- Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)on October 16, 2021 at 6:11 am
Posted by Yann Ylavic on Oct 15Hi Román, I (for one) would argue that admins/vendors that ship a RCE-vulnerable custom configuration should reserve a CVE like this to notify their users. httpd does not, at least. Cheers; Yann.
- Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)on October 15, 2021 at 6:09 pm
Posted by Roman Medina-Heigl Hernandez on Oct 15Hi Yann, Re [1], I think this: “critical: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773 […]
- CVE-2021-41971: Apache Superset: Possible SQL Injection when template processing is enabledon October 15, 2021 at 1:53 pm
Posted by Daniel Gaspar on Oct 15Severity: low Description: Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http […]
- CVE-2021-32609: Apache Superset: XSS vulnerability on Explore pageon October 15, 2021 at 1:05 pm
Posted by Daniel Gaspar on Oct 15Description: Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html […]
- CVE-2021-3847: OverlayFS – Potential Privilege Escalation using overlays copy_upon October 14, 2021 at 6:55 pm
Posted by Alon Zahavi on Oct 14After disclosing the issue with the linux-distros mailing list, I am reporting the security issue publicly to here. There is no patch available and may not be available for a long time because the kernel can’t […]
- CVE-2021-42257: check_smart.pl: unprivileged user can alter hard drive settingson October 14, 2021 at 6:11 pm
Posted by Wolfgang Frisch on Oct 14Hello oss-security, during a routine audit of scripts in openSUSE, I discovered a vulnerability in `check_smart.pl` [4], a plugin for systems monitoring software to monitor the values of SMART attributes of hard […]
vuldb.com Updates
- GNU Mailman up to 2.1b1 Cgi/confirm.py cross site scriptingby vuldb.com on October 17, 2021 at 3:31 pm
A vulnerability was found in GNU Mailman (Mail Client Software) and classified as problematic. This issue affects an unknown code block of the file Cgi/confirm.py. A possible mitigation has been published 3 days after the disclosure of the vulnerability.
- Wouter Verhelst nbd up to 2.9.19 nbd-server.c mainloop memory corruptionby vuldb.com on October 17, 2021 at 3:15 pm
A vulnerability, which was classified as critical, was found in Wouter Verhelst nbd. This affects the function mainloop of the file nbd-server.c. Upgrading to version 2.9.11 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at […]
- MoinMo MoinMoin up to 1.3.4 cross site scripting [CVE-2011-1058]by vuldb.com on October 17, 2021 at 2:53 pm
A vulnerability, which was classified as problematic, has been found in MoinMo MoinMoin up to 1.3.4 (Content Management System). Affected by this issue is some unknown functionality. Upgrading to version 1.3.5 eliminates this vulnerability.
- Hex-Rays IDA 5.7/6.0 File Loader memory corruptionby vuldb.com on October 17, 2021 at 2:38 pm
A vulnerability, which was classified as critical, has been found in Hex-Rays IDA 5.7/6.0. This issue affects an unknown function of the component File Loader. A possible mitigation has been published immediately after the disclosure of the vulnerability.
- Gareth Watts PHPXref up to 0.7 nav.html cross site scriptingby vuldb.com on October 17, 2021 at 2:31 pm
A vulnerability was found in Gareth Watts PHPXref up to 0.7 (Content Management System). It has been rated as problematic. Affected by this issue is an unknown code of the file nav.html. Upgrading to version 0.5 eliminates this vulnerability.
- RealNetworks RealPlayer up to 14.0.1 OpenURLinPlayerBrowser memory corruptionby vuldb.com on October 17, 2021 at 2:23 pm
A vulnerability was found in RealNetworks RealPlayer up to 14.0.1 (Multimedia Player Software) and classified as very critical. This issue affects the function OpenURLinPlayerBrowser. A possible mitigation has been published immediately after the disclosure of the vulnerability.
- Ruby on Rails prior 3.0.0 Access Restriction resolver.rb access controlby vuldb.com on October 17, 2021 at 2:08 pm
A vulnerability has been found in Ruby on Rails (Programming Language Software) and classified as critical. This vulnerability affects an unknown function in the library actionpack/lib/action_view/template/resolver.rb of the component Access Restriction. Upgrading to version 3.0.0 eliminates this […]