PT-2021-19378 · Opentext · Opentext Brava! Desktop

Name of the Vulnerable Software and Affected Versions: OpenText Brava! Desktop version 16.6.3.84 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file...

PT-2021-19365 · Opentext · Opentext Brava! Desktop

Name of the Vulnerable Software and Affected Versions: OpenText Brava! Desktop version 16.6.3.84 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file...

PT-2021-19360 · Opentext · Opentext Brava! Desktop

Name of the Vulnerable Software and Affected Versions: OpenText Brava! Desktop version 16.6.3.84 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file...

PT-2021-19379 · Opentext · Opentext Brava! Desktop

Name of the Vulnerable Software and Affected Versions: OpenText Brava! Desktop version 16.6.3.84 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file...

UBUNTU-CVE-2021-29507

GENIVI Diagnostic Log and Trace DLT provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail t...

CVE-2021-29507

GENIVI Diagnostic Log and Trace (DLT) affects GENIVI DLT versions 2.10.0–2.18.6. The vulnerability arises when a configuration file contains special characters, causing a vulnerable component to crash and preventing applications from generating dlt logs. As documented, there was no patch at publi...

Signature Validation Bypass

Impact Given a valid SAML Response, an attacker can potentially modify the document, bypassing signature validation in order to pass off the altered document as a signed one. This enables a variety of attacks, including users accessing accounts other than the one to which they authenticated in th...

GHSA-6F84-42VF-PPWP Division by 0 in `QuantizedMul`

Impact An attacker can trigger a division by 0 in tf.rawops.QuantizedMul: python import tensorflow as tf x = tf.zeros4, 1, dtype=tf.quint8 y = tf.constant, dtype=tf.quint8 minx = tf.constant0.0 maxx = tf.constant0.0010000000474974513 miny = tf.constant0.0 maxy = tf.constant0.0010000000474974513...

GHSA-2FRX-J9HJ-6C65 User enumeration in authentication mechanisms

Description ----------- The ability to enumerate users was possible without relevant permissions due to different exception messages depending on whether the user existed or not. Resolution ---------- We now ensure that a generic message is returned whether the user exists or not if the password ...

Prevent user enumeration using Guard or the new Authenticator-based Security

Description ----------- The ability to enumerate users was possible without relevant permissions due to different exception messages depending on whether the user existed or not. It was also possible to enumerate users by using a timing attack, by comparing time elapsed when authenticating an...

PT-2021-19788 · Unknown · Express-Cart

Name of the Vulnerable Software and Affected Versions: express-cart versions 1.1.10 and earlier Description: The issue allows Reflected XSS for an admin via a user input field for product options. It is noted that exploitation would rely on an admin hacking their own website. Recommendations: For...

CVE-2021-3392 affecting package qemu-kvm 4.2.0-48

CVE-2021-3392 affecting package qemu-kvm 4.2.0-48. A patched version of the package is available...

CVE-2021-29483

CVE-2021-29483 affects the ManageWiki extension for MediaWiki. The wikiconfig API leaked private configuration variable values to all users. The issue has been patched in the ManageWiki patch linked in the CVE and advisories; if patching isn’t possible, a workaround is to disable the wikiconfig A...

PT-2021-12084 · Unknown · Golang-Nanoauth

Name of the Vulnerable Software and Affected Versions: golang-nanoauth versions v0.0.0-20160722212129-ac0cc4484ad4 through v0.0.0-20200131131040-063a3fb69896 Description: The issue concerns a global bypass of authentication in the golang-nanoauth library. When the ListenAndServe function is calle...

PT-2021-8023 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.0-rc4-syzkaller Description: The vulnerability is related to a divide error in the nft limit init function, which is caused by the div u64 function dividing a 64-bit unsigned integer by a 32-bit unsigned...

PT-2021-2653 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.11.12 Description: The issue is related to incorrect computation of branch displacements in BPF JIT compilers, allowing them to execute arbitrary code within the kernel context. This affects files...

CVE-2020-12655 affecting package kernel 5.4.91-6

CVE-2020-12655 affecting package kernel 5.4.91-6. A patched version of the package is available...

CVE-2020-8648 affecting package kernel 5.4.91-6

CVE-2020-8648 affecting package kernel 5.4.91-6. A patched version of the package is available...

CVE-2020-11725 affecting package kernel 5.4.91-6

CVE-2020-11725 affecting package kernel 5.4.91-6. A patched version of the package is available...

CVE-2020-12653 affecting package kernel 5.4.91-6

CVE-2020-12653 affecting package kernel 5.4.91-6. A patched version of the package is available...