Monthly Archive: June 2021

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not...

LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allow Relative Path Traversal. Date published : 2021-06-10 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-010.txt

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with ‘MergeSlashes OFF’ Date published : 2021-06-10 https://security.netapp.com/advisory/ntap-20210702-0001/ https://www.debian.org/security/2021/dsa-4937

A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user...

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are...

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug...

Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file. Date published : 2021-06-10 https://github.com/ckolivas/lrzip/issues/165

A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file. Date published : 2021-06-10 https://github.com/ckolivas/lrzip/issues/164

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow Date published : 2021-06-10 https://security.netapp.com/advisory/ntap-20210702-0001/ https://www.debian.org/security/2021/dsa-4937

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service Date published : 2021-06-10...

An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_bytecode_ref in ecma-helpers.c file. Date published : 2021-06-10 https://github.com/jerryscript-project/jerryscript/issues/4056

An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_deref_bigint in ecma-helpers.c file. Date published : 2021-06-10 https://github.com/jerryscript-project/jerryscript/issues/4402

An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_print_unhandled_exception in main-utils.c file. Date published : 2021-06-10 https://github.com/jerryscript-project/jerryscript/issues/4403

An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number in js-lexer.c file. Date published : 2021-06-10 https://github.com/jerryscript-project/jerryscript/issues/4442