Access controls vulnerabilities in containerd containers
Overview : Access controls vulnerabilities in containerd containers Affected Product(s) : containerd v1.4.2 containerd v1.3.8 Vulnerability Details : CVE ID
Privilege issues in Kubernetes kube-apiserver
Overview : Privilege issues in Kubernetes kube-apiserver Affected Product(s) : kube-apiserver v1.18.0-1.18.5 kube-apiserver v1.17.0-1.17.8 kube-apiserver v1.16.0-1.16.12 all kube-apiserver versions prior
Unauthenticated CSV Injection in NetSkope
Overview : CSV injection in netskope Admin UI (Version 75.0) Affected Product(s) : Netskope 75.0 Vulnerability Details : CVE ID
Nextcloud Latest vulnerabilities released
Overview : Multiple vulnerabilities reported in Nextcloud Affected Product(s) : Nextcloud Social app version 0.3.1 Nextcloud Social < 0.4.0 Vulnerability
Multiple vulnerabilities reported in GitLab EE
Overview : Multiple vulnerabilities reported in GitLab EE Affected Product(s) : Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. Affected versions
XSS vulnerability in Dashboards section in Kaa IoT Platform v1.2.0
Overview : Kaa IoT Platform version 1.2.0 suffers from a persistent cross site scripting vulnerability. Affected Product(s) : Kaa IoT
Permissions missuses in Nagios XI 5.7.4
Overview : Permissions missuses in Nagios Affected Product(s) : Nagios XI 5.7.4 Vulnerability Details : CVE ID : CVE-2020-5796 Improper
Remote Code Execution in CMSUno 1.6.2
Overview : Remote Code Execution in CMSUno 1.6.2 Affected Product(s) : Version: 1.6.2 Vulnerability Details : CVE ID : CVE-2020-25538
Reflected Cross-Site Scripting (XSS) on API Manager 3.1.0
Overview : Cross-Site Scripting (XSS) vulnerability on API Manager 3.1.0 Affected Product(s) : WSO2 API Manager Vulnerability Details : CVE
Tracking Down New WordPress Popup Injection Malware
A new variant of popup injector WordPress malware is spreading and affecting 1000s of WordPress websites. The web master was
NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.
Overview : NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. Security Advisory
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0004
Overview : A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that
Security Advisory for Post-Authentication Stack Overflow on Some Routers and Modem Routers
Overview : Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56,
Overview : Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before
Security Advisory for Post-Authentication Command Injection on Some Routers and Gateways, PSV-2018-0352
Overview : Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.52, D6400
Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small.
Overview : Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated
Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an authenticated local attacker could modify a registry key
Overview : In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an authenticated local attacker could modify a registry key,
MongoDB Enterprise Kubernetes Operator 1.2.5
Overview : X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes
The Argo Project is an open source provider of Kubernetes CI/CD workflows, facilitating Infrastructure as Code.
Overview : In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to
Multiple vulnerabilities in EasyBlocks IPv6
Overview : Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier
Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3.
Overview : Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to
Vulnerabilities Discovered in CIPAce Enterprise Platform
Overview : A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP
Data Center Security Privilege Escalation
Overview : Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers
Overview : PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server