IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs,...
An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35. Date published : 2021-06-07 https://security.netapp.com/advisory/ntap-20210727-0006/ https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2
An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. Date published : 2021-06-07 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51c19bf3d5cfaa66571e4b88ba2a6f6295311101
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. Date published...
PageLayer before 1.3.5 allows reflected XSS via color settings. Date published : 2021-06-07 Reflected XSS in PageLayer Plugin Affects Over 200,000 WordPress Sites
PageLayer before 1.3.5 allows reflected XSS via the font-size parameter. Date published : 2021-06-07 https://www.wordfence.com/blog/2020/12/reflected-xss-in-pagelayer-plugin-affects-over-200000-wordpress-sites/
A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator....
Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php." Date published : 2021-06-07 https://github.com/zblogcn/zblogphp/issues/209 https://github.com/zblogcn/zblogphp/issues/216
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member". Date published : 2021-06-07 https://github.com/github123abc123/bird/issues/1
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member". Date published : 2021-06-07 https://github.com/github123abc123?tab=projects
A flaw was found in the machine-config-operator that causes an OpenShift node to become unresponsive when a container consumes a large amount of memory. An attacker could use this flaw to deny access to...
An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected....
A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity....
An improper authorization flaw was discovered in openstack-selinux’s applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack...