SUSE: Security Advisory (SUSE-SU-2020:2544-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2904-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:2613-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Nextcloud: Default Nextcloud Server and Android Client leak sharee searches to Nextcloud

On a clean Nextcloud setup the functionality "Search global and public address book for users" is enabled. Now when searching for a sharee to share with. The lookup parameter is not passed to the server. Resulting in...

Design/Logic Flaw

An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability...

CVE-2020-27228

OpenClinic GA 5.173.3 is affected by an installation-time privilege-escalation vulnerability (CVE-2020-27228). The underlying issue is an incorrect default permissions setup that permits modification of the OpenClinic MySQL service binary (example path: c:\projects\openclinic\mysql5\bin\mysqld.ex...

Cross site scripting

IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396...

Denial Of Service (DoS)

github.com/containers/storage/commit is vulnerable to Denial Of Service DoS. The decompression functionality allows an attacker to crash the application by pulling in malicious tools that resembles podman or cri-o during container image pulls...

CVE-2021-3487

There's a flaw in the BFD library of binutils. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption...

CVE-2021-30146

CVE-2021-30146 affects Seafile Server 7.0.5 (2019). The vulnerability is a Persistent XSS in the"share of library" feature, enabling malicious JavaScript execution. The attack path described in sources indicates an attacker with a local account can create a shared library containing injected scri...

CVE-2021-30140

CVE-2021-30140 affects LiquidFiles 3.4.15, which contains a stored cross-site scripting (XSS) vulnerability in the "+send email" feature when sending a file to an administrator. If the attached file has no extension and contains malicious HTML/JavaScript content (e.g., SVG with HTML), the payload...

Exploit for Cross-site Scripting in Seafile

CVE-2021-30146 Seafile 7.0.5 Persistent XSS Suggested descri...

PT-2021-18627 · Unknown · Liquidfiles

Name of the Vulnerable Software and Affected Versions: LiquidFiles versions 3.4.15 Description: The issue is related to stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML/JavaScript content,...

CVE-2021-24162

In the Reponsive Menu free and Pro WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in...

Default credentials

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. It is possible using TELNET without a password to control the camera's pan/zoom/tilt functionality...

CVE-2021-27220

An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot functionality with prepared context paths, an attacker is able to verify the existence of certain files on the filesystem of the PRTG's Web server...

CVE-2021-27220

PRTG Network Monitor before 21.1.66.1623 is affected by an information disclosure vulnerability: invoking the screenshot function with prepared context paths can cause verification of certain files on the web server filesystem. Root cause is excessive disclosure via the screenshot feature. Impact...

Design/Logic Flaw

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a ca...

CVE-2021-23001

CVE-2021-23001 affects BIG-IP Advanced WAF/ASM; an authenticated user can upload files via an undisclosed iControl REST endpoint, potentially exhausting disk space or enabling later attacks. Affected versions include 16.0.0–16.0.1, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x. Remediation: upgrade ...

CVE-2021-23001

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a ca...