Security update for qemu (important)

openSUSE Security Update: Security update for qemu Announcement ID: openSUSE-SU-2021:0363-1 Rating: important References: 1178049 1178565 1179717 1179719 1180523 1181639 1181933 1182137 Cross-References: CVE-2020-11947 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 CVSS scores: CVE-2020-11947 NVD :...

Fedora: Security Advisory for php-horde-Horde-Text-Filter (FEDORA-2021-f8368da9af)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cobalt Strike Web Delivery Remote Code Execution

Certain evasion tools obfuscate scripts in order to circumvent inspection by security software. An attacker could use such evasion methods in order to execute arbitrary code on the target, using it to download and execute a malicious payload...

Arbitrary file deletion

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

CVE-2020-12668

This entry concerns Jinjava prior to version 2.5.4 where callers can trigger access to arbitrary Java classes by invoking methods on objects supplied in the Jinjava context. The underlying issue is misuse of the application class loader, enabling scenarios like Arbitrary File Disclosure. Public r...

Security update for php7 (important)

openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2021:0305-1 Rating: important References: 1182049 Cross-References: CVE-2021-21702 CVSS scores: CVE-2021-21702 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 An update tha...

Security update for segv_handler (moderate)

openSUSE Security Update: Security update for segvhandler Announcement ID: openSUSE-SU-2021:0231-1 Rating: moderate References: 1180665 Affected Products: openSUSE Backports SLE-15-SP2 An update that contains security fixes can now be installed. Description: This update for segvhandler fixes the...

CVE-2021-26306

An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within asstring methods...

Security update for stunnel (moderate)

openSUSE Security Update: Security update for stunnel Announcement ID: openSUSE-SU-2021:0160-1 Rating: moderate References: 1177580 1178533 Affected Products: openSUSE Leap 15.2 An update that contains security fixes can now be installed. Description: This update for stunnel fixes the following...

Security update for viewvc (moderate)

openSUSE Security Update: Security update for viewvc Announcement ID: openSUSE-SU-2021:0145-1 Rating: moderate References: 1167974 Cross-References: CVE-2020-5283 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes one vulnerability is now available. Description: This update for...

VulnCheck KEV: CVE-2020-11022

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

Security update for viewvc (moderate)

openSUSE Security Update: Security update for viewvc Announcement ID: openSUSE-SU-2021:0123-1 Rating: moderate References: 1167974 Cross-References: CVE-2020-5283 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for viewvc fix...

Security update for rpmlint (moderate)

openSUSE Security Update: Security update for rpmlint Announcement ID: openSUSE-SU-2021:0045-1 Rating: moderate References: 1169614 Affected Products: openSUSE Leap 15.1 An update that contains security fixes can now be installed. Description: This update for rpmlint fixes the following issues: -...

iBall-Baton WRA150N File Disclosure

Exploit Title: iBall-Baton WRA150N Rom-0 Backup - File Disclosure Sensitive Information Date: 07/01/2021 Exploit Author: h4cks1n Vendor Homepage: iball.co.in Version: iBall-Baton WRA150N Tested on : Windows 7/8/8.1/10, Parrot Linux OS The iBall-Baton router version WRA150N is vulnerable to the...

Security update for openexr (moderate)

openSUSE Security Update: Security update for openexr Announcement ID: openSUSE-SU-2020:2349-1 Rating: moderate References: 1179879 Cross-References: CVE-2020-16587 CVE-2020-16588 CVE-2020-16589 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilities is now available...

Rocket.Chat: Pinning leaks message content

The message content could be improperly pinned, allowing the content to be leaked to an unauthorized client. Validation was lacking in the pinMessage method, which allowed arbitrary messages to be pinned regardless of the user's access. This permitted messages from private channels to be exposed ...

Security Bulletin: Authentication mechanism vulnerability affects IBM Connect:Direct for UNIX (CVE-2020-4747)

Summary IBM Connect:Direct for UNIX can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. Vulnerability Details CVEID: CVE-2020-4747 DESCRIPTION: IBM Connect:Direct for UNIX can allow a local or remote user to obtain an authenticated CLI...

Authentication flaw

IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. IBM X-Force ID: 188516...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2020:2229-1 Rating: important References: 1179576 Cross-References: CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042 Affected Products: openSUSE Backports SLE-15-SP1 An...

DEBIAN-CVE-2020-8908

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir. By default, on unix-like systems, the created directory i...