Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write. A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribin...

UBUNTU-CVE-2021-20236

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as...

PT-2021-8015 · Zeromq +2 · Zeromq +2

Name of the Vulnerable Software and Affected Versions: ZeroMQ versions prior to 4.3.3 Description: A flaw in the ZeroMQ server allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. This poses a threat to...

PT-2021-23137 · Unknown +1 · Freeswitch +1

Name of the Vulnerable Software and Affected Versions: FreeSWITCH versions prior to v1.10.6 Description: The issue concerns the lack of authentication for SIP requests of the type SUBSCRIBE in FreeSWITCH. This allows attackers to subscribe to user agent event notifications without authentication,...

HPSBHF03718 rev. 3 - Intel® PROSet/Wireless WiFi and Killer™ Driver February 2021 Security Update

Potential Security Impact Information Disclosure, Denial of Service Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Intel has informed HP of a potential security vulnerability identified in some Intel® PROSet/Wireless WiFi and Killer™ drivers for Window...

Kubernetes: KOPS documentation references domains which were not registered

Summary: While researching the kubernetes documentation, I found that the KOPS project's Route53 configuration references dangling DNS servers. I was able to register 3 / 4 of these domain names. I was also able to verify that some companies have been using this configuration, making them...

Police Arrest 21 WeLeakInfo Customers Who Bought Breached Personal Data

21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo.com, a now-defunct online service that had been previously selling access to data hacked from other websites. The suspects used stolen personal credentials to commit further cyber...

Minecraft Apps on Google Play Fleece Players Out of Big Money

Fans of the popular Minecraft video game are in the crosshairs of cybercriminals, who have loaded up Google Play with scam apps bent on fleecing players out of cash. According to researchers, the mobile apps for Android fool users into spending hundreds of dollars per month, by offering skins,...

CVE-2020-13346

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API...

CVE-2020-13346

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API...

UBUNTU-CVE-2020-13346

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API...

CVE-2020-13346

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API...

CVE-2020-13346

CVE-2020-13346 affects GitLab versions prior to 13.2.10, 13.3.7, and 13.4.2, where membership changes are not reflected in ToDo subscriptions. This allows guest users to access confidential issues via the API. The provided documents confirm the affected versions and behavior but do not include a ...

CVE-2020-13346

Removed by vendor...

PT-2020-13487 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.2.10 GitLab versions prior to 13.3.7 GitLab versions prior to 13.4.2 Description: Membership changes are not reflected in ToDo subscriptions, allowing guest users to access confidential issues through the API...

CVE-2020-12643

OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address...

Design/Logic Flaw

OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address...

CVE-2020-12643

CVE-2020-12643 affects OX App Suite 7.10.3 and earlier. The flaw is an incorrect access control in the /api/subscriptions path that can disclose the email address contained in a snippet when requested from another user, due to an improper permission check. Impact is exposure of email addresses; n...

CVE-2020-3447

A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance ESA and Cisco AsyncOS for Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive...

WordPress WooCommerce Subscriptions Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WooCommerce Subscriptions is a subscription plugin used in it. A cross-site scripting vulnerability exists in WordPress...