KLA12434 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in Task Manager can be exploited to execute arbitrary code or caus...

GSD-2021-1002547 sched/scs: Reset task stack state in bringup_cpu()

sched/scs: Reset task stack state in bringupcpu This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.6 by commit...

VulnCheck KEV: CVE-2010-3338

The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability."...

IBM Db2 Elevation of Privilege Vulnerability (CNVD-2021-99672)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. An elevation of privilege vulnerability exists in IBM Db2 for Linux that originates from an incorrectl...

Improper Authentication in HashiCorp Nomad

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...

GHSA-2JHH-5XM2-J4GF Improper Authentication in HashiCorp Nomad

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...

Canadian Ransomware Arrest Is a Meaningful Flex, Experts Say

Investigations that ran in parallel over nearly two years by Canadian and U.S. law enforcement have led to this week’s arrest of an Ottawa man, who is alleged to have an extensive track record of ransomware attacks on companies, governments and individuals. The highly-publicized arrest is a messa...

CVE-2021-38926

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321...

Employees Daily Task Management System 1.0 - 'multiple' Cross Site Scripting (XSS)

Exploit Title: Employees Daily Task Management System 1.0 - 'multiple' Cross Site Scripting XSS Exploit Author: able403 Date: 08/12/2021 Vendor Homepage: https://www.sourcecodester.com/php/15030/employee-daily-task-management-system-php-and-sqlite-source-code.html Software Link:...

IBM DB2 权限许可和访问控制问题漏洞

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. An elevation of privilege vulnerability exists in IBM Db2 for Linux that originates from an incorrectl...

ReDos vulnerability on guest checkout email validation

Impact Denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like a.a.. Before the patch, it can be reproduced in the console like this: ruby irbmain...

Sunnet eHRD Insecure Deserialization Vulnerability

Sunnet eHRD is a talent management system from Sun Chat Technology, Taiwan, China. The system supports talent management and performance management, etc. An insecure deserialization vulnerability exists in Sunnet eHRD, which stems from the inadequate input object validation and restriction of the...

Design/Logic Flaw

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...

CVE-2021-43415

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...

CVE-2021-43415

Removed by vendor...

CVE-2021-43415

CVE-2021-43415 affects HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0 when the QEMU task driver is enabled. Authenticated users with job submission capabilities could bypass the configured allowed image paths due to the underlying issue in the QEMU task driver handling. Fixed...

CVE-2021-43415

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...

PT-2021-23842 · Hashicorp · Nomad Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 1.0.13 and earlier, 1.1.7 and earlier, 1.2.0 and earlier Description: The issue allowed authenticated users with job submission capabilities to bypass the configured allowed image paths when the...

CVE-2021-43360

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services...

旭聊科技 Sunnet eHRD 代码问题漏洞

Sunnet eHRD is a talent management system from Sun Chat Technology, Taiwan, China. The system supports talent management and performance management, etc. An insecure deserialization vulnerability exists in Sunnet eHRD, which stems from the inadequate input object validation and restriction of the...