Monthly Archive: May 2021

A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial...

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this...

The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:ColdFusion2021. By default, unprivileged users can create files in this directory structure, which creates a...

Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution’s TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations...

An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in...

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in...

A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer during memcpy() inside the main() function. This possibly leads to memory layout information leaking in the...

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of...

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used...

GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code. Date published : 2021-05-26 https://bugzilla.redhat.com/show_bug.cgi?id=1947653 https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS

jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation. Date published : 2021-05-26 https://github.com/jitsi/jitsi-meet/compare/5025…5026 https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2021-0001.md

COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel. Date published : 2021-05-26 http://packetstormsecurity.com/files/163014/COVID-19-Testing-Management-System-1.0-SQL-Injection.html https://phpgurukul.com/

COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter. Date published : 2021-05-26 https://phpgurukul.com/ https://www.exploit-db.com/exploits/49887

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. Date published : 2021-05-26 https://groups.google.com/g/golang-announce/c/wPunbCPkWUg https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7