PT-2021-6512 · Eclipse +2 · Eclipse Mosquitto +2

Name of the Vulnerable Software and Affected Versions: Eclipse Mosquitto versions 2.0 through 2.0.11 Description: The issue is related to the dynamic security plugin in Eclipse Mosquitto. When the ability for a client to make subscriptions on a topic is revoked while a durable client is offline,...

CVE-2021-34434

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked...

CVE-2021-22236

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...

CVE-2021-22236

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...

CVE-2021-22236

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...

Modified Version of WhatsApp for Android Spotted Installing Triada Trojan

A modified version of the WhatsApp messaging app for Android has been trojanized to intercept text messages, serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge. "The Trojan Triada snuck into one of these modified...

Triada Trojan in WhatsApp mod

WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages, or the optio...

Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection

The plugin did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages. http://www.example.com/wp-admin/admin.php?page=pms-members-page&orderby=userid&order=asc,select from...

Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection

The plugin did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages. PoC http://www.example.com/wp-admin/admin.php?page=pms-members-page=userid=asc,select from selectsleep10a...

WordPress Paid Member Subscriptions plugin <= 2.4.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Paid Member Subscriptions plugin versions = 2.4.1. Solution Update the WordPress Paid Member Subscriptions plugin to the latest available version at least 2.4.2...

Paid Member Subscriptions < 2.4.2 - Reflected Cross-Site Scripting (XSS)

The plugin was vulnerable to a Reflected Cross-Site Scripting XSS on the edit member page. No CSRF nonce was required. http://www.example.com/wp-admin/admin.php?page=pms-members-page&subpage=editmember&memberid=1%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E...

SUSE-SU-2021:2458-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.12 fixed: Sending an email containing HTML links with spaces in the URL sometimes resulted in broken links fixed: Folder Pane display theme fixes for macOS fixed: Chat account settings did not always save as...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:2458-1 Rating: important References: 1188275 Cross-References: CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 CVSS scores: CVE-2021-29969 SUSE: 7.5...

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.

...

DEBIAN-CVE-2021-20236

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write. A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribin...

UBUNTU-CVE-2021-20236

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as...

PT-2021-8015 · Zeromq +2 · Zeromq +2

Name of the Vulnerable Software and Affected Versions: ZeroMQ versions prior to 4.3.3 Description: A flaw in the ZeroMQ server allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. This poses a threat to...

PT-2021-23137 · Unknown +1 · Freeswitch +1

Name of the Vulnerable Software and Affected Versions: FreeSWITCH versions prior to v1.10.6 Description: The issue concerns the lack of authentication for SIP requests of the type SUBSCRIBE in FreeSWITCH. This allows attackers to subscribe to user agent event notifications without authentication,...

HPSBHF03718 rev. 3 - Intel® PROSet/Wireless WiFi and Killer™ Driver February 2021 Security Update

Potential Security Impact Information Disclosure, Denial of Service Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Intel has informed HP of a potential security vulnerability identified in some Intel® PROSet/Wireless WiFi and Killer™ drivers for Window...