virt:rhel and virt-devel:rhel security and bug fix update

An update is available for libguestfs, libnbd, nbdkit, libguestfs-winsupport, supermin, libiscsi, hivex, libvirt, netcf, perl-Sys-Virt, seabios, qemu-kvm, sgabios, libvirt-dbus, libvirt-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a...

CVE-2020-36439

An issue was discovered in the ticketedlock crate before 0.3.0 for Rust. There are unconditional implementations of Send for ReadTicket and WriteTicket...

CVE-2021-32814 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Skytable

Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched in version 0.5.1...

LY Corporation: Missing authentication in buddy group API of LINE TIMELINE

Due to the bug in authentication logic in LINE TIMELINE buddy group API, it could be possible for an attacker to obtain the authority of another person by manipulating API request headers, which would allow an attacker to inquire and modify the buddy group and buddy group list of another user...

Reboot of PunkSpider Tool at DEF CON Stirs Debate

Researchers will release a reboot of a controversial tool that crawls the web to identify back-end vulnerabilities in websites in the hopes that companies will quickly fix them and reduce security risks. However, experts have mixed feelings about the tool called PunkSpider, created by the analyti...

CVE-2021-32788 Post creator of a whisper post can be revealed to non-staff users in Discourse

Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal...

GHSA-C72P-9XMJ-RX3W Archive package allows chmod of file outside of unpack target directory

Impact A bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or s...

Remote memory exhaustion in ckb

In the ckb sync protocol, SyncState maintains a HashMap called 'misbehavior' that keeps a score of a peer's violations of the protocol. This HashMap is keyed to PeerIndex an alias for SessionId, and entries are never removed from it. SessionId is an integer that increases monotonically with every...

SUSE-SU-2021:2451-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/xtables.c that could allow local provilege escalation. bsc1188116 - CVE-2021-33909: Fixed an...

CVE-2021-32785

CVE-2021-32785 affects mod_auth_openidc (Apache 2.x) prior to 2.4.9 when configured with an unencrypted Redis cache. The issue arises from argument interpolation before Redis requests are passed to hiredis, causing an uncontrolled format string bug. Impact described as reliable denial of service ...

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description CSRF bug to delete customer price 🕵️‍♂️ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when delete customer price ....

SUSE-SU-2021:2427-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/xtables.c that could allow local provilege escalation. bsc1188116 - CVE-2021-33624: Fixed a bu...

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In Ticket section , you protect tickets from being deleted with CSRF attacks but if I set CSRF token to nothings then I able to delete arbitrary tickets only with knowing their "trackid" parameter. 🕵️‍♂️ Proof of Concept // PoC.html history.pushState'', '', '/' 💥 Impact This...

CVE-2021-32760 Archive package allows chmod of file outside of unpack target directory

containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access t...

Software License Manager 跨站请求伪造漏洞

Software License Manager is a Wordpress plugin that is vulnerable to cross-site request forgery, which could be exploited to hijack administrator authentication via an unspecified vector...

Microsoft Issues Emergency Patch for Windows Flaw

Microsoft on Tuesday issued an emergency software update to quash a security bug thats been dubbed "PrintNightmare," a critical vulnerability in all supported versions of Windows that is actively being exploited. The fix comes a week ahead of Microsofts normal monthly Patch Tuesday release, and...

Session Fixation in chatwoot/chatwoot

✍️ Description The application is vulnerable to Session Fixation vulnerability even after a user changes its password the old sessions on other devices persist. 🕵️‍♂️ Proof of Concept 1. open chatwoot and login to your account on multiple browsers 2. change the password of the account on one of...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS in the online invoicing system view price history which is lead by adding invoice items. 💥 TESTED VERSION https://github.com/bigprof-software/online-invoicing-system/releases/tag/v5.0 🕵️‍♂️ Proof of Concept POC Video:...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

💥 BUG Stored xss via client address in invoice 💥 TESTED VERSION latest version as of 01/07/21 💥 STEP TO REPRODUCE 1. From admin account goto http://localhost/online-invoice2/app/admin/pageViewMembers.php and add a new user called user-B with read-write permission in invoice/client module .\ 2...

ASB-A-184963385

In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...