github.com/sassoftware/go-rpmutils Arbitrary File Write via Archive Extraction (Zip Slip)

The CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading .. which leads in file extraction outside of the current directory. Note, the fixing commit was applied to all affected versions which were re-released...

Information Disclosure

@apollosproject/data-connector-rock is vulnerable to information disclosure. Registration of a new user allows a user who knows basic profile information name, birthday, gender, etc of anyone to access anyone's account using all app functionality within the app...

Cross site scripting

The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue...

CVE-2021-24346 Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS)

The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue...

Dell NetWorker 路径遍历漏洞

Dell NetWorker is an application from Dell USA Inc. It provides forum discussion functionality for Dell Inc. A path traversal vulnerability exists in Dell NetWorker, which can be exploited by an attacker to exploit multiple vulnerabilities in Dell NetWorker...

GHSA-JXCC-G75X-QGW9 Calipso Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality...

PT-2021-7762 · Rockwell Automation · Isagraf Runtime

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ISaGRAF Runtime versions 4.x through 5.x Description: The issue concerns the encryption of passwords used to execute privileged commands in the ISaGRAF Runtime. Specifically, a fixed key value is used with the tiny...

CVE-2021-23391

This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2021-1973)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:1819-1 Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly

This update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly fixes the following issues: gstreamer was updated to version 1.16.3 bsc1181255: - delay creation of threadpools - bin: Fix deep-element-removed log message - buffer: fix meta...

Debian DSA-4922-1 : hyperkitty - security update

Amir Sarabadani and Kunal Mehta discovered that the import functionality of Hyperkitty, the web user interface to access Mailman 3 archives, did not restrict the visibility of private archives during the import, i.e. that during the import of a private Mailman 2 archive the archive was publicly...

[SECURITY] [DSA 4922-1] hyperkitty security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4922-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 29, 2021 https://www.debian.org/security/faq -...

Apple macOS Big Sur 访问控制错误漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. An access control error vulnerability exists in macOS Big Sur, which stems from a feature that allows local users to gain unauthorized access to otherwise restricted functionality. Affected Versions:macOS: 11.0 20A2411, 11.0.1 20B29,...

CVE-2021-3421

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This...

CVE-2021-3421

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This...

CVE-2021-24289

There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin...

loewe.com Cross Site Scripting vulnerability OBB-2014944

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| loewe.com ---|--- Open Bug Bounty...

Code injection

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. ...

CVE-2021-21424

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. ...

CVE-2021-21424 Prevent user enumeration using Guard or the new Authenticator-based Security

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. ...