Monthly Archive: May 2021

IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against...

IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018 Date published : 2021-05-20 https://www.ibm.com/support/pages/node/6454605...

IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015 Date published : 2021-05-20 https://www.ibm.com/support/pages/node/6454587 https://exchange.xforce.ibmcloud.com/vulnerabilities/200015

IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998. Date published : 2021-05-20 https://www.ibm.com/support/pages/node/6454587 https://exchange.xforce.ibmcloud.com/vulnerabilities/199998

IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against...

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering...

An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion. Date published : 2021-05-20 https://blog.envoyproxy.io https://github.com/envoyproxy/envoy-setec/pull/230

In function read_yin_leaf() in libyang

In function lys_node_free() in libyang module can’t be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617). Date published : 2021-05-20 https://github.com/CESNET/libyang/issues/1452 https://security.gentoo.org/glsa/202107-54

In function ext_get_plugin() in libyang

A stack overflow in libyang

In function read_yin_container() in libyang

A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. QNAP have already fixed...

An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received. Date published : 2021-05-20 https://blog.envoyproxy.io https://github.com/envoyproxy/envoy/releases