Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-8151: Redirecting to Google Groups

There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.

CVE

Related news

CVE-2021-42280: Windows Feedback Hub Elevation of Privilege Vulnerability

*What privileges does the attacker gain?* An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.

CVE-2021-42277: Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

*What privileges does the attacker gain?* An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.

CVE-2021-41379: Windows Installer Elevation of Privilege Vulnerability

*What privileges does the attacker gain?* An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.

CVE-2021-36170: PSIRT Advisories | FortiGuard

An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.

CVE-2021-20791: JVN#81658818: Multiple vulnerabilities in RevoWorks Browser

Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors.

CVE-2021-34556

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.

CVE-2021-35477

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.

CVE-2017-7529: [nginx-announce] nginx security advisory (CVE-2017-7529)

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907