kernel: security regression for CVE-2018-13405

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belon...

GHSA-F8H9-7RPQ-7QCC Magento Filter extension bypass via crafted store configuration keys

A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious uploa...

GHSA-8Q8V-28RM-QW4W Borg Improper Access Control vulnerability

Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3...

GHSA-JCJP-QQPQ-PC54 Zope allows local users to read arbitrary files

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 Zope2 does not disable the "raw" command when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows local users to read arbitrary files...

CVE-2022-1015

A flaw was found in the Linux kernel in linux/net/netfilter/nftablesapi.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue...

CVE-2022-1384 Authorized users are allowed to install old plugin versions from the Marketplace

Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities...

UBUNTU-CVE-2022-27666

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

CVE-2022-24420

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM...

Security Bulletin: Vulnerability in the AIX kernel (CVE-2021-38988)

Summary There is a vulnerability in the AIX pfcdd kernel extension. Vulnerability Details CVEID: CVE-2021-38988 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. CVSS Base score: 6.2 CVSS Temporal Score: See:...

Vmware VMware Spring Cloud Gateway 信任管理问题漏洞

Vmware VMware Spring Cloud Gateway is a gateway component from Vmware, Inc. A trust management issue vulnerability exists in VMware Spring Cloud Gateway that stems from a security bypass issue when using the HTTP2 insecure TrustManager. A local user can send a specially crafted request and connec...

CVE-2022-0683 Essential Addons for Elementor Lite <= 5.0.8 Reflected Cross-Site Scripting

The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the /includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a pages that executes...

CVE-2021-45402

The checkaluop function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."...

CVE-2021-26247

As an unauthenticated remote user, visit "http:///authchangepassword.php?ref=alert1" to successfully execute the JavaScript payload present in the "ref" URL parameter...

A flaw was found in the spice-vdagentd daemon where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.

...

PYSEC-2021-838

Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...

CVE-2021-29861

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085...

CVE-2021-21849

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked...

NETGEAR R6400 缓冲区错误漏洞

The Netgear NETGEAR R6400 is a wireless router from Netgear, Inc. A security vulnerability exists in the NETGEAR R6400 versions prior to 1.0.1.70 that allows an authenticated user to trigger a stack-based buffer overflow...

OpenVPN suffers from an unspecified vulnerability (CNVD-2021-49155)

OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...

Foxit Reader Code Execution Vulnerability (CNVD-2021-38093)

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...