kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c

A use after free flaw in the Linux kernel network block device NBD subsystem was found in the way user calls an ioctl NBDSETSOCK at a certain point during device setup...

Brave Android 1.31.91 Security Fixes

Clarified sync setup instructions...

CVE-2021-3774

Meross Smart Wi-Fi 2 Way Wall Switch MSS550X, on its 3.1.3 version and before, creates an open Wi-Fi Access Point without the required security measures in its initial setup. This could allow a remote attacker to obtain the Wi-Fi SSID as well as the password configured by the user from Meross app...

Cross site request forgery (csrf)

Meross Smart Wi-Fi 2 Way Wall Switch MSS550X, on its 3.1.3 version and before, creates an open Wi-Fi Access Point without the required security measures in its initial setup. This could allow a remote attacker to obtain the Wi-Fi SSID as well as the password configured by the user from Meross app...

PT-2021-21854 · Meross · Meross Smart Wi-Fi 2 Way Wall Switch

Name of the Vulnerable Software and Affected Versions: Meross Smart Wi-Fi 2 Way Wall Switch MSS550X versions 3.1.3 and earlier Description: The issue allows a remote attacker to obtain the Wi-Fi SSID and the password configured by the user from the Meross app via an Http/JSON plain request. This ...

SUSE: Security Advisory (SUSE-SU-2021:3611-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

How to add new XenMobile nodes in environments with Rolling Patches installed

Step by step on how to add new XenMobile nodes when the the environment already has Rolling Patches installed...

ALBA-2021:4061 NetworkManager bug fix and enhancement update

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband WWAN, and PPPoE devices, as well as providing VPN integration with a varie...

NetworkManager bug fix and enhancement update

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband WWAN, and PPPoE devices, as well as providing VPN integration with a varie...

NetworkManager bug fix and enhancement update

An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list NetworkManager is a system network service that manages network device...

PT-2021-7020 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the implementation of the Datagram TLS DTLS protocol...

多款Qualcomm产品缓冲区错误漏洞

Qualcomm QCA6574AU and others are products of Qualcomm Incorporated Qualcomm.QCA6574AU is a central processing unit CPU product.APQ8017 is a central processing unit CPU product.SDX55 is a modem.Qualcomm QCA6574AU is a central processing unit CPU product.APQ8017 is a central processing unit CPU...

Exploit for Path Traversal in Microsoft

CVE-2021-40444-POC An attempt to reproduce Microsoft MSHTML Re...

Exploit for Path Traversal in Microsoft

CVE-2021-40444-POC An attempt to reproduce Microsoft MSHTML Re...

Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 2

In our last post, we discussed how we set up Rapid7's hands-on exercise at the Defcon 29 IoT Village. Now, with that foundation laid, we'll get into how to determine whether the header we created is UART. When trying to determine baud rate for IoT devices, I often just guess. Generally, for typic...

Netgear NETGEAR R6260 缓冲区错误漏洞

NETGEAR R6260 is a router from Netgear, Inc. NETGEAR R6260 routers is vulnerable because the setupwizard.cgi page fails to properly validate the length of data when parsing the SOAP LOGIN TOKEN environment variable. An attacker could exploit this vulnerability to execute arbitrary code on an...

How to Add Multiple CD or DVD Drives to XenServer Virtual Machines

This article describes how to add more than one CD/DVD drive to a Virtual Machine VM...

Ubuntu 20.04 LTS : Linux kernel (Azure) vulnerabilities (USN-5120-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5120-1 advisory. It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to...

WordPress Core Tweaks WP Setup plugin <= 4.1 - Arbitrary Admin Account Creation / Admin Email Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Admin Account Creation / Admin Email Update via Cross-Site Request Forgery CSRF vulnerability discovered by Francesco Carlucci in WordPress Core Tweaks WP Setup plugin versions = 4.1. Solution Deactivate and delete. This plugin has been closed as of October 7, 2021 and is not available...

CVE-2021-32663

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later...