Remotely alerts

CVE-2021-38297

on April 1, 2022, 8:09 p.m.

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.

Learn more

Tags:  Mailing ListRelease NotesThird Party AdvisoryPatchVendor AdvisoryBroken Link

CVE-2020-25651

on Oct. 19, 2021, 12:08 p.m.

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest …

Learn more

Tags:  ExploitMailing ListThird Party Advisory

CVE-2021-42009

on Oct. 19, 2021, 1:18 a.m.

An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. …

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-25738

on Aug. 1, 2022, 12:10 p.m.

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.

Learn more

Tags:  Mailing ListThird Party AdvisoryVDB EntryVendor Advisory

CVE-2021-39537

on Nov. 30, 2021, 10:42 p.m.

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

Learn more

Tags:  ExploitMailing ListVendor Advisory

CVE-2021-33909

on March 1, 2022, 7:17 p.m.

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-35940

on Dec. 29, 2021, 2:11 p.m.

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-3679

on Jan. 1, 2022, 5:58 p.m.

A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-37576

on Oct. 18, 2021, 11:55 a.m.

arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.

Learn more

Tags:  ExploitMailing ListPatchVendor Advisory

CVE-2019-17571

on Dec. 16, 2021, 9:25 p.m.

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-3653

on March 31, 2022, 7:45 p.m.

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support …

Learn more

Tags:  Mailing ListPatchThird Party Advisory

CVE-2021-3612

on Dec. 17, 2021, 1:15 a.m.

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as …

Learn more

Tags:  ExploitMailing ListPatchVendor Advisory

CVE-2021-3444

on Dec. 2, 2021, 7:37 p.m.

The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could …

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-38205

on Jan. 4, 2022, 4:38 p.m.

drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-38199

on Dec. 21, 2021, 12:54 p.m.

fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-37159

on Dec. 21, 2021, 12:54 p.m.

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.

Learn more

Tags:  Mailing ListPatchThird Party Advisory

CVE-2021-35039

on Dec. 6, 2021, 5:03 p.m.

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.

Learn more

Tags:  Mailing ListThird Party Advisory

CVE-2021-41079

on Dec. 1, 2021, 2:19 p.m.

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-40439

on Oct. 15, 2021, 1:01 p.m.

Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in …

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-28129

on Oct. 15, 2021, 2:15 a.m.

While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the …

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-41593

on Oct. 14, 2021, 7 p.m.

Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-41617

on Nov. 30, 2021, 10:37 p.m.

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Learn more

Tags:  Mailing ListThird Party Advisory

CVE-2021-41073

on June 5, 2022, 12:15 a.m.

loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.

Learn more

Tags:  Mailing ListThird Party Advisory

CVE-2021-25740

on Oct. 14, 2021, 9:15 a.m.

A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.

Learn more

Tags:  Mailing ListMitigationThird Party Advisory

CVE-2020-8561

on Oct. 14, 2021, 9:15 a.m.

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the …

Learn more

Tags:  Mailing ListMitigation

CVE-2020-21913

on Oct. 12, 2021, 2:28 p.m.

International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.

Learn more

Tags:  PatchThird Party AdvisoryMailing List

CVE-2020-17522

on April 1, 2022, 3:43 p.m.

When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP addresses outside the desired range, resulting in …

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2019-12405

on April 18, 2022, 4:13 p.m.

Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-38300

on April 6, 2022, 2:55 p.m.

arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.

Learn more

Tags:  Mailing ListPatchThird Party Advisory

CVE-2021-41864

on Feb. 9, 2022, 3:15 a.m.

prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-22261

on July 21, 2022, 10:46 a.m.

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses

Learn more

Tags:  Broken LinkPatchThird Party AdvisoryMailing ListVendor Advisory

CVE-2021-25741

on Nov. 30, 2021, 10:42 p.m.

A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

Learn more

Tags:  Mailing ListMitigation

CVE-2021-38201

on Oct. 7, 2021, 8:39 p.m.

net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-38202

on Oct. 7, 2021, 8:39 p.m.

fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-38203

on Oct. 7, 2021, 8:39 p.m.

btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-41616

on Oct. 7, 2021, 8:28 p.m.

Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used ObjectInputStream.readObject without validating that the input data was safe to deserialize. Please note that DdlUtils …

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-38604

on Oct. 7, 2021, 7:06 p.m.

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

Learn more

Tags:  Mailing ListPatchThird Party Advisory

CVE-2018-11439

on Oct. 7, 2021, 7:04 p.m.

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.

Learn more

Tags:  ExploitMailing ListThird Party Advisory

CVE-2021-33035

on Oct. 7, 2021, 6:15 p.m.

Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary …

Learn more

Tags:  PatchThird Party AdvisoryExploitMailing List

CVE-2021-22555

on March 31, 2022, 7:15 p.m.

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2018-1288

on Oct. 7, 2021, 4:15 p.m.

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-39856

on Oct. 7, 2021, 12:16 a.m.

Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page.

Learn more

Tags:  Release NotesVendor AdvisoryExploitMailing ListThird Party Advisory

CVE-2021-29262

on April 1, 2022, 3:30 p.m.

When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr …

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2018-1324

on April 18, 2022, 2:27 p.m.

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-41583

on Oct. 5, 2021, 8:03 p.m.

vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VPN access.

Learn more

Tags:  Mailing ListThird Party Advisory

CVE-2019-0205

on Oct. 5, 2021, 6:15 p.m.

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2020-13949

on Oct. 4, 2021, 12:15 p.m.

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-40690

on Dec. 3, 2021, 2:50 a.m.

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.

Learn more

Tags:  Issue TrackingMailing ListPatchThird Party Advisory

CVE-2021-36749

on Oct. 1, 2021, 2:23 a.m.

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users …

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2020-14343

on Sept. 29, 2021, 2:23 p.m.

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker …

Learn more

Tags:  Issue TrackingThird Party AdvisoryExploitMailing ListPatch

CVE-2021-41303

on June 9, 2022, 7:15 p.m.

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-41387

on Sept. 29, 2021, 2:44 a.m.

seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.

Learn more

Tags:  Mailing ListThird Party Advisory

CVE-2021-27578

on Nov. 18, 2021, 3:25 p.m.

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2020-13929

on Nov. 30, 2021, 9:17 p.m.

Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2019-10095

on Sept. 28, 2021, 10:15 a.m.

bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-39239

on Sept. 27, 2021, 6:46 p.m.

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-23051

on Sept. 27, 2021, 5:21 p.m.

On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This is due to an incomplete fix for CVE-2020-5862. Note: Software versions which have reached End of …

Learn more

Tags:  Vendor AdvisoryMailing List

CVE-2021-39128

on Aug. 1, 2022, 4:13 p.m.

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 …

Learn more

Tags:  Permissions RequiredIssue TrackingVendor AdvisoryExploitMailing ListThird Party Advisory

CVE-2021-36221

on Feb. 9, 2022, 9:14 p.m.

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

Learn more

Tags:  Mailing ListThird Party Advisory

CVE-2021-27919

on March 30, 2022, 2:27 p.m.

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-38165

on Dec. 2, 2021, 8:37 p.m.

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.

Learn more

Tags:  Mailing ListThird Party Advisory

CVE-2020-20892

on Sept. 24, 2021, 9:50 p.m.

An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2020-20898

on Sept. 24, 2021, 9:45 p.m.

Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2018-1320

on March 30, 2022, 2:15 p.m.

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.

Learn more

Tags:  Issue TrackingMailing ListPatchVendor Advisory

CVE-2021-26920

on April 1, 2022, 7:14 p.m.

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users …

Learn more

Tags:  Mailing ListVendor AdvisoryRelease Notes

CVE-2021-40146

on Sept. 23, 2021, 4:59 p.m.

A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) …

Learn more

Tags:  Mailing ListVendor AdvisoryIssue TrackingMitigation

CVE-2021-38555

on Sept. 23, 2021, 3:49 p.m.

An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to …

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-38090

on Sept. 23, 2021, 3:10 p.m.

Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-38091

on Sept. 23, 2021, 3:10 p.m.

Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-38092

on Sept. 23, 2021, 3:10 p.m.

Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-38093

on Sept. 23, 2021, 3:09 p.m.

Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-38094

on Sept. 23, 2021, 3:09 p.m.

Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2020-13936

on Sept. 23, 2021, 12:21 p.m.

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-36766

on Sept. 22, 2021, 4:56 p.m.

Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope …

Learn more

Tags:  ExploitMailing ListThird Party Advisory

CVE-2019-12399

on Sept. 22, 2021, 12:15 a.m.

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the …

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2018-16843

on Feb. 22, 2022, 7:27 p.m.

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

Learn more

Tags:  Issue TrackingThird Party AdvisoryVendor AdvisoryMailing List

CVE-2021-26118

on Sept. 21, 2021, 6:18 p.m.

While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-30639

on Dec. 10, 2021, 2:18 a.m.

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all …

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-3527

on Nov. 15, 2021, 5:22 p.m.

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the …

Learn more

Tags:  Mailing ListPatchThird Party Advisory

CVE-2018-1285

on Sept. 21, 2021, 5:10 p.m.

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-38540

on Sept. 21, 2021, 1:56 p.m.

The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2020-14386

on Sept. 21, 2021, 12:15 p.m.

A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.

Learn more

Tags:  Mailing ListThird Party Advisory

CVE-2021-35474

on Sept. 20, 2021, 6:54 p.m.

Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-32567

on Sept. 20, 2021, 6:54 p.m.

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-32566

on Sept. 20, 2021, 6:54 p.m.

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-32565

on Sept. 20, 2021, 6:52 p.m.

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-27577

on Sept. 20, 2021, 6:52 p.m.

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2010-4816

on Sept. 20, 2021, 5:12 p.m.

It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.

Learn more

Tags:  Mailing ListThird Party Advisory

CVE-2021-36386

on Sept. 20, 2021, 12:22 p.m.

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience …

Learn more

Tags:  Mailing ListPatchThird Party Advisory

CVE-2021-30128

on Sept. 20, 2021, 12:15 p.m.

Apache OFBiz has unsafe deserialization prior to 17.12.07 version

Learn more

Tags:  Mailing ListMitigationVendor Advisory

CVE-2021-29200

on Sept. 20, 2021, 12:15 p.m.

Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-37579

on Sept. 17, 2021, 3:54 p.m.

The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check (when enabled) and reaching a deserialization operation with native java serialization. Apache Dubbo 2.7.13, 3.0.2 fixed this issue …

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2021-36161

on Sept. 17, 2021, 3:47 p.m.

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2020-1760

on Sept. 16, 2021, 3:46 p.m.

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

Learn more

Tags:  Mailing ListPatchThird Party Advisory

CVE-2021-26295

on Sept. 16, 2021, 3:44 p.m.

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.

Learn more

Tags:  Mailing ListPatchVendor Advisory

CVE-2021-27905

on Sept. 16, 2021, 1:19 p.m.

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it …

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2020-17516

on Sept. 16, 2021, 1:19 p.m.

Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS …

Learn more

Tags:  Mailing ListVendor Advisory

CVE-2020-24553

on Sept. 16, 2021, 1:19 p.m.

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.

Learn more

Tags:  Mailing ListThird Party Advisory

CVE-2021-40818

on Sept. 15, 2021, 2:59 p.m.

scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration.

Learn more

Tags:  Issue TrackingMailing ListThird Party Advisory

CVE-2020-9668

on July 26, 2022, 10:05 a.m.

Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.

Learn more

Tags:  Vendor AdvisoryMailing ListPatchThird Party Advisory