Monthly Archive: June 2021

Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of heap hardening could cause heap overflows, which might lead to information disclosure and denial of service. Date...

In Artica Pandora FMS

think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated...

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Date published...

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Date published...

Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage. Date published : 2021-06-30 http://chevereto.com http://packetstormsecurity.com/files/164183/Cloudron-6.2-Cross-Site-Scripting.html

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart...

Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). Date published : 2021-06-30 http://plixer.com https://docs.plixer.com/projects/scrutinizer/en/19.1.0/system/changelog.html

A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS...

This issue affects: QNAP Systems Inc. Q’center versions prior to 1.11.1004. Date published : 2021-06-30 https://www.qnap.com/zh-tw/security-advisory/qsa-21-31

A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS...

xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs…) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is...

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the...

An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to...