Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

RHSA-2021:4902: Red Hat Security Advisory: ACS 3.67 security and enhancement update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-27304: civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API * CVE-2021-3749: nodejs-axios: Regular expression denial of service in trim function * CVE-2021-3801: nodejs-prismjs: ReDoS vulnerability * CVE-2021-23343: nodejs-path-parse: ReDoS via spli...

Red Hat Security Data
Open in Source
#vulnerability#web#ios#google#amazon#ubuntu#linux#red_hat#dos#nodejs#js#kubernetes
CVE-2021-43687: GitHub - chamilo/chamilo-lms at v1.11.14

chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.

CVE-2021-44479: GitHub - Xen1thLabs-AE/CVE-2021-40154: POC to test the BootROM vulnerability found in LPC55S69 and K82 Series

NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.

CVE-2021-26615: KISA 인터넷 보호나라&KrCERT

ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow.

CVE-2021-42785: TightVNC: What's New in TightVNC

Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server.

CVE-2021-36332: DSA-2021-194: Dell EMC CloudLink Security Update for Multiple Security Vulnerabilities

Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites.

CVE-2021-23732: Arbitrary Code Execution in docker-cli-js | Snyk

This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.

CVE-2021-26614: KISA 인터넷 보호나라&KrCERT

ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command.

CVE-2021-44079: Active response tools allow arbitrary code execution · Issue #10858 · wazuh/wazuh

In the wazuh-slack active response script in Wazuh before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution.

CVE-2021-29329: stack-overflow(fxBinaryExpressionNodeDistribute) · Issue #587 · Moddable-OpenSource/moddable

OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c.