[SECURITY] Fedora 33 Update: libtpms-0.8.5-0.20210901git18ba4c0206.fc33

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

[SECURITY] Fedora 34 Update: libtpms-0.8.5-0.20210901git18ba4c0206.fc34.0

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

Privilege Escalation

github.com/hashicorp/consul is vulnerable to Privilege Escalation. The vulnerability exists due to a lack of sanitization of authorization which may allow non-server agents with valid certificate signed by the same CA to access server-only functionality...

GHSA-593V-WCQX-HQ2W Incorrect version tags linked to external repository

Impact A security incident caused a number of incorrect version tags to be pushed to the Parse Server repository. These version tags linked to a personal fork of a contributor who had write access to the repository. The code to which these tags linked has not been reviewed or approved by Parse...

CVE-2021-32801

Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4...

Authorities Arrest Another TrickBot Gang Member in South Korea

Another alleged member of the TrickBot gang has been apprehended, this time when trying to leave South Korea, according to published reports. The Russian national, who is an alleged developer of the notorious crimeware, reportedly had been trapped in South Korea since February 2020 due to COVID-1...

Privilege escalation

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2...

PT-2021-21582 · Hashicorp · Hashicorp Nomad +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions prior to 1.0.10 HashiCorp Nomad and Nomad Enterprise versions prior to 1.1.4 Description: The issue allows non-server agents with a valid certificate signed by the same CA to access server-only...

Protect

A debug functionality in FortiGate may allow a privileged user to execute unauthorized code or commands via specific chains of print str and cmd mem cli commands to, respectively, read and write hexadecimal values to any memory address...

EulerOS 2.0 SP5 : rpm (EulerOS-SA-2021-2346)

According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to...

CVE-2021-3759

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from th...

Cross site scripting

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205528...

CVE-2021-3759

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from th...

CVE-2021-39164

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...

Cross site scripting

A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox Version – 2.2.0 & below. The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the...

CVE-2020-35635

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in NefS2/SNCioparser.h SNCioparser::readsface storesmboundaryitem Sloopof OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead t...

consul -- rpc: authorize raft requests

Hashicorp reports: HashiCorp Consul Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation...

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-82984)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-82985)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description In this application there is weak CSRF protection on backup functionality. therefore according to below POC.html when a logged in user visits attacker website then an unintentional backup request sends to application. 🕵️‍♂️ Proof of Concept //PoC.html history.pushState'', '', '/'...