Patch Tuesday - May 2021

Here we are again with another installment of Patch Tuesday. When compared to the past few months this one feels a bit light both in severity and number of vulnerabilities addressed. Microsoft has only released patches for 55 CVEs this month, less than half of the usual volume, with only 4 of the...

Microsoft & Adobe Patch Tuesday (May 2021) – Qualys covers 85 Vulnerabilities, 26 Critical

Microsoft Patch Tuesday – May 2021 Microsoft patched 55 CVEs in their May 2021 Patch Tuesday release, of which 4 are rated as critical severity. Three 0-day vulnerability patches were included in the release. As of this publication date, none have been exploited. Qualys released 12 QIDs on the sa...

Wormable Windows Bug Opens Door to DoS, RCE

Microsoft’s May Patch Tuesday release addressed a modest 55 cybersecurity vulnerabilities, including just four critical bugs. It’s the smallest monthly update from the computing giant since 2020, but it does contain a patch for a concerning wormable vulnerability found in the Windows OS. The good...

CVE-2021-31166

HTTP Protocol Stack Remote Code Execution Vulnerability...

Remote code execution

HTTP Protocol Stack Remote Code Execution Vulnerability...

CVE-2021-31166 HTTP Protocol Stack Remote Code Execution Vulnerability

...

CVE-2021-31166 HTTP Protocol Stack Remote Code Execution Vulnerability

...

HTTP Protocol Stack Remote Code Execution Vulnerability

...

Vulnerabilities fixed in Microsoft Windows

Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to: Cause a denial-of-service, Bypass security measures, Execute arbitrary code, Obtain elevated privileges, Access sensitive data, Impersonate another user. The vulnerabilities...

KLA12174 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, obtain sensitive information, bypass security restrictions, cause denial of service. Below is a complete list of...

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, allows a hacker to gain access to modify, add, or delete data, or to gain full control over the application.

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, o...

CVE-2021-20992

CVE-2021-20992 affects Fibaro Home Center 2 and Lite devices, where the web-based management interface runs over unencrypted HTTP. This enables eavesdropping on user communications and can allow hijacking of sessions, tokens, and passwords. The available sources confirm the issue but do not provi...

Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the HTTP redirection functionality of Synology QuickConnect servers. An attacker can impersonate the remote QuickConnect servers in order to impersonate the remote device and in turn steal the device’s credentials. An attacker...

VulnCheck KEV: CVE-2015-1635

Microsoft HTTP protocol stack HTTP.sys contains a vulnerability that allows for remote code execution...

nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion

A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...

Fedora: Security Advisory for python-aiohttp (FEDORA-2021-673b10ed77)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: python-aiohttp-3.7.4-1.fc33

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webserve rs with middlewares and pluggable routing...

UBUNTU-CVE-2020-13575

A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, allows a malicious actor to gain unauthorized access to protected information or to read, modify, add, or delete data.

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing e-commerce stores, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected...

The vulnerability of the Elastic Search component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a hacker to gain full control over the application.

The vulnerability of the Elastic Search component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain full control over the application using the HTTP protocol...