FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 suffers from a remote privilege escalation vulnerability.
6ef66ed70e92ad612290d98df48054d67d1c964e07a0683eaed0ee4abc38ad4e
FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 has the hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in the Users menu list of the application.
76986786233f93566ddb9953be6f98bfa450885a5ac241ed16617a8870a9ff2b
FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 is vulnerable to an unauthenticated configuration disclosure when a direct object reference is made to the backup archive file using an HTTP GET request.
c9208e538a5afc70b3635572f890f2667c94de059d48740427d2b3abf186786c
FatPipe Networks WARP version 10.2.2 suffers from an authorization bypass vulnerability.
d011bfaa75604c3b3dc63ad611330b11fc8a534120edc38f724e1a4f58929d87
The application interface FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
7e2119d2b169c3fb6fb1b259c686bac08187edd3b7de42bea6ab93a108d54445
Ubuntu Security Notice 5090-3 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.
b581416306f3dd476e571d54877a550435c22900a370f6c91efbf9d6ff8a914f
Red Hat Security Advisory 2021-3675-01 - The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupd packages provide a service that allows session software to update device firmware. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
ad9ce160c59df30cf9941c0697bd6c9340ed669c6ce5bb9d5b843c8b6fea9592
WordPress Ultimate Maps plugin version 1.2.4 suffers from a cross site scripting vulnerability.
ffbdf36c553fc01d39018fe0185356f74c5cc7f17c0c33a393d62e41f2a8b4f0
Red Hat Security Advisory 2021-3676-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
3890d30cbbe4c135f4f392438402e64ce8d51636134209fb2750f26e7d7532aa
Ubuntu Security Notice 5093-1 - Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
c4de699295308995e581a4fe17697bd8bdf4568f3c040db7dede29c2d61a0c08
Apache James Server version 2.3.2 remote command execution exploit.
c9b253ccb01558d000573b82422dd40cdb537674eba685ea7b12e068e995cf6b
Ubuntu Security Notice 5092-1 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. Various other issues were also addressed.
ebcf129926760acf6a8d3e98fe23c9b1ac0c8a4d82db537ed58774cee102bccf
WordPress Popup plugin version 1.10.4 suffers from a cross site scripting vulnerability.
ed1b48d005de68bb19e777a8b0f2eaf4468a6b8c5f2311d3d8b400aa188e742b
Ubuntu Security Notice 5091-1 - Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. Various other issues were also addressed.
e091ef36b1fd7e00cec219aaafc4dbf41a9c32a20d118dea6371229fe281294a
Red Hat Security Advisory 2021-3631-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.13.
8e15d9103084ebe3b6008819ce87de2a844281957382e8d746f468506f8e8c30
WordPress Contact Form plugin version 1.7.14 suffers from a cross site scripting vulnerability.
0e0ab4bcf75174837ae5ceeeb37aa6426986dc34ed136e26b958c7fd2bc5c479
Ubuntu Security Notice 5090-2 - USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Various other issues were also addressed.
341b8ef0fe4e6777bab5fa98b857529884200d7119257e755b6ca149890c4518
WordPress TranslatePress plugin version 2.0.8 suffers from a persistent cross site scripting vulnerability.
3822bef2a24677b6eb4b93a67de4fe8417a8820f848d7d696fae51a0be909fc2
Ubuntu Security Notice 5090-1 - James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Various other issues were also addressed.
4f7aac22cc9fea438546a6e2165f1fd88e03efade01784bf4e244e2cf8f08093
Zero day exploit for Nehelper Wifi Info on iOS 15.0. XPC endpoint com.apple.nehelper accepts user-supplied parameter sdk-version, and if its value is less than or equal to 524288, the com.apple.developer.networking.wifi-info entitlement check is skipped. This makes it possible for any qualifying application (e.g. possessing location access authorization) to gain access to Wifi information without the required entitlement. This happens in -[NEHelperWiFiInfoManager checkIfEntitled:] in /usr/libexec/nehelper.
0af5f880ff757d8f4ecf82631a976eb88cd98d6646578d823eeb66b9199ddf29
Zero day exploit for nehelper on iOS 15.0 that allows any user-installed application to determine whether any application is installed on the device given its bundle ID.
375980bf93ee070923c3bb357ef6f80b43ca064d6099d8de7d730edb2ea93c70
Zero day exploit for Gamed on iOS 15.0 that demonstrates information disclosure vulnerabilities.
064f75f646068bb009495ba2efc5724b31cd4cd7265da1713630bea9d23cab50
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
4590890ea9bb9ace4f71ae331785a3a5823232435161960ed5fc86588f331fe9
Red Hat Security Advisory 2021-3666-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, path sanitization, and use-after-free vulnerabilities.
c3e88fe61108ab45d44ef8e7ffedeed0ae53649beffdf3ca315f12cedd7d9b64
Simple Attendance System version 1.0 authentication bypass exploit that adds an administrator.
e4a056c4bf0781532ad19c5a4655a2089555c71ce7492598d7a21cf841394ff6