Command injection

In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via filename in the export functionality. For example, a new admin user could be created...

CVE-2021-43339

In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via filename in the export functionality. For example, a new admin user could be created...

Siren Investigate code issue vulnerability

Siren Investigate is a front-end to the Siren platform from Siren Ireland, allowing the creation of dashboards, charts, link analysis, alerts, etc. A code issue vulnerability exists in Siren Investigate that stems from the product's failure to properly handle the product's cluster functionality. ...

CVE-2021-43267

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication TIPC functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSGCRYPTO message type...

Nvidia vGPU Software code issue vulnerability

Nvidia vGPU Software is a management software for providing GPU functionality to virtual machines from Nvidia, Inc. NVIDIA vGPU software is vulnerable to a code issue that could be exploited by an attacker to dereference NULL pointers and cause a denial of service...

This New Android Malware Can Gain Root Access to Your Smartphones

An unidentified threat actor has been linked to a new Android malware strain that features the ability to root smartphones and take complete control over infected smartphones while simultaneously taking steps to evade detection. The malware has been named "AbstractEmu" owing to its use of code...

Huawei HarmonyOS 代码问题漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, fully distributed operating system. The Huawei HarmonyOS component is vulnerable to null pointer dereference, which could be exploited by local attackers to cause system functionality to be...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2021-26084 Confluence remote code execution RCE...

EulerOS 2.0 SP3 : rpm (EulerOS-SA-2021-2613)

According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to...

CVE-2021-42540

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality...

Code injection

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality...

CVE-2021-3896

An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network ISDN functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of...

CVE-2021-39352

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with...

openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2021:1367-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:1367-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.2.0 ESR. Firefox Extended Support Release 91.2.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2021-45 bsc1191332 CVE-2021-38496: Use-after-free in...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2021:1367-1 Rating: important References: 1188891 1189547 1190269 1190274 1190710 1191332 Cross-References: CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985...

SUSE-SU-2021:3446-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.2.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2021-45 bsc1191332 CVE-2021-38496: Use-after-free in MessageTask CVE-2021-38497: Validation message could have been overlaid on...

CVE-2021-38295 Privilege escalation vulnerability when using HTML attachments

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

Cross site scripting

In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4"...

Schneider Electric IGSS dc.exe Missing Authentication Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP traffic by the dc.exe process. The issue results...