CVE-2021-20511

CVE-2021-20511 affects IBM Security Verify Access Docker 10.0.0. A path traversal flaw allows a remote attacker to view arbitrary files by sending a crafted URL containing ../ sequences, effectively exposing system files. The IBM security bulletin confirms the vulnerability and provides a remedia...

The vulnerability of the urllib2 module in the Python programming language, related to the failure to eliminate the crlf sequence, allows attackers to compromise data integrity.

The vulnerability of the urllib2 module in the Python programming language is related to the lack of measures taken to neutralize the crlf sequence. Exploiting this vulnerability can allow an attacker to compromise data integrity remotely...

EulerOS Virtualization 3.0.2.2 : nss (EulerOS-SA-2021-2150)

According to the versions of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Network Security Services NSS before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference,...

Advisory ROSA-SA-2021-1824

Software: dovecot 2.2.36 OS: Cobalt 7.9 CVE-ID: CVE-2019-10691 CVE-Crit: HIGH CVE-DESC: The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly cause the authentication service to fail by attempting to authenticate with an invalid UTF-8 sequence as the username. CVE-STATUS:...

Improper Input Validation

Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to Improper Input Validation. WEBrick lets attackers to inject malicious escape sequences to its logs, making it possibl...

MGASA-2021-0289 Updated glibc packages fix a security vulnerability

A vulnerability was found in the iconv program provided by glibc when it's invoked with the -c option. It can enter an infinite loop while parsing an invalid multi-byte sequence CVE-2016-10228...

Denial Of Service (DoS)

Mutt is vulnerable to denial of service. An out-of-bounds read in imap/util.c where an IMAP sequence set ends with a comma could result in disclosure of confidential information or an application crash...

Enphase Envoy 安全漏洞

The Enphase Energy Envoy is a gateway device for connecting smart home devices from Enphase Energy USA. The Enphase Envoy suffers from a security vulnerability that stems from a custom PAM module for user authentication that bypasses traditional user authentication, which uses passwords derived...

The vulnerability of the Foundation framework in Mac OS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Foundation framework in Mac OS operating systems is related to the incorrect implementation of the sequence of actions to be performed. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Accela Civic Platform 安全漏洞

Accela Civic Platform is a cloud-based solution for Accela's application software to modernize city systems for land management and code enforcement, increased citizen engagement and mobile information access. information disclosure vulnerabilities exist in versions of Accela Civic Platform prior...

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Reflected XSS in playlists.php when a user asked to add a note in Sequence Entry, resulting in XSS. 🕵️‍♂️ Proof of Concept https://drive.google.com/file/d/1uU9IxbH3A45V8BSgtFOBrc5Gwj7S7k56/view?usp=sharing 💥 Impact This vulnerability is capable of doing Reflected XSS...

GHSA-6QGM-FV6V-RFPV Overflow/denial of service in `tf.raw_ops.ReverseSequence`

Impact The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. python import tensorflow as tf input = tf.zeros1, 1, 1, dtype=tf.int32 seqlengths = tf.constant0, shape=1, dtype=tf.int32 tf.rawops.ReverseSequence input=input,...

DEBIAN-CVE-2021-33477

rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow potentially remote code execution because of improper handling of certain escape sequences ESC G Q. A response is terminated by a newline...

CVE-2021-33477

rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow potentially remote code execution because of improper handling of certain escape sequences ESC G Q. A response is terminated by a newline...

rxvt 2.7.0 / rxvt-unicode 9.22 Code Execution Exploit

rxvt version 2.7.0 and rxvt-unicode version 9.22 incorrectly handles ANSI escape sequences allowing for arbitrary code execution. !/usr/bin/env python Title: rxvt remote code execution over scp with $SHELL=/bin/bash 0day Version: rxvt 2.7.10, rxvt-unicode 9.22 Author: def Date: 2021-05-16 CVE: N/...

kernel: netfilter: use-after-free in the packet processing context

A use-after-free flaw was found in the packet processing context in net/netfilter/xtables.c in netfilter in the Linux Kernel. This issue occurs when the per-CPU sequence count is mishandled during concurrent iptables rules replacement and can be exploited with the CAPNETADMIN capability in an...

PYSEC-2021-704

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...

PYSEC-2021-701

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. The...

PYSEC-2021-215

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...

PYSEC-2021-704

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...