

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in the Google Chrome Background Fetch API. An attacker could exploit this vulnerability to bypass security restrictions...

Google Chrome Background Fetch API security bypass vulnerability (CNVD-2021-73419)

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in the Google Chrome Background Fetch API. An attacker could exploit this vulnerability to bypass security restrictions...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in the Google Chrome Background Fetch API. An attacker could exploit this vulnerability to bypass security restrictions...

Google Chrome 访问控制错误漏洞

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in the Google Chrome Background Fetch API. An attacker could exploit this vulnerability to bypass security restrictions...

Google Chrome 安全特征问题漏洞

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in the Google Chrome Background Fetch API. An attacker could exploit this vulnerability to bypass security restrictions...

OESA-2021-1340 sssd security update

SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. Security Fixes: A flaw was...

sssd: shell command injection in sssctl

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

CVE-2021-1855

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to force unnecessary network connections to fetch its favicon...

Huawei HarmonyOS 资源管理错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A resource management error vulnerability exists in HUAWEI HarmonyOS, which stems from a double fetch vulnerability in a HarmonyOS component...

sssd: shell command injection in sssctl

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

sssd: shell command injection in sssctl

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

Command Injection

sssd is vulnerable to command injection. The vulnerability exists due to the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands...