🚨 CVE-2021-36350
Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication.
🎖@cveNotify
Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication.
🎖@cveNotify
Dell
DSA-2021-243: Dell PowerScale OneFS Contains Security Update for Multiple Vulnerabilities. | Dell UK
Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
🚨 CVE-2021-43587
Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.
🎖@cveNotify
Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.
🎖@cveNotify
🚨 CVE-2018-25028
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free.
🎖@cveNotify
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free.
🎖@cveNotify
rustsec.org
RUSTSEC-2018-0021: libpulse-binding: Use-after-free with objects returned by `Stream`'s `get_format_info` and `get_context` methods…
Security advisory database for Rust crates published through https://crates.io
🚨 CVE-2021-36318
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.
🎖@cveNotify
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.
🎖@cveNotify
Dell
DSA-2021-204: Dell EMC Avamar, Dell EMC NetWorker Virtual Edition (NVE), and Dell EMC PowerProtect DP Series Appliance or Dell…
Dell EMC Avamar, Dell EMC NetWorker Virtual Edition (NVE), and Dell EMC PowerProtect DP Series Appliance or Dell EMC Integrated Data Protection Appliance (IDPA) remediation is available for multiple vulnerabilities that may be exploited by malicious users…
👍1
🚨 CVE-2021-45510
NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass.
🎖@cveNotify
NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass.
🎖@cveNotify
Netgear
Security Advisory for Authentication Bypass on XR1000, PSV-2021-0011 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-09-26 NETGEAR has released fixes for an authentication bypass security vulnerability on the following product models: XR1000, running firmware versions prior to 1.0.0.58 NETGEAR strongly recommends that you download…
🚨 CVE-2021-45674
Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.
🎖@cveNotify
Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.
🎖@cveNotify
Netgear
Security Advisory for Stored Cross Site Scripting on Some Routers, PSV-2020-0017 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-09-26 NETGEAR has released fixes for a stored cross site scripting security vulnerability on the following product models: R7000, running firmware versions prior to 1.0.11.110 R7900, running firmware versions…
🚨 CVE-2021-45655
NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection.
🎖@cveNotify
NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection.
🎖@cveNotify
Netgear
Security Advisory for Server Side Injection on R6400, PSV-2019-0178 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-09-25 NETGEAR has released fixes for a server side injection security vulnerability on the following product models: R6400, running firmware versions prior to 1.0.1.70 NETGEAR strongly recommends that you download…
🚨 CVE-2021-45660
Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.
🎖@cveNotify
Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.
🎖@cveNotify
Netgear
Security Advisory for Server Side Injection on Some WiFi Systems, PSV-2019-0133 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-09-25 NETGEAR has released fixes for a server side injection security vulnerability on the following product models: RBK40, running firmware versions prior to 2.5.1.16 RBR40, running firmware versions prior to…
🚨 CVE-2021-45659
Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.
🎖@cveNotify
Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.
🎖@cveNotify
Netgear
Security Advisory for Server Side Injection on Some WiFi Systems, PSV-2019-0126 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-09-25 NETGEAR has released fixes for a server side injection security vulnerability on the following product models: RBK40, running firmware versions prior to 2.5.1.16 RBR40, running firmware versions prior to…
🚨 CVE-2021-45657
Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, RBS50Y before 2.6.1.40, and WNR2020 before 1.1.0.62.
🎖@cveNotify
Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, RBS50Y before 2.6.1.40, and WNR2020 before 1.1.0.62.
🎖@cveNotify
NETGEAR KB
Security Advisory for Server Side Injection on Some Routers and WiFi Systems, PSV-2019-0141
Associated CVE IDs: None First published: 2021-09-25 NETGEAR has released fixes for a server side injection security vulnerability on the following product models: D6200, running firmware versions prior to 1.1.00.38 D7000, running firmware versions prior…
🚨 CVE-2018-25027
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cause a use-after-free.
🎖@cveNotify
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cause a use-after-free.
🎖@cveNotify
rustsec.org
RUSTSEC-2018-0021: libpulse-binding: Use-after-free with objects returned by `Stream`'s `get_format_info` and `get_context` methods…
Security advisory database for Rust crates published through https://crates.io
🚨 CVE-2018-25026
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.
🎖@cveNotify
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.
🎖@cveNotify
🚨 CVE-2018-25025
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption.
🎖@cveNotify
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption.
🎖@cveNotify
🚨 CVE-2021-45636
NETGEAR D7000 devices before 1.0.1.82 are affected by a stack-based buffer overflow by an unauthenticated attacker.
🎖@cveNotify
NETGEAR D7000 devices before 1.0.1.82 are affected by a stack-based buffer overflow by an unauthenticated attacker.
🎖@cveNotify
Netgear
Security Advisory for Pre-Authentication Stack Overflow on D7000, PSV-2019-0182 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-12-20 NETGEAR has released fixes for a pre-authentication stack overflow security vulnerability on the following product models: D7000, running firmware versions prior to 1.0.1.82 NETGEAR strongly recommends…
🚨 CVE-2021-45503
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
🎖@cveNotify
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
🎖@cveNotify
NETGEAR KB
Security Advisory for Authentication Bypass on Some WiFi Systems, PSV-2020-0474
Associated CVE IDs: None First published: 2021-09-26 NETGEAR has released fixes for an authentication bypass security vulnerability on the following product models: CBR750, running firmware versions prior to 4.6.3.6 RBK752, running firmware versions prior…
🚨 CVE-2021-40417
When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer overflow with regards to this calculation, this can result in an undersized heap buffer being allocated. When this heap buffer is written to, a heap-based buffer overflow will occur. This can result in code execution under the context of the application.
🎖@cveNotify
When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer overflow with regards to this calculation, this can result in an undersized heap buffer being allocated. When this heap buffer is written to, a heap-based buffer overflow will occur. This can result in code execution under the context of the application.
🎖@cveNotify
🚨 CVE-2021-45505
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
🎖@cveNotify
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
🎖@cveNotify
Netgear
Security Advisory for Authentication Bypass on Some WiFi Systems, PSV-2020-0477 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-09-26 NETGEAR has released fixes for an authentication bypass security vulnerability on the following product models: CBR750, running firmware versions prior to 4.6.3.6 RBK752, running firmware versions prior…
🚨 CVE-2021-21878
A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability.
🎖@cveNotify
A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability.
🎖@cveNotify
🚨 CVE-2021-45461
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.
🎖@cveNotify
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.
🎖@cveNotify
FreePBX Community Forums
SECURITY ISSUE - Potential Rest Phone Apps RCE
On the afternoon of December 21, 2021 Sangoma received a report of malicious activity in progress on a fully up to date FreePBX 15 system. Technical details followed very quickly, and engineering was able to act within minutes of the report. Investigation…
🚨 CVE-2021-45646
NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of sensitive information.
🎖@cveNotify
NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of sensitive information.
🎖@cveNotify
Netgear
Security Advisory for Sensitive Information Disclosure on R7000, PSV-2020-0174 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-12-21 NETGEAR has released fixes for a sensitive information disclosure security vulnerability on the following product models: R7000, running firmware versions prior to 1.0.11.116 NETGEAR strongly recommends…
🚨 CVE-2021-43816
containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible.
🎖@cveNotify
containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible.
🎖@cveNotify
GitHub
containerd CRI plugin: Unprivileged pod using `hostPath` can side-step SELinux
### Impact
Containers launched through containerd’s CRI implementation on Linux systems which use the SELinux security module and containerd versions since v1.5.0 can cause arbitrary files and d...
Containers launched through containerd’s CRI implementation on Linux systems which use the SELinux security module and containerd versions since v1.5.0 can cause arbitrary files and d...