CVE-2021-34809

Improper neutralization of special elements used in a command 'Command Injection' vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors...

Synology Download Station 代码问题漏洞

Synology Download Station is a download management tool for Synology. A server-side request forgery vulnerability exists in the Synology Download Station task management component, which can be exploited by remote attackers to submit a special request to obtain sensitive information...

Logic flaw vulnerability in hera task scheduling system

hera task scheduler is a distributed task scheduler based on zeus rewrite. The hera Task Scheduler suffers from a logic flaw that can be exploited by an attacker to forge arbitrary login credentials via a built-in hard-coded key...

Weak password vulnerability in hera task scheduling system

hera Task Scheduler is a distributed task scheduling system based on a rewrite of zeus. A weak password vulnerability exists in hera Task Scheduler, which can be exploited by an attacker to obtain sensitive information...

CVE-2021-25389

Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication...

Input validation

Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication...

SUSE: Security Advisory (SUSE-SU-2016:3044-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:3273-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-11163

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the xen-netback component in the Linux kernel, where a reference to the RX task thread needs to be taken to prevent the task from being freed if the thread return...

django-celery-results Stores Sensitive Information In Cleartext

django-celery-results prior to 2.4.0 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database. In version 2.4.0 this is no longer the default...

Ransomware to be investigated like terrorism

The impact of recent ransomware attacks on vital infrastructure in the US has triggered a reaction from the US Attorney’s office. In an internal guidance it says that all ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington...

Server side request forgery (ssrf)

Server-Side request forgery SSRF vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors...

CVE-2021-33184

Synology Download Station (task management component) is affected by CVE-2021-33184. The vulnerability is a Server-Side Request Forgery (SSRF) that can be exploited by remote authenticated users to read arbitrary files via unspecified vectors. Affected versions are before 3.8.15-3563. The connect...

CVE-2021-33184

Server-Side request forgery SSRF vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +160 more potentially affected by CVE-2021-29562 via tensorflow-gpu (>=1.10.1 <=2.1.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-29562 Source advisory: OSV:GHSA-36VM-XW34-X4PJ...

The vulnerability of the Task Automation component of the Oracle Hyperion Financial Management application allows a perpetrator to gain read access to data, modify data, cause partial service disruption, or obtain privileged access.

The vulnerability of the Task Automation component of the Oracle Hyperion Financial Management application exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to gain read access to data, modify data, cause partial service failure, or...

faradaysec (>=3.14.1 <=3.14.4), flask-authoob (>=0.0.21 <=0.0.34) +4 more potentially affected by CVE-2021-32618 via flask-security-too (>=3.2.0rc1 <=4.0.1)

flask-security-too PYPI version =3.2.0rc1, =3.14.1, =0.0.21, =0.3.1, =4.22.0, =6.0.1, =6.0.0, =6.4.0 Source cves: CVE-2021-32618 Source advisory: SNYK:PYTHON-FLASKSECURITYTOO-1293190...

May 11, 2021—KB5003197 (OS Build 14393.4402) - EXPIRED

May 11, 2021—KB5003197 OS Build 14393.4402 - EXPIRED EXPIRATION NOTICE As of 9/12/2023, KB5003197 is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. --- 11/19/20 For...

Ransomware Shuts Down US Pipeline

This is a major story: a probably Russian cybercrime group called DarkSide shut down the Colonial Pipeline in a ransomware attack. The pipeline supplies much of the East Coast. This is the new and improved ransomware attack: the hackers stole nearly 100 gig of data, and are threatening to publish...

Ransomware Cyber Attack Forced the Largest U.S. Fuel Pipeline to Shut Down

Colonial Pipeline, which carries 45% of the fuel consumed on the U.S. East Coast, on Saturday said it halted operations due to a ransomware attack, once again demonstrating how critical infrastructure is vulnerable to cyber attacks. "On May 7, the Colonial Pipeline Company learned it was the vict...