Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

CVE-2021-38991: IBM AIX code execution CVE-2021-38991 Vulnerability Report

IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.

CVE
Open in Source
#vulnerability#ios
RHSA-2022:0081: Red Hat Security Advisory: virt:av and virt-devel:av security and bug fix update

An update for the virt:av and virt-devel:av modules is now available for Red Hat Enterprise Linux Advanced Virtualization 8.5. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3930: QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c * CVE-2021-20257: QEMU: net: e1000: infinite loop while processing transmit descriptors

CVE-2021-25043: Changeset 2640621 for woocommerce-currency-switcher – WordPress Plugin Repository

The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue

CVE-2021-46048: A abort failure in wasm::WasmBinaryBuilder::readFunctions · Issue #4412 · WebAssembly/binaryen

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions.

CVE-2021-46055: A abort failure in wasm::Builder::makeFunction · Issue #4413 · WebAssembly/binaryen

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).

CVE-2021-30360: Enterprise Endpoint Security E86.20 Windows Clients

Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.

CVE-2021-38990: IBM AIX code execution CVE-2021-38990 Vulnerability Report

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952.

CVE-2022-22707: Bug #3134: mod_extforward plugin has out-of-bounds (OOB) write of 4-byte -1 - Lighttpd

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes), as demonstrated by remote denial of service (daemon crash).

CVE-2021-38918: Security Bulletin: The PowerVM hypervisor can violate the isolation between peer VMs in certain scenarios

IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management operations could lead to a violation of the isolation between peer VMs. IBM X-Force ID: 210019.

CVE-2021-45980: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API.