Read Time:6 Second
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
Category Archives: Advisories
SEC Consult SA-20220602-0 :: Multiple Memory Corruption Vulnerabilities in dbus-broker
Read Time:15 Second
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03
SEC Consult Vulnerability Lab Security Advisory < 20220602-0 >
=======================================================================
title: Multiple Memory Corruption Vulnerabilities
product: dbus-broker
vulnerable version: dbus-broker-29
fixed version: dbus-broker-31
CVE number: CVE-2022-31212, CVE-2022-31213
impact: medium
homepage:…
SEC Consult SA-20220601-1 :: Authenticated Command Injection in Poly Studio
Read Time:19 Second
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03
SEC Consult Vulnerability Lab Security Advisory < 20220601-1 >
=======================================================================
title: Authenticated Command Injection
product: Poly Studio X30, Studio X50, Studio X70, G7500
vulnerable version: 3.4.0-292042, 3.5.0-344025, 3.6.0
fixed version: 3.7.0 or higher
CVE number: CVE-2022-26481
impact: critical
homepage:…
SEC Consult SA-20220601-0 :: Multiple Critical Vulnerabilities in Poly EagleEye Director II
Read Time:18 Second
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03
SEC Consult Vulnerability Lab Security Advisory < 20220601-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Poly EagleEye Director II
vulnerable version: 2.2.1.1 (Jul 1, 2021)
fixed version: 2.2.2.1 or higher
CVE number: CVE-2022-26479, CVE-2022-26482
impact: critical
homepage:…
SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3
Read Time:16 Second
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03
SEC Consult Vulnerability Lab Security Advisory < 20220531-0 >
=======================================================================
title: Backdoor account
product: Korenix JetPort 5601V3
vulnerable version: Firmware version 1.0
fixed version: None
CVE number: CVE-2020-12501
impact: High
homepage: https://www.korenix.com/
found: 2020-04-06…
Re: Three vulnerabilities found in MikroTik’s RouterOS
Read Time:23 Second
Posted by Q C on Jun 03
[update 2022/05/30] Two CVEs have been assigned to these vulnerabilities.
CVE-2021-36613: Mikrotik RouterOs before stable 6.48.2 suffers from a
memory corruption vulnerability in the ptp process. An authenticated remote
attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2021-36614: Mikrotik RouterOs before stable 6.48.2 suffers from a
memory corruption vulnerability in the tr069-client process. An
authenticated remote…
[CVE-2021-40150] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Web Server Configuration Disclosure
Read Time:25 Second
Posted by Julien Ahrens (RCE Security) on Jun 03
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: Reolink E1 Zoom Camera
Vendor URL: https://reolink.com/product/e1-zoom/
Type: Exposure of Sensitive Information to an Unauthorized Actor [CWE-200]
Date found: 2021-08-26
Date published: 2022-06-01
CVSSv3 Score: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVE: CVE-2021-40150
2. CREDITS
==========…
[CVE-2021-40149] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Private Key Disclosure
Read Time:25 Second
Posted by Julien Ahrens (RCE Security) on Jun 03
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: Reolink E1 Zoom Camera
Vendor URL: https://reolink.com/product/e1-zoom/
Type: Exposure of Sensitive Information to an Unauthorized Actor [CWE-200]
Date found: 2021-08-26
Date published: 2022-06-01
CVSSv3 Score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE: CVE-2021-40149
2. CREDITS
==========…
A Vulnerability in Atlassian Confluence Server and Data Center Could Allow for Remote Code Execution
Read Time:33 Second
A vulnerability has been discovered in Atlassian Confluence Server and Data Center, which could allow for remote code execution. Confluence is a wiki tool used to help teams collaborate and share knowledge efficiently. Successful exploitation of this vulnerability could allow for remote code execution within the context of the service account used to run the Confluence Server or Data Center service. Depending on the privileges associated with the service account, an attacker could view, change, or delete data. If the service account has been configured to have fewer rights on the system, exploitation of this vulnerability could have less impact than if it was configured with administrative rights.
firefox-101.0-1.fc35
Read Time:11 Second
FEDORA-2022-bf1df71b2a
Packages in this update:
firefox-101.0-1.fc35
Update description:
New upstream version (101.0)
Fixed missing popups in some scenarios on Wayland (https://bugzilla.mozilla.org/show_bug.cgi?id=1771104)