CVE-2021-32732 Cross-Site Request Forgery in xwiki-platform

Impact It's possible to know if a user has or not an account in a wiki related to an email address, and which usernames is actually tied to that email by forging a request to the Forgot username page. Note that since this page does not have a CSRF check it's quite easy to perform a lot of those...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9088)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9088 advisory. - xfs: map unwritten blocks in XFSIOCALLOC,FREESP just like fallocate Darrick J. Wong Orabug: 33699627 Orabug: 33762471 CVE-2021-4155 - fix...

Adobe Acrobat Reader Dc code problem vulnerability

Adobe Acrobat Reader Dc is a Pdf reading tool from Adobe USA. Used to reliably view, print and annotate Pdf documents. Adobe Acrobat Reader Dc has a code issue vulnerability that stems from a NULL pointer dereference error. A remote attacker could use the vulnerability to trick victims into openi...

SUSE-SU-2022:14875-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 5 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. bsc1194198, bsc1192052 - CVE-2021-3558...

MGASA-2022-0019 Updated thunderbird packages fix security vulnerability

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox CVE-2021-4140. Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable cra...

AZL-35037 CVE-2021-44716 affecting package node-problem-detector for versions less than 0.8.15-1

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-33627 CVE-2021-44716 affecting package node-problem-detector for versions less than 0.8.10-20

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

CVE-2021-4202

A use-after-free flaw was found in ncirequest in net/nfc/nci/core.c in NFC Controller Interface NCI in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem...

ENC DataVault Encryption Issues Vulnerabilities

Enc Security Enc DataVault is a solution from the Dutch company Enc Security. Turn any Usb drive into a secure removable disk for important files. ENC DataVault suffers from an encryption issue vulnerability that stems from ENC DataVault 7.1.1W using an incorrect encryption algorithm, which can b...

Updated libtpms/swtpm packages fix security vulnerability

CryptSym: fix AES output IV CVE-2021-3505. Fixed a context save and suspend/resume problem when public keys are loaded. Reset too large size indicators in TPM2B to avoid access beyond buffer CVE-2021-3623 Restore original value in buffer if unmarshalled one was illegal Fixed out-of-bounds access...

WordPress RegistrationMagic plugin authorization problem vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. registrationMagic plugin is a WordPress open source application plugin. the WordPress RegistrationMagic plugin has an...

SUSE: Security Advisory (SUSE-SU-2021:4063-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for icu.691 (important)

openSUSE Security Update: Security update for icu.691 Announcement ID: openSUSE-SU-2021:4063-1 Rating: important References: 1158955 1159131 1161007 1162882 1167603 1182252 1182645 SLE-17893 Affected Products: openSUSE Leap 15.3 An update that contains security fixes and contains one feature can...

Denial Of Service (DoS)

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

Denial Of Service (DoS)

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

Denial Of Service (DoS)

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

Gerdab.ir SQL Injection Vulnerability

This site belongs to the Revolutionary Guards Intelligence Organization of the Islamic Republic of Iran IRGC, which has a security problem with the SQL INJECTION Vulnerability "CWE-89". We have repeatedly reported to this site that it has a security problem and has ignored our report. We want to...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-2745)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5137-2)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5137-2 advisory. It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use...