Monthly Archive: July 2021

MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. Date published : 2021-07-15 http://www.magicsmotion.com/p-flamingo.html

MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors. Date published : 2021-07-15 http://www.magicsmotion.com/p-flamingo.html

The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM...

The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system...

The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges. Date published : 2021-07-15 https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2020?applicable_category=Windows&applicable_version=2.1.2.105

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x...

A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause...

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for...

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This...

Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB...

The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path. Date published : 2021-07-14 http://support.lexmark.com/alerts/ http://support.lexmark.com/index?id=TE952&page=content&locale=en&userlocale=EN_US

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine...

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34528. Date published : 2021-07-14 https://www.zerodayinitiative.com/advisories/ZDI-21-827/ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34529

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34529. Date published : 2021-07-14 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34528