[ASA-202107-3] istio: information disclosure

Arch Linux Security Advisory ASA-202107-3 ========================================= Severity: Critical Date : 2021-07-01 CVE-ID : CVE-2021-34824 Package : istio Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2113 Summary ======= The package istio before versi...

CVE-2021-35525

PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...

CVE-2021-35525

PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...

Race condition

PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...

CVE-2021-35525

CVE-2021-35525 concerns PostSRSd prior to 1.11. The vulnerability causes a denial of service (subprocess hang) when Postfix sends certain long data fields, such as multiple concatenated email addresses. The issue originates from PostSRSd itself, described as a security bug, with uncertainty about...

CVE-2021-35525

PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...

CVE-2021-35525

PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...

CVE-2021-0517

In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no additional executi...

in kalcaddle/kodexplorer

💥 BUG direct file url leaked for eml file 💥 IMPACT user can upload eml file and can share this . After sharing this file , it will leak direct link of this file .\ Which allow to download this file even when sharing is disabled . 💥 STEP TO REPRODUCE 1. First goto your kodexplorer admin account an...

Node.js: HTTP Request Smuggling due to ignoring chunk extensions

Summary: The llhttp parser in the http module in Node 16.3.0 ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS when a Node server is put behind an Apache Traffic Server ATS 9.0.0 proxy. Description: In the chunked transfer encoding format...

Improper Privilege Management in polonel/trudesk

💥 BUG external user can submit ticket even when its disabled 💥 SUMMURY external user can submit ticket even when its disabled 💥 STEP TO REPRODUCE 1. First from admin account goto settings--tickets and disallow Allow public tickets .\ So, external user cant create ticket using url...

Out-of-bounds

The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn medical device management tools Welch Allyn Service Tool: versions prior to v1.10, Welch Ally...

CVE-2020-23310

There is an Assertion 'contextp-nextscannerinfop-type == SCANNERTYPEFUNCTION' failed at js-parser-statm.c:733 in parserparsefunctionstatement in JerryScript 2.2.0...

SUSE: Security Advisory (SUSE-SU-2017:0913-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-33880

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...

CVE-2021-32665

wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0 and earlier have a bug in which a conversation could be incorrectly set to "unverified. This occurs when: - Self user is added to a new conversation - Self user is added to an existing conversation -...

GHSA-FH74-HM69-RQJW opencontainers runc contains procfs race condition with a shared volume mount

Impact By crafting a malicious root filesystem with /proc being a symlink to a directory which was inside a volume shared with another running container, an attacker in control of both containers can trick runc into not correctly configuring the container's security labels and not correctly maski...

rust-toolset:ol8 security, bug fix, and enhancement update

rust 1.49.0-1 - Update to 1.49.0. 1.48.0-1 - Update to 1.48.0. rust-toolset 1.49.0-1 - Update to Rust and Cargo 1.49.0. 1.48.0-1 - Update to Rust and Cargo 1.48.0...

Improper Privilege Management in dolibarr/dolibarr

💥 BUG unprivileged user can add personal email to another user. 💥 IMPACT user who dont have any access in "users and groups" can update users personal email. 💥 TESTED VERSION dolibarr 14.0.0-beta 💥 STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user B...

Clario: rXSS on https://mackeeperapp.mackeeper.com/landings/download-blue/

Summary: Founded XSS on https://mackeeperapp.mackeeper.com/landings/download-blue/ PoC https://mackeeperapp.mackeeper.com/landings/download-blue/?affid=b450fb80-0136-11eb-a01d-50cf6001b201-zzb&epayId=;alertdocument.domain;//&guid=xxx Impact An attacker can run any malicious javascript code on a...