154 matches found
CVE-2020-15343
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zyinstalluserkey API...
CVE-2021-46249
An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps...
Bachmann Electronic All M-Base Controllers 加密问题漏洞
Bachmann Electronic All M-Base Controllers is a controller system from Bachmann, Germany, used to control networks. A cryptographic issue vulnerability exists in Bachmann Electronic All M-Base Controllers that stems from not properly using the relevant cryptographic algorithms, resulting in...
Nextcloud: Improper integrity protection of server-side encryption keys
The public keys used for the server-side encryption are not integrity-protected. These can easily replaced by anyone who has access to the data-at-rest data even when the per-user-keys are enabled, as described in https://nextcloud.com/security/threat-model/. This holds true for all key types -...
CVE-2017-5460
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...
Mozilla: Use-after-free in frame selection (MFSA 2017-11, MFSA 2017-12)
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...
Mozilla: Use-after-free in frame selection (MFSA 2017-11, MFSA 2017-12)
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...
SUSE-SU-2016:0380-1 Security update for kernel live patch 3
This kernel live patch for Linux Kernel 3.12.38-44.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges bnc958601. - CVE-2015-6937: A NULL pointer dereference flaw was found in the...
Security update for the Linux Kernel (important)
The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable release, and also includes security and bugfixes. Following security bugs were fixed: - CVE-2016-0728: A reference leak in keyring handling with joinsessionkeyring could lead to local attackers gain root privileges. bsc96207...
The vulnerability in the web application for data synchronization with ownCloud allows a hacker to read data from arbitrary calendars.
The vulnerability in the web application for data synchronization with ownCloud relates to bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker, operating remotely, to read data from arbitrary calendars by manipulating the...
eLinks SQL Injection / XSS / LFI
===================================================================== eLinks Vulnerabilities blind sql inj / xss / LFI by Inj3ct0r.com ===================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ ...
Memory corruption
The arrayuserkeycompare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zvaldtor, which triggers memory corruption and allows local users to bypass safemode and execute arbitrary code via a certain unset operation after arrayuserkeycompare has been called...
PT-2006-2525 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.17 Description: The issue allows local users to cause a denial of service via keyctl requests that add a key to a user key instead of a keyring key, resulting in an invalid dereference in the keyring search...
Bing Bar v7 MU key does NOT exist
...