CVE-2020-13563

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template groupid parameter...

Cross site scripting

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 commit babec93f600ff1394f91ccd512bcad85832eb6ce. A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker ca...

CVE-2020-13569

A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 commit babec93f600ff1394f91ccd512bcad85832eb6ce. A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker ca...

PT-2021-9642 · Openemr · Openemr

Name of the Vulnerable Software and Affected Versions: OpenEMR versions 5.0.2 through 6.0.0 Description: A cross-site request forgery issue exists in the GACL functionality. This allows an attacker to send a specially crafted HTTP request, leading to the execution of arbitrary requests in the...

CVE-2020-8292

Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting XSS vulnerability via the drag & drop functionality in message boxes...

CVE-2020-35513

A flaw incorrect umask during file or directory modification in the Linux kernel NFS network file system functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with...

CVE-2020-35513

A flaw incorrect umask during file or directory modification in the Linux kernel NFS network file system functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with...

CVE-2020-35513

A flaw incorrect umask during file or directory modification in the Linux kernel NFS network file system functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with...

[SECURITY] Fedora 33 Update: wavpack-5.4.0-1.fc33

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...

OPENSUSE-SU-2021:0124-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues: - bsc1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows...

XINJE XDME-30T4-E ModbusTCP Protocol Denial of Service Vulnerability

XINJE XDME-30T4-E is a controller product of Ethernet type series. A denial of service vulnerability exists in the XINJE XDME-30T4-E ModbusTCP protocol, which can be exploited by an attacker to cause the device to go down and not function properly...

SUSE-SU-2021:0123-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6.1 changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and defaultlabel properties bmo1583478 fixed: Running a quicksearch that returned no result...

CVE-2020-13559

A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability...

Exploit for Code Injection in Microfocus Arcsight_Logger

CVE-2020-11851 Remote Code Execution vulnerability on ArcSig...

Akamai's Technical Enablement and Education Team, Part of the Global Services and Support Organization, Wins 2020 Chief Learning Officer Magazine Gold Award

On October 2020, the Akamai Technical Enablement and Education TE&E Team -- responsible for creating product-training certifications for employees Global Services and Support GSS, customers Akamai University, and channel partners Advanced Partner Enablement -- won its second industry award for...

Akamai's Technical Enablement and Education Team, Part of the Global Services and Support Organization, Wins 2020 Chief Learning Officer Magazine Gold Award

On October 2020, the Akamai Technical Enablement and Education TE&E Team -- responsible for creating product-training certifications for employees Global Services and Support GSS, customers Akamai University, and channel partners Advanced Partner Enablement -- won its second industry award for...

CVE-2020-8289

Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in bztransmit helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3902-1)

This update for MozillaFirefox fixes the following issues : Firefox Extended Support Release 78.6.0 ESR - Fixed: Various stability, functionality, and security fixes MFSA 2020-55 bsc1180039 - CVE-2020-16042 bmo1679003 Operations on a BigInt could have caused uninitialized memory to be exposed -...

CVE-2020-35609

A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability...