Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31963, CVE-2021-31966. Date published : 2021-06-08 https://www.zerodayinitiative.com/advisories/ZDI-21-755/ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26420
Windows DCOM Server Security Feature Bypass Date published : 2021-06-08 http://packetstormsecurity.com/files/163206/Windows-Kerberos-AppContainer-Enterprise-Authentication-Capability-Bypass.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26414
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is...
The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service (ReDoS) via the gopher_parsedir function. Date published : 2021-06-08 https://github.com/locutusjs/locutus/commit/eb863321990e7e5514aa14f68b8d9978ece9e65e https://github.com/locutusjs/locutus/pull/446
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. Date published...
A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application...
An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c Date published : 2021-06-08 https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c
An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c Date published : 2021-06-08 https://github.com/google/asylo/commit/ecfcd0008b6f8f63c6fa3cc1b62fcd4a52f2c0ad
An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading...
An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in...
An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks. Date published : 2021-06-08 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22220.json https://gitlab.com/gitlab-org/gitlab/-/issues/294128
GitLab CE/EE since version 9.5 allows a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking. Date published : 2021-06-08 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22219.json https://gitlab.com/gitlab-org/gitlab/-/issues/296995
All versions of GitLab CE/EE starting with 12.8 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits. Date published : 2021-06-08 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22218.json...
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request Date published...