CVE-2021-29954

Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud mozillareality/reticulum/1.0.1/20210428201255...

CVE-2021-25652

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities AVPU. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be...

Information disclosure

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities AVPU. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be...

CVE-2021-25652 Avaya Aura Appliance Virtualization Platform Utilities Sensitive Information Disclosure Vulnerability

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities AVPU. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be...

CVE-2021-25652

CVE-2021-25652 affects Avaya Aura Appliance Virtualization Platform Utilities (AVPU). The vulnerability is an information-disclosure issue in the directory and file management that could allow any local user to access system functionality and configuration information intended for privileged user...

CVE-2021-25649 Avaya Utility Services Sensitive Information Disclosure Vulnerability

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user...

PT-2021-16730 · Avaya · Avaya Aura Appliance Virtualization Platform Utilities

Name of the Vulnerable Software and Affected Versions: Avaya Aura Appliance Virtualization Platform Utilities AVPU versions 8.0.0.0 through 8.1.3.1 Description: An information disclosure issue was discovered in the directory and file management of AVPU, potentially allowing any local user to acce...

github.com/sassoftware/go-rpmutils Arbitrary File Write via Archive Extraction (Zip Slip)

The CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading .. which leads in file extraction outside of the current directory. Note, the fixing commit was applied to all affected versions which were re-released...

Information Disclosure

@apollosproject/data-connector-rock is vulnerable to information disclosure. Registration of a new user allows a user who knows basic profile information name, birthday, gender, etc of anyone to access anyone's account using all app functionality within the app...

Cross site scripting

The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue...

CVE-2021-24346 Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS)

The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue...

Dell NetWorker 路径遍历漏洞

Dell NetWorker is an application from Dell USA Inc. It provides forum discussion functionality for Dell Inc. A path traversal vulnerability exists in Dell NetWorker, which can be exploited by an attacker to exploit multiple vulnerabilities in Dell NetWorker...

GHSA-JXCC-G75X-QGW9 Calipso Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality...

PT-2021-7762 · Rockwell Automation · Isagraf Runtime

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ISaGRAF Runtime versions 4.x through 5.x Description: The issue concerns the encryption of passwords used to execute privileged commands in the ISaGRAF Runtime. Specifically, a fixed key value is used with the tiny...

CVE-2021-23391

This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2021-1973)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:1819-1 Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly

This update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly fixes the following issues: gstreamer was updated to version 1.16.3 bsc1181255: - delay creation of threadpools - bin: Fix deep-element-removed log message - buffer: fix meta...

Debian DSA-4922-1 : hyperkitty - security update

Amir Sarabadani and Kunal Mehta discovered that the import functionality of Hyperkitty, the web user interface to access Mailman 3 archives, did not restrict the visibility of private archives during the import, i.e. that during the import of a private Mailman 2 archive the archive was publicly...

[SECURITY] [DSA 4922-1] hyperkitty security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4922-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 29, 2021 https://www.debian.org/security/faq -...

Apple macOS Big Sur 访问控制错误漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. An access control error vulnerability exists in macOS Big Sur, which stems from a feature that allows local users to gain unauthorized access to otherwise restricted functionality. Affected Versions:macOS: 11.0 20A2411, 11.0.1 20B29,...