CVE-2022-21695

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users or unauthenticated in public mode can send messages without being visible in the list of chat participants. Th...

CVE-2022-21695 Improper Access Control in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users or unauthenticated in public mode can send messages without being visible in the list of chat participants. Th...

Cross site scripting

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been...

X (Formerly Twitter): Link-shortener bypass (regression on fix for #1032610)

Report 1032610, entitled Chained open redirects and use of Ideographic Full Stop defeat Twitter's approach to blocking links was closed as Resolved about six months ago. However, a regression on the fix for the vulnerability in question seems to have occurred, and the bug is reproducible with the...

8x8: Remote Code Execution on ██.8x8.com via .NET VSTATE Deserialization

@0daystolive reported to us a flaw in a 3rd party community platform, which could be exploited to achieve RCE. We swiftly relayed this to the vendor and their engineering team turned off the affected code, which resolved the issue. For more details about this vulnerability read:...

OPENSUSE-SU-2021:3615-1 Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues: Update to OpenJDK 8u312 build 07 with OpenJ9 0.29.0 virtual machine including Oracle July 2021 and October 2021 CPU changes - CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder on Windows bsc1185056. ...

CVE-2021-32664 Reflected XSS in Combodo/iTop

Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5...

CVE-2021-41121 Memory corruption in Vyper

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0...

Out-of-bounds

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0...

CVE-2021-41116 Command injection in composer on Windows

Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in...

CVE-2021-35491

A Cross-Site Request Forgery CSRF vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolv...

CVE-2021-36218

An issue was discovered in SKALE sgxwallet 1.58.3. sgxdispippsAESGCMEncrypt allows an out-of-bounds write, resulting in a segfault and compromised enclave. This issue describes a buffer overflow, which was resolved prior to v1.77.0 and not reproducible in latest sgxwallet v1.77.0...

Security Bulletin: Cache control vulnerability affects IBM Edge (CVE-2020-4805).

Summary IBM Edge is affected by a cache control vulnerability. IBM Edge has resolved this vulnerability. Vulnerability Details CVEID: CVE-2020-4805 DESCRIPTION: IBM Edge allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4 CVSS Temporal Score:...

Log Analysis Security Bulletin List

Question Is there a list of security bulletins that describe resolved vulnerabilities affecting Log Analysis? Answer Log Analysis is made up of several components. The following table contains security bulletins that address the vulnerability of various components in Log Analysis, listed by...

CVE-2021-32796 Misinterpretation of malicious XML input in xmldom

xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...

CVE-2020-22876

Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service. This issue is resolved in the 2020-07-05 release...

Security Bulletin: IBM MQ Appliance affected by a cross-site request forgery vulnerability (CVE-2020-4938)

Summary IBM MQ Appliance has resolved a cross-site request forgery vulnerability. Vulnerability Details CVEID: CVE-2020-4938 DESCRIPTION: IBM MQ Appliance is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a use...

CVE-2021-32510

QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...

CVE-2021-32721 URL Redirection to Untrusted Site ('Open Redirect') in github.com/AndrewBurian/powermux

PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an...

DEBIAN-CVE-2021-34548

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAYEND or RELAYRESOLVED to bypass the intended access control for ending a stream...