Monthly Archive: May 2021

vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious...

Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API. Date published : 2021-05-26 Home v5 https://api.vfairs.com/v1/users/

A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is...

A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server...

A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. Date published : 2021-05-26 https://security.netapp.com/advisory/ntap-20210702-0008/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/

A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. Date published : 2021-05-26 https://security.netapp.com/advisory/ntap-20210702-0008/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/

A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. Date published : 2021-05-26 https://security.netapp.com/advisory/ntap-20210702-0008/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/

A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still...

A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. Date published : 2021-05-26 https://security.netapp.com/advisory/ntap-20210702-0005/ https://bugzilla.redhat.com/show_bug.cgi?id=1893287,

A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are...

Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code. Date published : 2021-05-26 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb...

Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service. Date published : 2021-05-26 https://trac.ffmpeg.org/ticket/8274 https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html

Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service. Date published : 2021-05-26 https://trac.ffmpeg.org/ticket/8317 https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html

Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service. Date published : 2021-05-26 https://trac.ffmpeg.org/ticket/8310