Monthly Archive: June 2021

An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x....

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs. Date published : 2021-06-09 https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html

An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service...

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted...

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices...

SAP NetWeaver AS for ABAP (Web Survey), versions – 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site...

SAP NetWeaver AS ABAP and ABAP Platform, versions – 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated...

Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

Possible use after free in Display due to race condition while creating an external display in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

Improper input validation in an API for the Intel(R) Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access. Date published : 2021-06-09 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00521.html

Key exchange without entity authentication in the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable escalation of privilege via network access. Date published : 2021-06-09 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00521.html

Missing release of resource after effective lifetime in an API for the Intel(R) Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access. Date published...

Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via network access. Date published...

Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. Date published : 2021-06-09 https://security.netapp.com/advisory/ntap-20210716-0002/ https://www.debian.org/security/2021/dsa-4951