PT-2021-4384 · Microsoft · Windows Common Log File System Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Common Log File System Driver affected versions not specified Description: The issue is related to errors in privilege management. It allows an attacker to elevate their privileges, affecting the system. Recommendations: At the moment...

About the security content of macOS Big Sur 11.6

About the security content of macOS Big Sur 11.6 This document describes the security content of macOS Big Sur 11.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...

exiv2: Heap-based buffer overflow vulnerability in jp2image.cpp

A flaw was found in exiv2. A flawed bounds checking in the jp2Image.cpp:doWriteMetadata function leads to a heap-based buffer overflow. This flaw allows an attacker who can provide a malicious image to an application using the exiv2 library, to write data out of bounds and potentially execute cod...

json-smart: uncaught exception may lead to crash or information disclosure

A flaw was found in json-smart. When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information. The highest threat from this vulnerability is to data confidentiality and system availability. In OpenShift Container Platform...

PT-2021-4164 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insecure privilege management in the Windows operating system kernel, allowing an attacker to bypass security mechanisms. A security-feature bypass vulnerability...

CVE-2021-32699 Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings

Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to 1.4.4 are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intend...

CVE-2021-27183

An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly...

PT-2021-2692 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in object handling in memory, which can allow an attacker to gain unauthorized access to protected information. This can enable attackers to obtain sensitive...

CVE-2021-3479

There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability...

kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c

A flaw was found in the Linux kernel. A local attacker, able to inject conntrack netlink configuration, could overflow a local buffer causing crashes or triggering the use of incorrect protocol numbers in ctnetlinkparsetuplefilter in net/netfilter/nfconntracknetlink.c. The highest threat from thi...

PT-2021-2397 · Microsoft · Walletservice +1

Name of the Vulnerable Software and Affected Versions: Windows WalletService affected versions not specified Description: The issue is related to insecure privilege management in the WalletService of Windows operating systems. It allows an attacker to elevate their privileges, affecting the syste...

PT-2021-15664 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: A vulnerability allows attackers to obtain sensitive information and affect the system. Recommendations: At the moment, there is no information about a newer version that contains...

CVE-2021-21466

SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which...

PT-2021-1585 · Microsoft · Windows Event Logging Service +1

Name of the Vulnerable Software and Affected Versions: Windows Event Logging Service affected versions not specified Description: The issue is related to errors in privilege management within the Windows Event Logging Service, which can be exploited to elevate privileges. This allows an attacker ...

PT-2021-1569 · Microsoft · Windows Multipoint Management +1

Name of the Vulnerable Software and Affected Versions: Windows Multipoint Management affected versions not specified Description: The issue is related to insufficient access restrictions in the Windows Multipoint Management service, which can be exploited to elevate privileges. This could allow a...

DEBIAN-CVE-2020-29570

An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels c...

Xen Security Vulnerabilities

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime.Service is an individual developer's...

PT-2020-4881 · Microsoft · Windows Function Discovery Ssdp Provider +1

Name of the Vulnerable Software and Affected Versions: Windows Function Discovery SSDP Provider affected versions not specified Description: The issue is related to insufficient security mechanism implementation in the Windows Function Discovery SSDP Provider component of Windows operating system...

ABB System 800xA Base License Issue Vulnerability

ABB System 800xA Base is a distributed control system from ABB Switzerland for the industrial control industry. An authorization issue vulnerability exists in ABB System 800xA Base. An attacker could use this vulnerability to read and modify registry settings related to control system...

CVE-2019-4541

CVE-2019-4541 affects IBM Security Directory Server 6.4.0, where incomplete blocklisting for input validation allows bypassing application controls and impacts system integrity. The issue is tied to 6.4.0 and has remediation in the IBM bulletin: upgrade to 6.4.0.20-ISS-ISDS-IF0020 (or later) to a...