SUSE-SU-2021:1111-1 Security update for fwupdate

This update for fwupdate fixes the following issues: - Add SBAT section to EFI images bsc1182057...

SUSE-SU-2021:1104-1 Security update for fwupdate

This update for fwupdate fixes the following issues: - Add SBAT section to EFI images bsc1182057...

SUSE-SU-2021:1103-1 Security update for fwupdate

This update for fwupdate fixes the following issues: - Add SBAT section to EFI images bsc1182057...

CVE-2021-1137

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details secti...

Scylla - The Simplistic Information Gathering Engine | Find Advanced Information On A Username, Website, Phone Number, Etc...

Scylla is an OSINT tool developed in Python 3.6. Scylla lets users perform advanced searches on Instagram & Twitter accounts, websites/webservers, phone numbers, and names. Scylla also allows users to find all social media profiles main platforms assigned to a certain username. In continuation,...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

CentOS: Security Advisory for firefox (CESA-2021:0992)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GNU Binutils 缓冲区错误漏洞

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A heap buffer overflow vulnerability exists in bfdelfslurpsecondaryrelocsection in elf.c in GNU Binutils version 2.35.1. The vulnerability stems fr...

CVE-2021-25921

In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly in the Allergies section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit...

CVE-2021-25921

In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly in the Allergies section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit...

CVE-2021-25921

In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly in the Allergies section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit...

Moderate: Red Hat Security Advisory: qemu-kvm-rhev security update

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Tecnoteca openMAINT 跨站脚本漏洞

Tecnoteca openMAINT is an application from the Italian company Tecnoteca. It is based on the CMDBuild software, from which it inherits basic functionality and configuration mechanisms. A security vulnerability exists in openMAINT 2.1-3.3-b, which can be exploited by remote attackers to inject...

CVE-2021-20284

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in bfdelfslurpsecondaryrelocsection in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability...

CVE-2021-28132

LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool in the Support section allows upload of .php files within a system.tar.gz file. The .php file becomes accessible with a public/system/static URI...

KLA12113 OSI vulnerability in Microsoft SQL Server

An information disclosure vulnerability was found in Microsoft SQL Serverl. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2021-26859 Related products Microsoft-Power-BI CVE list CVE-2021-26859 critical KB list 5001285 5001284 Solution...

Cross-Site Scripting (XSS)

apache superset is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript code in a user's browser by creating a div section embedded with a malicious svg element...

CVE-2021-27907 Apache Superset stored XSS on Dashboard markdown

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...

ALSA-2021:0711 Important: virt:rhel and virt-devel:rhel security update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...

Important: container-tools:2.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: podman: container users permissions are not respected in privileged containers CVE-2021-20188 For more details about the security issues, including the impact, a CVSS...