CVE-2021-43820

The CVE-2021-43820 entries describe a permissions-check bypass in Seafile: the in-memory sync token cache does not verify library association in the request URL, allowing a token to access data from any known library if the attacker discovers a library ID. Affected product: Seafile (Seaf-server t...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +5475 more potentially affected by CVE-2020-26259 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.14)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =Finchley.SR4, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =0.3.3, =0.4.0, =0.4.2 and more Source cves: CVE-2020-26259 Source advisory: OSV:GHSA-JFVX-7WRX-43FH...

Atlassian Fisheye and Crucible Information Disclosure Vulnerability (CNVD-2018-05564)

Atlassian FishEye and Crucible are both products of the Australian company Atlassian, FishEye is a suite of software for deep viewing of source code repositories and Crucible is a suite of code review tools. A security vulnerability exists in the /rest/review-coverage-chart/1.0/data/.json resourc...