Devolutions Server 访问控制错误漏洞

Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server versions prior to 2021.1 and Devolutions Server LTS versions prior to 2020.3.18, which allows remote...

The vulnerability of the Apache SpamAssassin spam filtering software lies in the lack of measures to neutralize special elements. This allows attackers to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the Apache SpamAssassin spam filtering software lies in the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service interruptions...

The vulnerability of the Node.js software platform, related to the presence of localhost6 in the white list, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Node.js software platform is related to the presence of localhost6 in the white list. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the “userrights-expiry-current” and “userrights-expiry-none” messages in the MediaWiki software environment, related to a lack of mechanisms for encoding or shielding output data, allows attackers to gain access to confidential information.

The vulnerability of the “userrights-expiry-current” and “userrights-expiry-none” messages in the MediaWiki software, which is used to implement the hypertext environment, is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability could allow a...

The vulnerability of the IBM Security Verify Bridge software, which stems from the use of pre-installed credentials, allows a perpetrator to expose the protected information.

The vulnerability of the IBM Security Verify Bridge software relates to the use of pre-installed credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

The vulnerability relates to the implementation of WebRTC in Google Chrome, Firefox, Firefox-ESR web browsers, and Thunderbird email client. It involves buffer overflow attacks, allowing attackers to compromise data integrity.

The vulnerability in WebRTC implementations of Google Chrome, Firefox, Firefox-ESR, and the Thunderbird email client is related to buffer overflow attacks. Exploiting this vulnerability can allow an attacker to compromise data integrity remotely...

Vulnerability of the check_output function in output.c. SUID in a isolated programming environment. Firejail, due to the lack of measures to neutralize special elements, allows a violator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability in the checkoutput function in output.c. The SUID attribute in the isolated programming environment of Firejail indicates that there are no measures in place to neutralize this vulnerability. Exploiting this vulnerability could allow a remote attacker to access confidential data...

The vulnerability of the microprogramming software of the multifunctional Xerox AltaLink device, related to insufficient encryption strength, allows attackers to disclose protected information.

The vulnerability of the microprogramming software of the multifunctional Xerox AltaLink device is related to insufficient encryption strength. Exploiting this vulnerability could allow a malicious actor to disclose the protected information remotely...

CVE-2021-27275

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

Session fixation

Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management ADM through 5.0 allow remote attackers to read potentially sensitive data hosted by the application...

Invigo Automatic Device Management 安全漏洞

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A session validity check vulnerability exists in several management functions in...

DEBIAN-CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

UBUNTU-CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

The vulnerability of Google Chrome’s Content Security Policy component allows a perpetrator to compromise data integrity.

The vulnerability of Google Chrome’s Content Security Policy component is related to the lack of standard permission mechanisms. Exploiting this vulnerability could allow a malicious actor to compromise data integrity remotely...

The vulnerability of the SerialPort component in the Google Chrome browser allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the SerialPort component in Google Chrome browsers is related to insufficient checks on policies. Exploiting this vulnerability can allow a remote attacker to access sensitive data, compromise its integrity, and cause service interruptions...

The vulnerability of VNC implementations with extensions for optimizing operations under slow data transmission channels, such as Tightvnc, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of VNC implementations with extensions for optimizing operations under slow data transmission channels, such as Tightvnc, is related to the execution of operations within the allowable buffer size limits. Exploiting this vulnerability can allow a remote attacker to gain access t...

The vulnerability of VNC implementations with extensions for optimizing operations under slow data transmission channels, such as Tightvnc, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of VNC implementations with extensions for optimizing operations under slow data transmission channels, such as Tightvnc, is related to the execution of operations within the allowable buffer size limits. Exploiting this vulnerability can allow a remote attacker to gain access t...

DEBIAN-CVE-2021-21183

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

UBUNTU-CVE-2021-21164

Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Weseek GROWI 安全漏洞

GROWI is a team collaboration software. An access control error vulnerability exists in WESEEK GROWI 4.2.2 and earlier versions, which can be exploited by a remote, unauthenticated attacker to read a user's personal information and/or internal server information...