CVE-2021-23986

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have...

UBUNTU-CVE-2021-23986

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have...

Mozilla Firefox < 87.0

"The version of Firefox installed on the remote Windows host is prior to 87.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-10 advisory. - Mozilla developers Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 86. Some of these...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from a retry loop that keeps finding the same bad node. No details of the vulnerability are provided at this time...

ALPINE-CVE-2020-15260

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is...

UBUNTU-CVE-2021-21334

In containerd an industry-standard container runtime before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service that share the same image may receive incorrect...

Starbucks: Japan - CSRF in webapp.starbucks.co.jp with user interaction could leak an access token if the user was not using Chrome

elber discovered a CSRF in webapp.starbucks.co.jp leaked an access token if an authenticated user opened a crafted HTML file in a browser other than Chrome which has Same Site Attribute for the cookie set by default. elber also demonstrated the ability to add a Starbucks card to the account with...

CVE-2021-21974

OpenSLP as used in ESXi 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue i...

PYSEC-2021-65

GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network...

CVE-2020-8101

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in HTTP interface of ADT LifeShield DIY HD Video Doorbell allows an attacker on the same network to execute commands on the device. This issue affects: ADT LifeShield DIY HD Video Doorbell version...

UBUNTU-CVE-2021-3283

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3...

HashiCorp Nomad and Nomad Enterprise up to Security Breach

Hashicorp Nomad and Hashicorp Nomad Enterprise are both products of Hashicorp, Inc.Hashicorp Nomad is a distributed, data center-aware cluster and application scheduler. It supports the deployment of microservices, batch, containerized and non-containerized applications.Hashicorp Nomad Enterprise...

CentOS 8 : thunderbird (CESA-2019:1799)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2019:1799 advisory. - Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 CVE-2019-11709 - Mozilla: Script injection within domain through inner window...

CentOS 8 : firefox (CESA-2019:2663)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2019:2663 advisory. - firefox: stored passwords in 'Saved Logins' can be copied without master password entry CVE-2019-11733 - Mozilla: Memory safety bugs fixed in Firefox...

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

Dnsmasq 安全特征问题漏洞

Dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. It can be used as a server to forward DNS, DHCP, and TFTP. A security signature vulnerability exists in Dnsmasq that stems from not checking an existing pending request with the same name and forwarding a new request,...

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

CVE-2020-4871

IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834...

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...