Security News

Security news from: cvedetails.com

  • – 24. september 2021CVE-2021-41503
    ** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attac …
  • – 24. september 2021CVE-2021-41581
    x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks …
  • – 24. september 2021CVE-2021-41504
    ** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may a …
  • – 24. september 2021CVE-2021-41583
    vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the in …
  • – 24. september 2021CVE-2021-41584
    Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-E …
  • – 24. september 2021CVE-2021-41586
    In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password. (CVSS:0.0) (Last Update:2021-09-24)
  • – 24. september 2021CVE-2021-41587
    In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources. (CVSS:0.0) (Last Update:2021-09-24)
  • – 24. september 2021CVE-2021-41588
    In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys. (CVSS:0.0) (Last Update:20 …
  • – 23. september 2021CVE-2021-41381
    Payara Micro Community 5.2021.6 and below allows Directory Traversal. (CVSS:0.0) (Last Update:2021-09-23)
  • – 23. september 2021CVE-2021-41088
    Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend (started by `elvish -web`) hosts an endpoint that allows exe …