CVE-2020-18748

Cross Site Scripting XSS in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221...

Cross site scripting

Cross Site Scripting XSS in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221...

CVE-2020-18748

Cross Site Scripting XSS in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221...

Huawei HarmonyOS 配置错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based distributed operating system. Huawei HarmonyOS has a security vulnerability that can be exploited by local attackers to elevate privileges...

Z-BlogPHP Information Disclosure Vulnerability (CNVD-2021-43494)

Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. An information disclosure vulnerability exists in Z-BlogPHP, which stems from a configuration error in Open Redirect in Z-BlogPHP v1.5.2 and earlier versions. The vulnerability can be exploited to obtain sensitive...

Micro Focus Secure API Manager 日志信息泄露漏洞

Secure API Manager is a complete solution from Micro Focus USA for creating, managing, maintaining, and monitoring the APIs you use in your IT environment.It provides a repository where you can store and manage all the APIs you use. An information disclosure vulnerability exists in Micro Focus...

IBM Jazz Foundation 配置错误漏洞

IBM Jazz Foundation is a software development collaboration platform for IBM Rational products. An information disclosure vulnerability exists in IBM Jazz Foundation. An attacker could exploit this vulnerability to obtain sensitive information from error messages returned in a browser, which coul...

Sifchain: Wrong implementation of Telegram link on the main page for PC users

Summary: I found that there is a broken link for your telegram group. When a PC user click on telegram icon on your main page he is redirected to tg://resolve?domain=sifchain instead of https://t.me/sifchain due to some errors in configurationcoding. That idea is good for mobile view not deskptop...

CVE-2021-21728

A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This...

Design/Logic Flaw

A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This...

CVE-2021-21728

CVE-2021-21728 affects the ZTE ZXA10 C300M (all versions up to V4.3P8). The issue is a configuration error: a port is open by default, allowing an attacker to flush a high volume of packets to that port and cause resource exhaustion, reducing system processing capability. The root cause is a reso...

CVE-2021-21728

A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This...

The vulnerability of Windows Admin Center, related to security configuration errors, allows a hacker to circumvent existing security restrictions.

The vulnerability of the Windows Admin Center management tool is related to security configuration errors. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...

MISP Default Configuration Error Vulnerability

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A default configuration error vulnerability exists in MISP version 2.4.136, which stems fr...

The vulnerability of the fly-wm window manager, related to security configuration errors, allows attackers to gain access to confidential data.

The vulnerability of the fly-wm window manager is related to security configuration errors. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data...

SAP NetWeaver-XML Toolkit for JAVA Information Disclosure Vulnerability

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An information disclosure vulnerability exists in SAP NetWeaver-XML Toolkit for JAVA ENGINEAPI. The vulnerabilit...

Microsoft SharePoint Information Disclosure Vulnerability (CNVD-2020-57588)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A security...

OPENSUSE-SU-2020:1678-1 Security update for crmsh

This update for crmsh fixes the following issues: - Fixed startdelay with start-delaybsc1176569 - fix onfail should be on-failbsc1176569 - config: Try to handle configparser.MissingSectionHeaderError while reading config file - uiconfigure: Obscure sensitive data by defaultbsc1163581 This update...

Apache HttpClient Information Disclosure Vulnerability

HttpClient is the United States Apache Apache Software Foundation of a Java written to access HTTP resources client program. The program is used to access network resources using the HTTP protocol. Apache HttpClient suffers from an information disclosure vulnerability that arises from errors such...

Design/Logic Flaw

voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuratio...